From eb0ca165ccb7a60f7f90fe8285a2f74ef7afab58 Mon Sep 17 00:00:00 2001 From: tomklapiscak <7372253+tomklapiscak@users.noreply.github.com> Date: Thu, 15 May 2025 11:30:51 +0100 Subject: [PATCH 1/2] [patch] Do not attempt to create RBAC in Manage ns if Manage is not installed https://jsw.ibm.com/browse/MASCORE-6481 --- .../templates/001-ibm-create-initial-users.yaml | 11 ++++++++--- .../templates/600-ibm-post-sync-jobs.yaml | 5 +++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml b/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml index aed8f8e4b..3c0ba4a9b 100644 --- a/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml +++ b/instance-applications/600-ibm-post-sync-jobs/templates/001-ibm-create-initial-users.yaml @@ -53,8 +53,7 @@ $_job_cleanup_group can usually just be based on $_job_name_prefix. There are so where multiple Jobs are created in our templates using a Helm loop. In those cases, additional descriminators must be added to $_job_cleanup_group. -By convention, we sha1sum this value to guarantee we never exceed the 63 char limit regardless of which discriminatorstest python-devops bui -are required here. +By convention, we sha1sum this value to guarantee we never exceed the 63 char limit regardless of which discriminators are required here. */}} {{- $_job_cleanup_group := cat $_job_name_prefix | sha1sum }} @@ -184,6 +183,12 @@ roleRef: apiGroup: rbac.authorization.k8s.io +{{- /* +mas-devops-create-initial-users-for-saas script run by the Job requires access to the xxx-internal-manage-tls +secret in the manage namespace so it can create an API Key for the MAXADMIN user +Since these roles must be created in the manage namespace, we only attempt to create them if Manage is actually installed. +*/}} +{{- if .Values.manage_is_installed }} --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 @@ -224,7 +229,7 @@ roleRef: kind: Role name: {{ $role_manage_name }} apiGroup: rbac.authorization.k8s.io - +{{- end }} --- apiVersion: batch/v1 diff --git a/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml b/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml index 9a95214b7..e38d820eb 100644 --- a/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml +++ b/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml @@ -60,6 +60,11 @@ spec: mas_is_active: {{ $mas_is_active }} + + {{- if not (empty .Values.ibm_suite_app_manage_install) }} + manage_is_installed: true + {{- endif }} + {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} {{- end }} From 841ffe236ee881cf4cd68fc018fd803f696cadb5 Mon Sep 17 00:00:00 2001 From: tomklapiscak <7372253+tomklapiscak@users.noreply.github.com> Date: Thu, 15 May 2025 12:39:07 +0100 Subject: [PATCH 2/2] tweak --- .../templates/600-ibm-post-sync-jobs.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml b/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml index e38d820eb..8eb11f9d3 100644 --- a/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml +++ b/root-applications/ibm-mas-instance-root/templates/600-ibm-post-sync-jobs.yaml @@ -59,11 +59,7 @@ spec: {{- end }} mas_is_active: {{ $mas_is_active }} - - - {{- if not (empty .Values.ibm_suite_app_manage_install) }} - manage_is_installed: true - {{- endif }} + manage_is_installed: {{ not (empty .Values.ibm_suite_app_manage_install) }} {{- if .Values.custom_labels }} custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }}