From 8af7853fc93dce8f5f6068586c2f28237a11abb4 Mon Sep 17 00:00:00 2001 From: rodrodsilo Date: Wed, 8 Apr 2026 15:33:58 +0300 Subject: [PATCH 1/4] Initial test --- root/values_openshift.yaml | 201 +++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 root/values_openshift.yaml diff --git a/root/values_openshift.yaml b/root/values_openshift.yaml new file mode 100644 index 00000000..13fd4389 --- /dev/null +++ b/root/values_openshift.yaml @@ -0,0 +1,201 @@ +enabledApps: + - aim-cluster-model-source + - airm + # - amd-gpu-operator + # - amd-gpu-operator-config + - appwrapper + # - argocd + # - argocd-config + - cert-manager + - cluster-auth + - cluster-auth-config + - cnpg-operator + - external-secrets + - external-secrets-config + # - gitea + # - gitea-config + - kaiwo + - kaiwo-config + - kaiwo-crds + - keda + - kedify-otel + - keycloak + - kserve + - kserve-crds + - kueue + - kueue-config + - kuberay-operator + - kyverno + - kyverno-policies-base + - kyverno-policies-storage-local-path + # - minio-operator + # - minio-tenant + # - minio-tenant-config + - openbao + - openbao-config + - opentelemetry-operator + - otel-lgtm-stack + - prometheus-crds + - rabbitmq + +apps: + + gitea: + helmParameters: + - name: persistence.storageClass + value: direct + + # Modular Kyverno policy applications (only the storage-local-path addition) + kyverno-policies-storage-local-path: + namespace: kyverno + path: kyverno-policies/storage-local-path + syncWave: -20 + ignoreDifferences: + - group: kyverno.io + kind: ClusterPolicy + jsonPointers: + - /spec/rules/*/skipBackgroundRequests + - /spec/rules/*/validate/allowExistingViolations + argocd: + valuesObject: + applicationSet: + replicas: 1 + controller: + replicas: 1 + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "500m" + memory: "1Gi" + redis-ha: + enabled: false + redis: + resources: + limits: + cpu: "500m" + memory: "1Gi" + requests: + cpu: "250m" + memory: "512Mi" + repoServer: + replicas: 1 + resources: + limits: + cpu: "500m" + memory: "1Gi" + requests: + cpu: "250m" + memory: "512Mi" + server: + replicas: 1 + resources: + limits: + cpu: "500m" + memory: "1Gi" + requests: + cpu: "125m" + memory: "256Mi" + grafana: + valuesObject: + persistence: + accessModes: + - ReadWriteOnce + enabled: true + size: 5Gi + storageClassName: direct + replicas: 1 + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "250m" + memory: "512Mi" + keycloak: + valuesObject: + # Increase memory resources for Keycloak to prevent OOMKilled during initialization + # Medium preset provides 1536Mi memory limit vs small preset's 768Mi + resourcesPreset: "medium" + minio-tenant: + valuesObject: + tenant: + buckets: + - name: default-bucket + objectLock: true + - name: models + objectLock: true + - name: datasets + objectLock: false + pools: + - name: pool-0 + servers: 1 + size: 2Ti + storageClassName: direct + volumesPerServer: 2 + resources: + limits: + cpu: "4000m" + memory: "8Gi" + requests: + cpu: "1000m" + memory: "2Gi" + openbao: + valuesObject: + server: + dataStorage: + size: 5Gi + storageClass: direct + ha: + enabled: false + raft: + enabled: false + replicas: 1 + resources: + limits: + cpu: "1000m" + memory: "2Gi" + requests: + cpu: "250m" + memory: "512Mi" + opentelemetry-operator: + valuesObject: + manager: + resources: + requests: + cpu: "250m" + memory: "512Mi" + otel-lgtm-stack: + valuesObject: + collectors: + resources: + metrics: + cpu: '1' + limits: + memory: 4Gi + services: + nodeExporter: + metrics: 9101 + prometheus: + valuesObject: + prometheus: + prometheusSpec: + resources: + limits: + cpu: "2000m" + memory: "4Gi" + requests: + cpu: "500m" + memory: "1Gi" + retention: 15d + retentionSize: 20GB + storageSpec: + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 25Gi + storageClassName: direct \ No newline at end of file From 3d2a44a91d76f86b6968f7bdc06620b4ad44dcd8 Mon Sep 17 00:00:00 2001 From: rodrodsilo Date: Fri, 10 Apr 2026 12:00:14 +0300 Subject: [PATCH 2/4] Adding Openshift mode --- scripts/bootstrap.sh | 57 ++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 21 deletions(-) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 860a0ac3..e1fa4191 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -41,6 +41,8 @@ log_info() { fi } + + # Generate a secure random password generate_password() { openssl rand -hex 16 @@ -62,6 +64,22 @@ generate_enabled_apps_yaml() { done < <(yq eval '.enabledApps[]' "$values_file" 2>/dev/null || true) } +# Returns 0 if the app matches any pattern in DISABLED_APPS (supports * and ? glob wildcards) +is_disabled_app() { + local app="$1" + [ -z "$DISABLED_APPS" ] && return 1 + + local IFS=',' + local pattern + for pattern in $DISABLED_APPS; do + # shellcheck disable=SC2254 + case "$app" in + $pattern) return 0 ;; + esac + done + return 1 +} + # Check for required dependencies check_dependencies() { local silent="${1:-false}" @@ -209,6 +227,18 @@ parse_args() { CLUSTER_SIZE="${1#*=}" shift ;; + --CLUSTER_SIZE) + if [ -z "$2" ]; then + echo "ERROR: --CLUSTER_SIZE requires an argument" + exit 1 + fi + CLUSTER_SIZE="$2" + shift 2 + ;; + --CLUSTER_SIZE=*) + CLUSTER_SIZE="${1#*=}" + shift + ;; --TARGET-REVISION|--target-revision|-r) if [ -z "$2" ]; then echo "WARNING: defaulting to --target-revision=$LATEST_RELEASE (no value specified)" @@ -296,7 +326,7 @@ parse_args() { --disabled-apps=app1[,app2,glob*] Exclude specified apps from installation. Supports * and ? wildcards. Example: --disabled-apps=airm,airm-infra-* skips airm, airm-infra-cnpg, airm-infra-external-secrets, etc. - --cluster-size=[size], -s [size] can be one of small|medium|large, default: medium + --cluster-size=[size], -s [size] can be one of small|medium|large|openshift, default: medium --help, -h Show this help message and exit --skip-deps Skip dependency checking (not recommended) --target-revision, -r Git revision for ArgoCD to sync from, [tag|commit_hash|branch_name], default: $LATEST_RELEASE @@ -306,7 +336,7 @@ parse_args() { Examples: $0 compute.amd.com values_custom.yaml --cluster-size=large $0 112.100.97.17.nip.io - $0 dev.example.com --cluster-size=small --target-revision=v1.8.0 + $0 dev.example.com --cluster-size=small --target-revision=v2.0.2 $0 dev.example.com -s=small -r=feature-branch $0 example.com --apps=openbao $0 example.com --apps=keycloak -t @@ -314,6 +344,7 @@ parse_args() { $0 example.com --apps=airm,keycloak --disabled-apps=airm $0 example.com --aiwb-only $0 example.com --aiwb-only --disabled-apps=extra-app + $0 example.com --cluster-size=openshift Bootstrap Behavior: • deploys ArgoCD + OpenBao + Gitea directly (essential infrastructure) @@ -351,18 +382,18 @@ validate_args() { # Validate required arguments if [ -z "$DOMAIN" ]; then echo "ERROR: Domain argument is required" - echo "Usage: $0 [values_file] [--CLUSTER_SIZE=small|medium|large]" + echo "Usage: $0 [values_file] [--CLUSTER_SIZE=small|medium|large|openshift]" echo "Use --help for more details" exit 1 fi # Validate cluster size case "$CLUSTER_SIZE" in - small|medium|large) + small|medium|large|openshift) ;; *) echo "ERROR: Invalid cluster size '$CLUSTER_SIZE'" - echo "Valid sizes: small, medium, large" + echo "Valid sizes: small, medium, large, openshift" exit 1 ;; esac @@ -413,22 +444,6 @@ should_run() { echo ",${APPS}," | grep -q ",${app}," } -# Returns 0 if the app matches any pattern in DISABLED_APPS (supports * and ? glob wildcards) -is_disabled_app() { - local app="$1" - [ -z "$DISABLED_APPS" ] && return 1 - - local IFS=',' - local pattern - for pattern in $DISABLED_APPS; do - # shellcheck disable=SC2254 - case "$app" in - $pattern) return 0 ;; - esac - done - return 1 -} - # Helper function to either apply directly or output YAML for templating apply_or_template() { From 1936a9b01cbc8b9c7980373341e33c54d4828797 Mon Sep 17 00:00:00 2001 From: rodrodsilo Date: Fri, 10 Apr 2026 12:08:58 +0300 Subject: [PATCH 3/4] Minor change --- scripts/bootstrap.sh | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index e1fa4191..bca47611 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -64,22 +64,6 @@ generate_enabled_apps_yaml() { done < <(yq eval '.enabledApps[]' "$values_file" 2>/dev/null || true) } -# Returns 0 if the app matches any pattern in DISABLED_APPS (supports * and ? glob wildcards) -is_disabled_app() { - local app="$1" - [ -z "$DISABLED_APPS" ] && return 1 - - local IFS=',' - local pattern - for pattern in $DISABLED_APPS; do - # shellcheck disable=SC2254 - case "$app" in - $pattern) return 0 ;; - esac - done - return 1 -} - # Check for required dependencies check_dependencies() { local silent="${1:-false}" @@ -444,6 +428,21 @@ should_run() { echo ",${APPS}," | grep -q ",${app}," } +# Returns 0 if the app matches any pattern in DISABLED_APPS (supports * and ? glob wildcards) +is_disabled_app() { + local app="$1" + [ -z "$DISABLED_APPS" ] && return 1 + + local IFS=',' + local pattern + for pattern in $DISABLED_APPS; do + # shellcheck disable=SC2254 + case "$app" in + $pattern) return 0 ;; + esac + done + return 1 +} # Helper function to either apply directly or output YAML for templating apply_or_template() { From 7318f63a072e7a49aafdb9ed32677940d100c13c Mon Sep 17 00:00:00 2001 From: rodrodsilo Date: Fri, 10 Apr 2026 14:58:40 +0300 Subject: [PATCH 4/4] Disabling apps for Openshift --- root/values_openshift.yaml | 20 +++++++++++--------- scripts/bootstrap.sh | 3 +-- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/root/values_openshift.yaml b/root/values_openshift.yaml index 13fd4389..2d942b04 100644 --- a/root/values_openshift.yaml +++ b/root/values_openshift.yaml @@ -1,19 +1,24 @@ +disabledApps: + - amd-gpu-operator + - minio-operator + - minio-tenant + - minio-tenant-config + enabledApps: + - gitea + - gitea-config + - argocd + - argocd-config + - amd-gpu-operator-config - aim-cluster-model-source - airm - # - amd-gpu-operator - # - amd-gpu-operator-config - appwrapper - # - argocd - # - argocd-config - cert-manager - cluster-auth - cluster-auth-config - cnpg-operator - external-secrets - external-secrets-config - # - gitea - # - gitea-config - kaiwo - kaiwo-config - kaiwo-crds @@ -28,9 +33,6 @@ enabledApps: - kyverno - kyverno-policies-base - kyverno-policies-storage-local-path - # - minio-operator - # - minio-tenant - # - minio-tenant-config - openbao - openbao-config - opentelemetry-operator diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index bca47611..cff4aedc 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -41,8 +41,6 @@ log_info() { fi } - - # Generate a secure random password generate_password() { openssl rand -hex 16 @@ -444,6 +442,7 @@ is_disabled_app() { return 1 } + # Helper function to either apply directly or output YAML for templating apply_or_template() { if [ "$TEMPLATE_ONLY" = true ]; then