Merge pull request #19 from stackhpc/2024.10.0-sync

2024.10.0 sync

Author: MoteHue

.github-deploy-prod.yml.sample

@@ -1,15 +1,15 @@
 # This example workflow can be used to perform manually-triggered Azimuth deployments targeting production environments.
 # The workflow requires a GitHub environment (https://docs.github.com/en/actions/using-jobs/using-environments-for-jobs) to
-# be created in the site-specific config repo with a name which exactly matches the azimuth-config environment to be used 
-# for production deployments. For security, this GitHub environment should also have a deployment protection rule which 
-# restricts the environment workflows to only run on the main/default branch. This ensures that production deployments 
+# be created in the site-specific config repo with a name which exactly matches the azimuth-config environment to be used
+# for production deployments. For security, this GitHub environment should also have a deployment protection rule which
+# restricts the environment workflows to only run on the main/default branch. This ensures that production deployments
 # cannot be executed from arbitrary branches which could contain incorrect or unreviewed configuration.
 #
-# A manually-triggered workflow is used here since GitHub does not allow deployment approval rules for environments in 
+# A manually-triggered workflow is used here since GitHub does not allow deployment approval rules for environments in
 # private GitHub repos without a GitHub Enterprise subscription. If the site-specific config repo is public, or if an enterprise
-# subscription is available, then triggering the workflow on push to main with additional approval rules in the environment is 
+# subscription is available, then triggering the workflow on push to main with additional approval rules in the environment is
 # the recommended approach.
-# 
+#
 # The site-specific config repo must also define a repository secret named GIT_CRYPT_KEY_B64 which contains the base64 encoded
 # git-crypt key which was used to encrypt the repository's secrets. This can be obtained by running `git-crypt export-key - | base64`
 # from within an unlocked checkout of the repository. For information on defining GitHub repo secrets, see:
@@ -18,7 +18,7 @@
 name: Azimuth deployment
 on:
   workflow_dispatch:
-    inputs: 
+    inputs:
       environment:
         description: "The Azimuth config environment to deploy"
         type: environment
@@ -40,6 +40,8 @@ jobs:
 
       - name: Deploy Azimuth
         shell: bash
+        env:
+          ANSIBLE_FORCE_COLOR: True
         # Here we just decrypt the repo checkout then follow the steps from the Azimuth deployment docs.
         # The GitHub repo should have an environment configured with a name which matches the Azimuth config environment.
         # This GitHub environment should also have a branch protection rule which only allows deployments on chosen production branch (e.g. main).

.github-deploy-staging.yml.sample

@@ -1,7 +1,7 @@
 # This example workflow can be adapted to perform automated Azimuth deployments targeting staging or test environments.
 # The `azimuth-config-env-name` variable in the `env` section below should be set to name of the Azimuth config environment
 # to be deployed.
-# 
+#
 # The site-specific config repo must also define a repository secret named GIT_CRYPT_KEY_B64 which contains the base64 encoded
 # git-crypt key which was used to encrypt the repository's secrets. This can be obtained by running `git-crypt export-key - | base64`
 # from within an unlocked checkout of the repository. For information on defining GitHub repo secrets, see:
@@ -30,6 +30,8 @@ jobs:
 
       - name: Deploy Azimuth
         shell: bash
+        env:
+          ANSIBLE_FORCE_COLOR: True
         # Here we just decrypt the repo checkout then follow the steps from the Azimuth deployment docs.
         run: |
           set -e

.github/workflows/test-upgrade.yml

@@ -45,6 +45,30 @@ jobs:
           target-cloud: ${{ inputs.target-cloud || vars.TARGET_CLOUD }}
           install-mode: ha
           environment-prefix: ci-upgrade
+          # For Kubernetes, generate a single named test that can be referenced after the upgrade
+          extra-vars: |
+            upgrade_test_kubernetes_latest_available_version: >-
+              {{-
+                generate_tests_installed_kubernetes_templates |
+                  map(attribute = 'spec.values.kubernetesVersion') |
+                  community.general.version_sort(reverse = True) |
+                  first
+              }}
+            upgrade_test_kubernetes_latest_template_name: >-
+              {{-
+                generate_tests_installed_kubernetes_templates |
+                  selectattr('spec.values.kubernetesVersion', 'eq', upgrade_test_kubernetes_latest_available_version) |
+                  map(attribute = 'metadata.name') |
+                  first
+              }}
+            generate_tests_kubernetes_test_cases:
+              - name: latest
+                kubernetes_template: "{{ upgrade_test_kubernetes_latest_template_name }}"
+                control_plane_size: "{{ generate_tests_kubernetes_test_case_control_plane_size }}"
+                worker_size: "{{ generate_tests_kubernetes_test_case_worker_size }}"
+                worker_count: "{{ generate_tests_kubernetes_test_case_worker_count }}"
+                dashboard_enabled: "{{ generate_tests_kubernetes_test_case_dashboard_enabled }}"
+                monitoring_enabled: "{{ generate_tests_kubernetes_test_case_monitoring_enabled }}"
         # GitHub terminates jobs after 6 hours
         # We don't want jobs to acquire the lock then get timed out before they can finish
         # So wait a maximum of 3 hours to acquire the lock, leaving 3 hours for other tasks in the job

Tiltfile

@@ -65,6 +65,9 @@ settings = deep_merge(
             "azimuth-schedule-operator": {
                 "release_namespace": "azimuth",
             },
+            "coral-credits": {
+                "release_namespace": "coral-credits",
+            },
             "cluster-api-addon-provider": {
                 "release_namespace": "capi-addon-system",
             },

docs/configuration/04-target-cloud.md

@@ -110,6 +110,12 @@ to discover the networks it should use, and the tags it looks for are `portal-in
 `portal-external` for the internal and external networks respectively. These tags must be applied
 by the cloud operator.
 
+!!! tip
+
+    It is strongly recommended that you set the `portal-external` tag on an appropriate external network,
+    even if you only have one external network, to avoid issues if new external networks are added to the
+    cloud at a later date.
+
 If it cannot find a tagged internal network, the default behaviour is for Azimuth to create an
 internal network to use (and the corresponding router to attach it to the external network).
 

docs/repository/opentofu.md

@@ -182,15 +182,15 @@ terraform_s3_skip_credentials_validation: "true"
 
 # Tell OpenTofu to use path-style URLs, e.g. <host>/<bucket>, instead of
 # subdomain-style URLs, e.g. <bucket>.<host>
-terraform_s3_force_path_style: "true"
+terraform_s3_use_path_style: "true"
 
 terraform_backend_config:
   endpoint: "{{ terraform_s3_endpoint }}"
   region: "{{ terraform_s3_region }}"
   bucket: "{{ terraform_s3_bucket }}"
   key: "{{ terraform_s3_key }}"
   skip_credentials_validation: "{{ terraform_s3_skip_credentials_validation }}"
-  force_path_style: "{{ terraform_s3_force_path_style }}"
+  use_path_style: "{{ terraform_s3_use_path_style }}"
   skip_region_validation: "{{ terraform_s3_skip_region_validation }}"  
 ```
 

environments/base/inventory/group_vars/all.yml

@@ -59,6 +59,9 @@ cloud_metrics_enabled: no
 # Indicates whether to enable Velero for backup and restore
 velero_enabled: no
 
+# Indicates whether to install coral credits
+coral_credits_enabled: no
+
 # Azimuth features to enable
 azimuth_apps_enabled: yes
 azimuth_kubernetes_enabled: yes

environments/demo/inventory/group_vars/all/variables.yml

@@ -60,5 +60,6 @@ admin_dashboard_ingress_basic_auth_password: admin
 harbor_admin_password: admin
 harbor_secret_key: abcdefghijklmnop
 keycloak_admin_password: admin
+coral_credits_admin_password: admin
 zenith_registrar_subdomain_token_signing_key: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AA
 azimuth_secret_key: 9876543210ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcda00

environments/tav1/tls/tls.crt

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIHsjCCBZqgAwIBAgIQeZJJd4JCdlO0DyojmzyoJzANBgkqhkiG9w0BAQwFADBE
+MIIHrzCCBZegAwIBAgIQPIXhpUsS3ssUZlV4azue9jANBgkqhkiG9w0BAQwFADBE
 MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE
-AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjQwMzEzMDAwMDAwWhcNMjUwMzEzMjM1
+AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjQxMjE2MDAwMDAwWhcNMjYwMTE2MjM1
 OTU5WjCBjTELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTE/MD0GA1UE
 ChM2VGhlIEV1cm9wZWFuIENlbnRyZSBmb3IgTWVkaXVtLVJhbmdlIFdlYXRoZXIg
 Rm9yZWNhc3RzMSkwJwYDVQQDDCAqLmF6aW11dGguY29tcHV0ZS50YXYxLmVjbXdm
@@ -11,7 +11,7 @@ qqmNl5I3JEyrzd+/q5SG+UuHjB73L+LpSF5iN2/1sA9FDKcrGAJi5EHN5kWa4/56
 hFui7+HfMLFZBmCcrxgsUkc1XxmHsiQFXuHJyaavDSzNiNd/sP7UHumX6MdJomeZ
 n+7qQsZ6f5yqvOTyjB7rCToKB993sRUUTUlYKoko3JQ5lDRwGrZXtSTpxbSnytI2
 ymG9yn8AG9Z/tmclUTuDLYR2S8iCj9uGOiUwLg7RrZNc78hRqKnswYkYp2uZ6ldD
-5aZnSOUCAwEAAaOCA1QwggNQMB8GA1UdIwQYMBaAFG8dNUkQbDL6WaCevIroH5W+
+5aZnSOUCAwEAAaOCA1EwggNNMB8GA1UdIwQYMBaAFG8dNUkQbDL6WaCevIroH5W+
 cXoMMB0GA1UdDgQWBBR4FiQAnmLQVPI5NZMJfOGj3R3ebjAOBgNVHQ8BAf8EBAMC
 BaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
 SQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICTzAlMCMGCCsGAQUFBwIBFhdodHRwczov
@@ -21,26 +21,26 @@ BgEFBQcBAQRpMGcwOgYIKwYBBQUHMAKGLmh0dHA6Ly9HRUFOVC5jcnQuc2VjdGln
 by5jb20vR0VBTlRPVlJTQUNBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFO
 VC5vY3NwLnNlY3RpZ28uY29tMEsGA1UdEQREMEKCICouYXppbXV0aC5jb21wdXRl
 LnRhdjEuZWNtd2YuaW50gh5hemltdXRoLmNvbXB1dGUudGF2MS5lY213Zi5pbnQw
-ggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AM8RVu7VLnyv84db2Wkum+kacWdK
-sBfsrAHSW3fOzDsIAAABjjjt+QgAAAQDAEgwRgIhAITSrgeEhSC2ChfY96FNqfze
-xDIMoFWBb6ef4+Mm2xwOAiEA9ryut7tJYlcZa0wpilJp9qTkBQ99rPnYnOI8LvDD
-ysgAdgCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAY447fjfAAAE
-AwBHMEUCIELllTn86PO5udSUspgpLwIZEnwnJzZDkrxgbP8oHNtZAiEA8f15LcKx
-nhj+7b51ChCiGy1mqGt9hMt4Ml3s3ByIP3kAdgBOdaMnXJoQwzhbbNTfP1LrHfDg
-jhuNacCx+mSxYpo53wAAAY447fjcAAAEAwBHMEUCIQCuuO31LQ4N7fOnc67S7GlD
-NRvWeEoEga052QZIMY/DJAIgfXKPQ26Tp+m/R1xIH6BiDQnM2XpM/lqs+kgsj+DS
-BxMwDQYJKoZIhvcNAQEMBQADggIBAAAqRIwda1t/vmpGzLmbyZfPfliwAtPNrYIe
-Rs/BI+ElqsgAyzR9JUVMqRSPaFoJm3SlWS0Bl7gdkVmmDRmbKlRs7ViK7zkTZG7l
-FnKQauZlwFJCbhErzh8YQzpFR2fwCW+uBHO57O0zFDbrBaOd1kLTY/LCjkExiNlU
-fEdeLclHE0rNFCE92yvnMLO80rDOcWoxSXQyfnt8RO9SdmwzRpoNJe+dIEh3DgUo
-mbCc8SiRPHA2lB0/q1JJL0/J7/9qFwsUp7ubYQbFG4I8l1sswawlYrMogFvkSrBB
-jgpOfvjE8e0tNGYbISAXEr5caDwEMMTgW03FfWGGPZRjaCRw7P+i3lMSUJENdFjP
-FQYw84tzAIReHgFDviyLibQRkilrQGP/Wj0sbrOKU2+w+bJvW4TMy6AG05fG2XKD
-dUhgZkio1y7IUCrT/U00TCK8VAk1Vv+pbA8F1ukuTVIARm/yqLBVc2fpSX5TbIaX
-xJM2i7lc++HoShizCbSSr4F5sMkV9Aja+SSrppM3ksZXym2dXefqAMwaoCLFN2ou
-Sm6YZAN+N2xBOtcE1YpX6Rr+/kiiAPgwVsilGIrjQes78751xuCprwDDN0LsKvWN
-zCz1mNt1Mku6aHMI/D6CpA2n9sHPp2oXv1GWA4vFlTYFK65Iw8d5F7YpDRbaB6Zx
-60LDgq51
+ggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB2AJaXZL9VWJet90OHaDcIQnfp8DrV
+9qTzNm5GpD8PyqnGAAABk9B/21EAAAQDAEcwRQIgfaloiOJAN1+uWypf+E5k2lyV
+RdGdXfhRFkBpzMRCMpwCIQDuGQxFa51XH93UO3pK+VtoqgZdwnA8rey997IwuWWf
+pgB1ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfUAAABk9B/2uIAAAQD
+AEYwRAIgXTTXBnOeEtAVexug1EiGjsJY1DMa2FRoxtfm/vUYOfwCIFM3y5PHl65W
+MuUEzwh/Wa+O69dTzehHfWOzIm+SrQa3AHUAyzj3FYl8hKFEX1vB3fvJbvKaWc1H
+CmkFhbDLFMMUWOcAAAGT0H/bJgAABAMARjBEAiAqV/ynoLTRJ1fbJK+BiV+yrd3L
+8LJ9kXycxvd5jMx/egIgJyTDr5h+5IQ3qZYpGfPbMavEVYx0hhgM+igc4muvCP8w
+DQYJKoZIhvcNAQEMBQADggIBAFCLLiB0/3+m4Ztons2p5knAwiC15lZWA8yzy0J5
+zyWmfq54KKBy5WSbIsewNrs7ZC06bPaH9EgEq32yAg6qE5bxDzdlFu4G+ydAJmMI
+CJcU+I8wuwkr6yU+XHMnTkrMrjvw4Wv/7EC9YhT7k6zMVcuci8Tju9Z/bASfyhcR
+6RJ4fAccvRc+tDpYEfP6BEFPEqfQ3Nvf9gzODz75B+ksZea3RxkrWHNzDMwjppQ+
+zPUr5zvhDklLOWexQmV4xw0k316D6+gwPZh+fwc0UIsq+u5eUEsXNyPwyAfXORkz
+y2pThdDmV5bkIODfabauwu0rJ/eT0oc9vTh0EYwc2DhpabFhP/BgIxt0qUnb2/T5
+grjVQjrKCH5POSf2NcPSyTqeRzamnztA7ePU0accV/76u+TVNP3FeC4eNNQT7OUU
+QkLaNdpXpVKOE+ZlxHb2ngn/ugQXUkGuNFFK5Ft7pUVpj/bZTJGKPGPBtX5N5aNv
+iSPVcTfZ2ZePaa/3X9X+9q0QVhJ2gTlsVixJTp66cjQDc9gaQ5Cz4a2s9dJkNDcU
+dGz6jN8os+BxFKbrr6MnaL0FViPm8STkPPQV/DILJT2ryiRm6MeEnKjF/1SSnX60
+T2s1GzoFu1bOq0xC2BjRc0iOf+GUTcTV/zHHP1pBvTY2TuY0iVri9l3koob8J8JZ
+D5Uj
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIG5TCCBM2gAwIBAgIRANpDvROb0li7TdYcrMTz2+AwDQYJKoZIhvcNAQEMBQAw

requirements.yml

@@ -3,7 +3,7 @@
 collections:
   - name: https://github.com/azimuth-cloud/ansible-collection-azimuth-ops.git
     type: git
-    version: 0.11.3
+    version: 0.12.0
   # For local development
   # - type: dir
   #   source: ../ansible-collection-azimuth-ops