From 7fcd731754e4515cb60f17aec04fe6bc16580ce0 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 15 Apr 2026 13:29:23 +0300 Subject: [PATCH 01/23] updating values_small from medium, removing gitea, keeping local-path --- root/values_small.yaml | 68 ++++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 32 deletions(-) diff --git a/root/values_small.yaml b/root/values_small.yaml index 282e517f..21f9b37c 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -1,3 +1,5 @@ +# Medium & Small clusters add local-path storage policy for RWX→RWO conversion + enabledApps: - aim-cluster-model-source - aim-engine @@ -21,8 +23,6 @@ enabledApps: - external-secrets - external-secrets-config - gateway-api - - gitea - - gitea-config - kaiwo - kaiwo-config - kaiwo-crds @@ -53,6 +53,20 @@ enabledApps: - rabbitmq apps: + # Modular Kyverno policy applications (only the storage-local-path addition) + kyverno-policies-storage-local-path: + namespace: kyverno + path: kyverno-policies/storage-local-path + syncWave: -20 + ignoreDifferences: + - group: kyverno.io + kind: ClusterPolicy + jsonPointers: + - /spec/rules/*/skipBackgroundRequests + - /spec/rules/*/validate/allowExistingViolations + aiwb-infra-cnpg: + valuesObject: + instances: 1 argocd: valuesObject: applicationSet: @@ -61,38 +75,34 @@ apps: replicas: 1 resources: limits: - cpu: "2000m" - memory: "4Gi" + memory: "2Gi" requests: - cpu: "500m" + cpu: "125m" memory: "1Gi" redis-ha: enabled: false redis: resources: limits: - cpu: "1000m" - memory: "2Gi" + memory: "1Gi" requests: - cpu: "250m" + cpu: "5m" memory: "512Mi" repoServer: replicas: 1 resources: limits: - cpu: "1000m" - memory: "2Gi" + memory: "1Gi" requests: - cpu: "250m" + cpu: "25m" memory: "512Mi" server: replicas: 1 resources: limits: - cpu: "500m" memory: "1Gi" requests: - cpu: "125m" + cpu: "25m" memory: "256Mi" grafana: valuesObject: @@ -105,22 +115,19 @@ apps: replicas: 1 resources: limits: - cpu: "1000m" memory: "2Gi" requests: - cpu: "250m" + cpu: "125m" memory: "512Mi" - kyverno-policies-storage-local-path: - ignoreDifferences: [] - namespace: kyverno - path: kyverno-policies/storage-local-path - source: clusterForge - syncOptions: - - CreateNamespace=true - syncWave: - - group: kyverno.io - kind: ClusterPolicy - wave: 26 # Deploy after base policies + keycloak: + valuesObject: + # Increase memory resources for Keycloak to prevent OOMKilled during initialization + # Medium preset provides 1536Mi memory limit vs small preset's 768Mi + resourcesPreset: "medium" + minio-operator: + valuesObject: + operator: + replicaCount: 1 minio-tenant: valuesObject: tenant: @@ -139,10 +146,9 @@ apps: volumesPerServer: 2 resources: limits: - cpu: "4000m" memory: "8Gi" requests: - cpu: "1000m" + cpu: "500m" memory: "2Gi" openbao: valuesObject: @@ -157,10 +163,9 @@ apps: replicas: 1 resources: limits: - cpu: "1000m" memory: "2Gi" requests: - cpu: "250m" + cpu: "5m" memory: "512Mi" prometheus: valuesObject: @@ -168,10 +173,9 @@ apps: prometheusSpec: resources: limits: - cpu: "2000m" memory: "4Gi" requests: - cpu: "500m" + cpu: "250m" memory: "1Gi" retention: 15d retentionSize: 20GB From 502d4d3e68da08994bf765561d45094c6a6fc5e3 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 15 Apr 2026 15:03:38 +0300 Subject: [PATCH 02/23] gitea reoved from small values; dynamic deployment of gitea in bootstrap --- scripts/bootstrap.sh | 65 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 59 insertions(+), 6 deletions(-) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 860a0ac3..acf8ec93 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -429,6 +429,26 @@ is_disabled_app() { return 1 } +# Returns 0 if gitea is in enabledApps in the values file(s) +is_gitea_enabled() { + local values_file="${SOURCE_ROOT}/root/${VALUES_FILE}" + local size_values_file="${SOURCE_ROOT}/root/${SIZE_VALUES_FILE}" + + # Check base values file + if yq eval '.enabledApps[] | select(. == "gitea")' "$values_file" 2>/dev/null | grep -q "gitea"; then + return 0 + fi + + # Check size-specific values file if it exists + if [ -n "${SIZE_VALUES_FILE}" ] && [ -f "$size_values_file" ]; then + if yq eval '.enabledApps[] | select(. == "gitea")' "$size_values_file" 2>/dev/null | grep -q "gitea"; then + return 0 + fi + fi + + return 1 +} + # Helper function to either apply directly or output YAML for templating apply_or_template() { @@ -441,9 +461,15 @@ apply_or_template() { # Create namespaces create_namespaces() { - for ns in argocd cf-gitea cf-openbao; do + # Always create argocd and openbao namespaces + for ns in argocd cf-openbao; do kubectl create ns "$ns" --dry-run=client -o yaml | apply_or_template -f - done + + # Only create gitea namespace if gitea is enabled + if is_gitea_enabled; then + kubectl create ns cf-gitea --dry-run=client -o yaml | apply_or_template -f - + fi } # Extract ArgoCD values using yq @@ -815,13 +841,22 @@ EOF fi done + # Determine repo URLs based on whether gitea is enabled + local cluster_forge_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" + local external_values_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + + if ! is_gitea_enabled; then + cluster_forge_repo="https://github.com/ROCm/cluster-forge.git" + external_values_repo="https://github.com/ROCm/cluster-forge.git" + fi + # Render only the cluster-apps template with filtered values helm template cluster-forge "${SOURCE_ROOT}/root" \ --show-only templates/cluster-apps.yaml \ --values "$temp_values" \ --set clusterForge.targetRevision="${TARGET_REVISION}" \ - --set externalValues.repoUrl="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" \ - --set clusterForge.repoUrl="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" \ + --set externalValues.repoUrl="${external_values_repo}" \ + --set clusterForge.repoUrl="${cluster_forge_repo}" \ --namespace argocd \ --kube-version "${KUBE_VERSION}" | apply_or_template -f - @@ -834,7 +869,18 @@ apply_cluster_forge_parent_app() { log_info "=== Creating ClusterForge Parent App ===" log_info "Target revision: $TARGET_REVISION" - + # Determine repo URLs based on whether gitea is enabled + local cluster_forge_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" + local external_values_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + local external_values_enabled="true" + + if ! is_gitea_enabled; then + log_info "Gitea not enabled, using GitHub repository" + cluster_forge_repo="https://github.com/ROCm/cluster-forge.git" + external_values_enabled="false" + else + log_info "Gitea enabled, using local Gitea repository" + fi helm template cluster-forge "${SOURCE_ROOT}/root" \ --show-only templates/cluster-forge.yaml \ @@ -842,7 +888,10 @@ apply_cluster_forge_parent_app() { --values "${SOURCE_ROOT}/root/${SIZE_VALUES_FILE}" \ --set global.clusterSize="${SIZE_VALUES_FILE}" \ --set global.domain="${DOMAIN}" \ + --set clusterForge.repoUrl="${cluster_forge_repo}" \ --set clusterForge.targetRevision="${TARGET_REVISION}" \ + --set externalValues.enabled="${external_values_enabled}" \ + --set externalValues.repoUrl="${external_values_repo}" \ --namespace argocd \ --kube-version "${KUBE_VERSION}" | apply_or_template -f - } @@ -970,8 +1019,12 @@ main() { fi if should_run gitea; then - log_info "📦 Step 4/5: Bootstrapping Gitea" - bootstrap_gitea + if is_gitea_enabled; then + log_info "📦 Step 4/5: Bootstrapping Gitea" + bootstrap_gitea + else + log_info "⏭️ Step 4/5: Skipping Gitea (not in enabledApps)" + fi else log_info "⏭️ Step 4/5: Skipping Gitea" fi From f755f685727d5d57009880aa40eebe9b97c31946 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 15 Apr 2026 15:20:22 +0300 Subject: [PATCH 03/23] update repository for clusterforge --- scripts/bootstrap.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index acf8ec93..3efc3ab9 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -846,8 +846,8 @@ EOF local external_values_repo="http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" if ! is_gitea_enabled; then - cluster_forge_repo="https://github.com/ROCm/cluster-forge.git" - external_values_repo="https://github.com/ROCm/cluster-forge.git" + cluster_forge_repo="https://github.com/silogen/cluster-forge.git" + external_values_repo="https://github.com/silogen/cluster-forge.git" fi # Render only the cluster-apps template with filtered values @@ -876,7 +876,7 @@ apply_cluster_forge_parent_app() { if ! is_gitea_enabled; then log_info "Gitea not enabled, using GitHub repository" - cluster_forge_repo="https://github.com/ROCm/cluster-forge.git" + cluster_forge_repo="https://github.com/silogen/cluster-forge.git" external_values_enabled="false" else log_info "Gitea enabled, using local Gitea repository" @@ -890,6 +890,7 @@ apply_cluster_forge_parent_app() { --set global.domain="${DOMAIN}" \ --set clusterForge.repoUrl="${cluster_forge_repo}" \ --set clusterForge.targetRevision="${TARGET_REVISION}" \ + --set clusterForge.valuesFile="${VALUES_FILE}" \ --set externalValues.enabled="${external_values_enabled}" \ --set externalValues.repoUrl="${external_values_repo}" \ --namespace argocd \ From b30620f338e6bef1ee7d63537c2726b9e77aee5e Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 15 Apr 2026 15:44:18 +0300 Subject: [PATCH 04/23] fix: Set global.clusterSize to values_small.yaml --- root/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root/values.yaml b/root/values.yaml index 762b834d..e027d5b9 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -7,7 +7,7 @@ externalValues: repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" targetRevision: main global: - clusterSize: # injected via scripts/bootstrap.sh + clusterSize: values_small.yaml domain: # injected via scripts/bootstrap.sh apps: From 5e04e241ca0679013061819f8630a8e7b91d00fc Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 15 Apr 2026 15:45:44 +0300 Subject: [PATCH 05/23] fix: Set global.clusterSize in values_.yaml files --- root/values.yaml | 2 +- root/values_large.yaml | 3 +++ root/values_medium.yaml | 3 +++ root/values_small.yaml | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/root/values.yaml b/root/values.yaml index e027d5b9..762b834d 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -7,7 +7,7 @@ externalValues: repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" targetRevision: main global: - clusterSize: values_small.yaml + clusterSize: # injected via scripts/bootstrap.sh domain: # injected via scripts/bootstrap.sh apps: diff --git a/root/values_large.yaml b/root/values_large.yaml index 917e1f54..cf66e399 100644 --- a/root/values_large.yaml +++ b/root/values_large.yaml @@ -1,3 +1,6 @@ +global: + clusterSize: values_large.yaml + enabledApps: - aim-cluster-model-source - aim-engine diff --git a/root/values_medium.yaml b/root/values_medium.yaml index 04b7e20c..c41c1468 100644 --- a/root/values_medium.yaml +++ b/root/values_medium.yaml @@ -1,5 +1,8 @@ # Medium & Small clusters add local-path storage policy for RWX→RWO conversion +global: + clusterSize: values_medium.yaml + enabledApps: - aim-cluster-model-source - aim-engine diff --git a/root/values_small.yaml b/root/values_small.yaml index 21f9b37c..74f79918 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -1,5 +1,8 @@ # Medium & Small clusters add local-path storage policy for RWX→RWO conversion +global: + clusterSize: values_small.yaml + enabledApps: - aim-cluster-model-source - aim-engine From 673dea2a31a598ce2176f431f0ac87cb7da305ae Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 15 Apr 2026 15:53:01 +0300 Subject: [PATCH 06/23] fix: Disable externalValues and add valuesFile to clusterForge config --- root/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/root/values.yaml b/root/values.yaml index 762b834d..4d6ab7ec 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -1,8 +1,9 @@ clusterForge: repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" targetRevision: # injected via scripts/bootstrap.sh; tag, branch, or commit + valuesFile: values.yaml externalValues: - enabled: true + enabled: false path: values.yaml repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" targetRevision: main From 50b0a84731503cc244266fbbcc68fe8e4b00412c Mon Sep 17 00:00:00 2001 From: brownzebra Date: Thu, 16 Apr 2026 11:27:43 +0300 Subject: [PATCH 07/23] Updating values for repositories and small configuration --- root/values_large.yaml | 7 +++++++ root/values_medium.yaml | 7 +++++++ root/values_small.yaml | 6 ++++++ 3 files changed, 20 insertions(+) diff --git a/root/values_large.yaml b/root/values_large.yaml index cf66e399..e039f70b 100644 --- a/root/values_large.yaml +++ b/root/values_large.yaml @@ -1,6 +1,13 @@ global: clusterSize: values_large.yaml +# Large cluster uses Gitea for GitOps (multi-source) +clusterForge: + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" +externalValues: + enabled: true + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + enabledApps: - aim-cluster-model-source - aim-engine diff --git a/root/values_medium.yaml b/root/values_medium.yaml index c41c1468..08139349 100644 --- a/root/values_medium.yaml +++ b/root/values_medium.yaml @@ -3,6 +3,13 @@ global: clusterSize: values_medium.yaml +# Medium cluster uses Gitea for GitOps (multi-source) +clusterForge: + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" +externalValues: + enabled: true + repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" + enabledApps: - aim-cluster-model-source - aim-engine diff --git a/root/values_small.yaml b/root/values_small.yaml index 74f79918..cc4f8405 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -3,6 +3,12 @@ global: clusterSize: values_small.yaml +# Small cluster uses GitHub (no Gitea deployed) +clusterForge: + repoUrl: "https://github.com/silogen/cluster-forge.git" +externalValues: + enabled: false + enabledApps: - aim-cluster-model-source - aim-engine From f340ea9105ef12ad0bdd182ea010571f6ca4e99a Mon Sep 17 00:00:00 2001 From: brownzebra Date: Thu, 16 Apr 2026 12:55:16 +0300 Subject: [PATCH 08/23] test with cert manager in small for minio usage --- root/values_small.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/root/values_small.yaml b/root/values_small.yaml index cc4f8405..19ba8319 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -26,6 +26,7 @@ enabledApps: - argocd - argocd-config - cert-manager + - cert-manager-config - cluster-auth - cluster-auth-config - cnpg-operator From 1a6436b69730b919699049bcf306482a0d96024e Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 07:51:38 +0300 Subject: [PATCH 09/23] fix: add missing app definitions for cert-manager-config, cluster-cert, and keycloak-config --- root/values.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/root/values.yaml b/root/values.yaml index 4d6ab7ec..15188977 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -238,6 +238,11 @@ apps: syncWave: -40 valuesObject: installCRDs: true + cert-manager-config: + namespace: cert-manager + path: cert-manager-config + syncWave: -35 + valuesFile: values.yaml cluster-auth: namespace: cluster-auth path: cluster-auth/0.5.0 @@ -254,6 +259,12 @@ apps: namespace: cluster-auth path: cluster-auth-config syncWave: -20 + cluster-cert: + namespace: cluster-cert + path: cluster-cert + syncWave: -15 + directory: + recurse: true cnpg-operator: namespace: cnpg-system path: cnpg-operator/0.26.0 @@ -526,6 +537,18 @@ apps: requests: cpu: "250m" memory: "512Mi" + keycloak-config: + ignoreDifferences: + - group: external-secrets.io + jqPathExpressions: + - ".spec.data[].remoteRef.conversionStrategy" + - ".spec.data[].remoteRef.decodingStrategy" + - ".spec.data[].remoteRef.metadataPolicy" + kind: ExternalSecret + namespace: keycloak + path: keycloak-config + syncWave: -5 + valuesFile: values.yaml kgateway: namespace: kgateway-system path: kgateway/v2.1.0-main From a0c5083702d05a2ac5c437dea366213818b6f9e3 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 08:28:16 +0300 Subject: [PATCH 10/23] fix: add domain helmParameter to cert-manager-config --- root/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/root/values.yaml b/root/values.yaml index 15188977..c233c523 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -239,6 +239,9 @@ apps: valuesObject: installCRDs: true cert-manager-config: + helmParameters: + - name: domain + value: "{{ .Values.global.domain }}" namespace: cert-manager path: cert-manager-config syncWave: -35 From 485a6347b6a003692225e376fa4ab5ee032b1204 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 09:29:33 +0300 Subject: [PATCH 11/23] use local-path in small --- root/values_small.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/root/values_small.yaml b/root/values_small.yaml index 19ba8319..96056620 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -74,9 +74,24 @@ apps: jsonPointers: - /spec/rules/*/skipBackgroundRequests - /spec/rules/*/validate/allowExistingViolations + airm-infra-cnpg: + valuesObject: + instances: 1 + storage: + storageClass: local-path + walStorage: + storageClass: local-path + airm-infra-rabbitmq: + valuesObject: + persistence: + storageClassName: local-path aiwb-infra-cnpg: valuesObject: instances: 1 + storage: + storageClass: local-path + walStorage: + storageClass: local-path argocd: valuesObject: applicationSet: @@ -134,6 +149,11 @@ apps: # Increase memory resources for Keycloak to prevent OOMKilled during initialization # Medium preset provides 1536Mi memory limit vs small preset's 768Mi resourcesPreset: "medium" + cnpg: + storage: + storageClass: local-path + walStorage: + storageClass: local-path minio-operator: valuesObject: operator: From b87698cbf978ab05f56c53948508a386c2102a7e Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 09:57:12 +0300 Subject: [PATCH 12/23] adding kyverno stroageclass mutation for small as not all sc can be templated --- .../templates/storageclass-mutation.yaml | 98 +++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml diff --git a/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml b/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml new file mode 100644 index 00000000..dfa60d18 --- /dev/null +++ b/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml @@ -0,0 +1,98 @@ +--- +# Kyverno ClusterPolicy to mutate PVC storage class references +# This policy is ONLY deployed to small and medium clusters via enabledApps configuration +# Converts "default" and "multinode" storage classes to "local-path" for compatibility +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: local-path-storageclass-mutation + annotations: + policies.kyverno.io/title: "Local-Path Storage Class Mutation" + policies.kyverno.io/category: "Storage" + policies.kyverno.io/severity: "medium" + policies.kyverno.io/subject: "PersistentVolumeClaim" + policies.kyverno.io/minversion: "1.6.0" + policies.kyverno.io/description: >- + This policy automatically converts "default" and "multinode" storage class references + to "local-path" for clusters using local-path provisioner. This handles components + that cannot be configured via values.yaml overrides (e.g., hardcoded templates). + NOTE: This policy is only deployed to small/medium clusters, never to large clusters. +spec: + admission: true + background: false + validationFailureAction: Enforce + rules: + - name: convert-default-to-local-path + match: + resources: + kinds: + - PersistentVolumeClaim + preconditions: + any: + # Apply if PVC requests "default" or "multinode" storage class + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "default" + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "multinode" + mutate: + patchStrategicMerge: + spec: + # Replace with local-path storage class + storageClassName: local-path + metadata: + annotations: + +(kyverno.io/original-storageclass): "{{ "{{" }} request.object.spec.storageClassName || 'undefined' {{ "}}" }}" + +(kyverno.io/mutation-applied): "storageclass-to-local-path" + +(kyverno.io/policy-reason): "Components using 'default' or 'multinode' storage classes are converted to 'local-path' for small/medium cluster compatibility" + +--- +# Validation policy to warn about storage class changes +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: local-path-storageclass-warning + annotations: + policies.kyverno.io/title: "Local-Path Storage Class Warning" + policies.kyverno.io/category: "Storage" + policies.kyverno.io/severity: "low" + policies.kyverno.io/subject: "PersistentVolumeClaim" + policies.kyverno.io/description: >- + This policy generates warnings when PVCs request "default" or "multinode" storage classes + that will be converted to "local-path" due to cluster size limitations. + NOTE: This policy is only deployed to small/medium clusters, never to large clusters. +spec: + admission: true + background: false + validationFailureAction: Audit # Warning only, don't block + rules: + - name: warn-storageclass-conversion + match: + resources: + kinds: + - PersistentVolumeClaim + preconditions: + any: + # Warn for storage classes that will be converted + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "default" + - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" + operator: Equals + value: "multinode" + validate: + message: >- + INFO: The requested storage class "{{ "{{" }} request.object.spec.storageClassName || 'undefined' {{ "}}" }}" + is not available in small/medium clusters. The storage class has been automatically + converted to "local-path". Components that cannot be overridden via values.yaml: + - keycloak-old/keycloak-cnpg (hardcoded template) + - kaiwo-config/pvc-user-demo (static PVC) + - otel-lgtm-stack PVCs (hardcoded template) + For large clusters with distributed storage, this policy is not deployed. + deny: + conditions: + # This condition is always false, so it only generates a warning + - key: "false" + operator: Equals + value: "true" From 8b174cce441e505213267385fd890579cb4c209b Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 13:16:02 +0300 Subject: [PATCH 13/23] default to HEAD for target-revision to enable template override --- root/templates/cluster-forge.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/root/templates/cluster-forge.yaml b/root/templates/cluster-forge.yaml index 4bf42558..d3905225 100644 --- a/root/templates/cluster-forge.yaml +++ b/root/templates/cluster-forge.yaml @@ -11,7 +11,7 @@ spec: # Uses the SAME targetRevision for both chart templates AND values sources: - repoURL: {{ .Values.clusterForge.repoUrl }} - targetRevision: {{ .Values.clusterForge.targetRevision }} + targetRevision: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} path: root helm: valueFiles: @@ -25,7 +25,7 @@ spec: # helm-chart & values file within the same git repo source: repoURL: {{ .Values.clusterForge.repoUrl }} - targetRevision: {{ .Values.clusterForge.targetRevision }} + targetRevision: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} path: root helm: valueFiles: From 98843a250bab59a338e7d6b7d864b388ac54ebdb Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 13:19:23 +0300 Subject: [PATCH 14/23] include targetRevision to small --- root/values_small.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/root/values_small.yaml b/root/values_small.yaml index 96056620..f761326a 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -6,6 +6,7 @@ global: # Small cluster uses GitHub (no Gitea deployed) clusterForge: repoUrl: "https://github.com/silogen/cluster-forge.git" + targetRevision: main # Default branch, can be overridden via --target-revision externalValues: enabled: false From f34cce563ad98d257e6ce72938ce61890420dcc7 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 13:23:09 +0300 Subject: [PATCH 15/23] main as defaut target revision --- root/values.yaml | 2 +- root/values_large.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/root/values.yaml b/root/values.yaml index c233c523..0cb97c65 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -1,6 +1,6 @@ clusterForge: repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" - targetRevision: # injected via scripts/bootstrap.sh; tag, branch, or commit + targetRevision: main # Overridden by size-specific values or --target-revision bootstrap flag valuesFile: values.yaml externalValues: enabled: false diff --git a/root/values_large.yaml b/root/values_large.yaml index e039f70b..91947a19 100644 --- a/root/values_large.yaml +++ b/root/values_large.yaml @@ -4,6 +4,7 @@ global: # Large cluster uses Gitea for GitOps (multi-source) clusterForge: repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" + targetRevision: main # Default branch, can be overridden via --target-revision externalValues: enabled: true repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-values.git" From 2bc9358f79e3dd2c74c3d370ce3c76198682033d Mon Sep 17 00:00:00 2001 From: brownzebra Date: Fri, 17 Apr 2026 13:55:07 +0300 Subject: [PATCH 16/23] focusing towatd nogitea and working target revision branches --- root/templates/cluster-forge.yaml | 17 ++++++++++++++++- root/values.yaml | 2 +- root/values_small.yaml | 2 +- scripts/bootstrap.sh | 2 -- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/root/templates/cluster-forge.yaml b/root/templates/cluster-forge.yaml index d3905225..69f3e646 100644 --- a/root/templates/cluster-forge.yaml +++ b/root/templates/cluster-forge.yaml @@ -18,6 +18,9 @@ spec: - {{ .Values.externalValues.path }} - {{ .Values.global.clusterSize }} - $cluster-values/values.yaml + parameters: + - name: clusterForge.targetRevision + value: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} - repoURL: {{ .Values.externalValues.repoUrl }} targetRevision: {{ .Values.externalValues.targetRevision }} ref: cluster-values @@ -31,6 +34,9 @@ spec: valueFiles: - {{ .Values.clusterForge.valuesFile }} - {{ .Values.global.clusterSize }} + parameters: + - name: clusterForge.targetRevision + value: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} {{- end }} destination: server: https://kubernetes.default.svc @@ -38,4 +44,13 @@ spec: syncPolicy: automated: prune: true - selfHeal: true \ No newline at end of file + selfHeal: true + ignoreDifferences: + - group: argoproj.io + kind: Application + name: cluster-forge + jsonPointers: + - /spec/source/targetRevision + - /spec/sources/0/targetRevision + - /spec/source/helm/parameters + - /spec/sources/0/helm/parameters \ No newline at end of file diff --git a/root/values.yaml b/root/values.yaml index 0cb97c65..94c9e510 100644 --- a/root/values.yaml +++ b/root/values.yaml @@ -1,6 +1,6 @@ clusterForge: repoUrl: "http://gitea-http.cf-gitea.svc:3000/cluster-org/cluster-forge.git" - targetRevision: main # Overridden by size-specific values or --target-revision bootstrap flag + targetRevision: main # Overridden by bootstrap --target-revision flag valuesFile: values.yaml externalValues: enabled: false diff --git a/root/values_small.yaml b/root/values_small.yaml index f761326a..0832ca5a 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -6,7 +6,7 @@ global: # Small cluster uses GitHub (no Gitea deployed) clusterForge: repoUrl: "https://github.com/silogen/cluster-forge.git" - targetRevision: main # Default branch, can be overridden via --target-revision + targetRevision: main # Overridden by bootstrap --target-revision flag externalValues: enabled: false diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 3efc3ab9..c91eef84 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -896,8 +896,6 @@ apply_cluster_forge_parent_app() { --namespace argocd \ --kube-version "${KUBE_VERSION}" | apply_or_template -f - } - -# Check if requested apps are cluster-forge child apps is_cluster_forge_child_app() { local app="$1" # Check if the app is defined in the values.yaml apps section From 9ee1f0f23773c0c5d30ccd8a7d2724b74e4f8db7 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 22 Apr 2026 17:14:31 +0300 Subject: [PATCH 17/23] add cluster-cert to small enabledApps; fix kyverno policy wave ordering --- root/values_small.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/root/values_small.yaml b/root/values_small.yaml index 0832ca5a..d44f9436 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -29,6 +29,7 @@ enabledApps: - cert-manager - cert-manager-config - cluster-auth + - cluster-cert - cluster-auth-config - cnpg-operator - external-secrets @@ -68,7 +69,7 @@ apps: kyverno-policies-storage-local-path: namespace: kyverno path: kyverno-policies/storage-local-path - syncWave: -20 + syncWave: -25 ignoreDifferences: - group: kyverno.io kind: ClusterPolicy @@ -76,6 +77,7 @@ apps: - /spec/rules/*/skipBackgroundRequests - /spec/rules/*/validate/allowExistingViolations airm-infra-cnpg: + syncWave: 5 valuesObject: instances: 1 storage: @@ -83,10 +85,12 @@ apps: walStorage: storageClass: local-path airm-infra-rabbitmq: + syncWave: 5 valuesObject: persistence: storageClassName: local-path aiwb-infra-cnpg: + syncWave: 5 valuesObject: instances: 1 storage: From b242556c24d173a75de9310985c1b725ecae4e50 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 22 Apr 2026 18:15:56 +0300 Subject: [PATCH 18/23] push keycloak syncwave on small --- root/values_small.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/root/values_small.yaml b/root/values_small.yaml index d44f9436..5e2601e8 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -150,6 +150,7 @@ apps: cpu: "125m" memory: "512Mi" keycloak: + syncWave: 5 valuesObject: # Increase memory resources for Keycloak to prevent OOMKilled during initialization # Medium preset provides 1536Mi memory limit vs small preset's 768Mi From 96c1b9ca4edd5c4b2813a74361cce34e9269109c Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 22 Apr 2026 21:28:25 +0300 Subject: [PATCH 19/23] certs for small tls --- root/values_small.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/root/values_small.yaml b/root/values_small.yaml index 5e2601e8..4ea5622e 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -66,6 +66,8 @@ enabledApps: apps: # Modular Kyverno policy applications (only the storage-local-path addition) + cluster-cert: + namespace: static-cert-system kyverno-policies-storage-local-path: namespace: kyverno path: kyverno-policies/storage-local-path From 63a066f71120009caeda489ecf7aeb6e63b2a928 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Wed, 22 Apr 2026 21:57:13 +0300 Subject: [PATCH 20/23] fix: global.domain propagation and cluster-cert fix --- root/templates/cluster-forge.yaml | 2 ++ root/values_small.yaml | 2 ++ sources/cluster-cert/webhook-cert-generator.yaml | 3 ++- sources/cluster-cert/webhook-config.yaml | 2 +- 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/root/templates/cluster-forge.yaml b/root/templates/cluster-forge.yaml index 69f3e646..3355f667 100644 --- a/root/templates/cluster-forge.yaml +++ b/root/templates/cluster-forge.yaml @@ -37,6 +37,8 @@ spec: parameters: - name: clusterForge.targetRevision value: {{ .Values.clusterForge.targetRevision | default "HEAD" | quote }} + - name: global.domain + value: {{ .Values.global.domain | quote }} {{- end }} destination: server: https://kubernetes.default.svc diff --git a/root/values_small.yaml b/root/values_small.yaml index 4ea5622e..305f0e85 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -205,6 +205,8 @@ apps: requests: cpu: "5m" memory: "512Mi" + otel-lgtm-stack: + syncWave: 5 prometheus: valuesObject: prometheus: diff --git a/sources/cluster-cert/webhook-cert-generator.yaml b/sources/cluster-cert/webhook-cert-generator.yaml index fa220c7d..135fce35 100644 --- a/sources/cluster-cert/webhook-cert-generator.yaml +++ b/sources/cluster-cert/webhook-cert-generator.yaml @@ -60,7 +60,8 @@ data: cp /tmp/server.crt /certs/tls.crt cp /tmp/server.key /certs/tls.key cp /tmp/ca.crt /certs/ca.crt - + chmod 644 /certs/tls.crt /certs/tls.key /certs/ca.crt + echo "Certificates copied to /certs/" # Create Kubernetes secret diff --git a/sources/cluster-cert/webhook-config.yaml b/sources/cluster-cert/webhook-config.yaml index 3cd80423..61770c8f 100644 --- a/sources/cluster-cert/webhook-config.yaml +++ b/sources/cluster-cert/webhook-config.yaml @@ -17,4 +17,4 @@ webhooks: resources: ["certificates"] admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None - failurePolicy: Fail \ No newline at end of file + failurePolicy: Ignore \ No newline at end of file From d588f672526e6747cdc341f1a9fca0e0f83c616f Mon Sep 17 00:00:00 2001 From: brownzebra Date: Thu, 23 Apr 2026 06:48:55 +0300 Subject: [PATCH 21/23] updating kyverno to reduce flapping on the skip background requetss --- root/values_small.yaml | 13 +++++++------ .../templates/access-mode-mutation.yaml | 7 +++++-- .../templates/storageclass-mutation.yaml | 5 ++++- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/root/values_small.yaml b/root/values_small.yaml index 305f0e85..b863a982 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -72,12 +72,6 @@ apps: namespace: kyverno path: kyverno-policies/storage-local-path syncWave: -25 - ignoreDifferences: - - group: kyverno.io - kind: ClusterPolicy - jsonPointers: - - /spec/rules/*/skipBackgroundRequests - - /spec/rules/*/validate/allowExistingViolations airm-infra-cnpg: syncWave: 5 valuesObject: @@ -151,6 +145,9 @@ apps: requests: cpu: "125m" memory: "512Mi" + keycloak-config: + valuesObject: + storageClass: local-path keycloak: syncWave: 5 valuesObject: @@ -207,6 +204,10 @@ apps: memory: "512Mi" otel-lgtm-stack: syncWave: 5 + valuesObject: + lgtm: + storage: + storageClass: local-path prometheus: valuesObject: prometheus: diff --git a/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml b/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml index 6a93f9e8..c4351455 100644 --- a/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml +++ b/sources/kyverno-policies/storage-local-path/templates/access-mode-mutation.yaml @@ -36,6 +36,7 @@ spec: - key: "ReadOnlyMany" operator: AnyIn value: "{{ "{{" }} request.object.spec.accessModes || [] {{ "}}" }}" + skipBackgroundRequests: true mutate: patchStrategicMerge: spec: @@ -82,11 +83,13 @@ spec: - key: "ReadOnlyMany" operator: AnyIn value: "{{ "{{" }} request.object.spec.accessModes || [] {{ "}}" }}" + skipBackgroundRequests: true validate: + allowExistingViolations: true message: >- WARNING: The requested access mode(s) {{ "{{" }} request.object.spec.accessModes && join(',', request.object.spec.accessModes) || 'undefined' {{ "}}" }} - are not supported by the local-path provisioner used in small/medium clusters. - The access mode has been automatically converted to ReadWriteOnce (RWO). + are not supported by the local-path provisioner used in small/medium clusters. + The access mode has been automatically converted to ReadWriteOnce (RWO). For ReadWriteMany support, consider using a large cluster with Longhorn storage. deny: conditions: diff --git a/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml b/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml index dfa60d18..3a255f2e 100644 --- a/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml +++ b/sources/kyverno-policies/storage-local-path/templates/storageclass-mutation.yaml @@ -36,6 +36,7 @@ spec: - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" operator: Equals value: "multinode" + skipBackgroundRequests: true mutate: patchStrategicMerge: spec: @@ -81,10 +82,12 @@ spec: - key: "{{ "{{" }} request.object.spec.storageClassName || '' {{ "}}" }}" operator: Equals value: "multinode" + skipBackgroundRequests: true validate: + allowExistingViolations: true message: >- INFO: The requested storage class "{{ "{{" }} request.object.spec.storageClassName || 'undefined' {{ "}}" }}" - is not available in small/medium clusters. The storage class has been automatically + is not available in small/medium clusters. The storage class has been automatically converted to "local-path". Components that cannot be overridden via values.yaml: - keycloak-old/keycloak-cnpg (hardcoded template) - kaiwo-config/pvc-user-demo (static PVC) From 3e9c2fdbfe3ba839abf8c24761365faebb2fb388 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Thu, 23 Apr 2026 09:03:13 +0300 Subject: [PATCH 22/23] templating for storage classes for small; reductionions in requests for memory --- root/values_small.yaml | 97 ++++++++++++++++++- .../templates/keycloak-cluster.yaml | 4 +- .../v1.0.7/templates/lgtm-stack.yaml | 10 +- sources/otel-lgtm-stack/v1.0.7/values.yaml | 5 +- 4 files changed, 104 insertions(+), 12 deletions(-) diff --git a/root/values_small.yaml b/root/values_small.yaml index b863a982..9e31bb36 100644 --- a/root/values_small.yaml +++ b/root/values_small.yaml @@ -145,6 +145,16 @@ apps: requests: cpu: "125m" memory: "512Mi" + airm: + valuesObject: + airm-api: + frontend: + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "1Gi" keycloak-config: valuesObject: storageClass: local-path @@ -202,12 +212,93 @@ apps: requests: cpu: "5m" memory: "512Mi" + cnpg-operator: + valuesObject: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" + cert-manager: + valuesObject: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" + webhook: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + cainjector: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" + external-secrets: + valuesObject: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + webhook: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + certController: + resources: + requests: + memory: "32Mi" + cpu: "10m" + limits: + memory: "128Mi" + opentelemetry-operator: + valuesObject: + manager: + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi" otel-lgtm-stack: syncWave: 5 valuesObject: lgtm: storage: storageClass: local-path + resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "8Gi" + collectors: + resources: + metrics: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "8Gi" + logs: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "2Gi" prometheus: valuesObject: prometheus: @@ -218,8 +309,8 @@ apps: requests: cpu: "250m" memory: "1Gi" - retention: 15d - retentionSize: 20GB + retention: 3d + retentionSize: 4GB storageSpec: volumeClaimTemplate: spec: @@ -227,5 +318,5 @@ apps: - ReadWriteOnce resources: requests: - storage: 25Gi + storage: 5Gi storageClassName: local-path diff --git a/sources/keycloak-config/templates/keycloak-cluster.yaml b/sources/keycloak-config/templates/keycloak-cluster.yaml index 0421fda3..a302fcaf 100644 --- a/sources/keycloak-config/templates/keycloak-cluster.yaml +++ b/sources/keycloak-config/templates/keycloak-cluster.yaml @@ -91,9 +91,9 @@ spec: stopDelay: 300 storage: size: 50Gi - storageClass: default + storageClass: {{ default "default" .Values.storageClass }} superuserSecret: name: keycloak-cnpg-superuser walStorage: size: 50Gi - storageClass: default + storageClass: {{ default "default" .Values.storageClass }} diff --git a/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml b/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml index cb76e752..33f2c6f1 100644 --- a/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml +++ b/sources/otel-lgtm-stack/v1.0.7/templates/lgtm-stack.yaml @@ -12,7 +12,7 @@ metadata: name: tempo-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -25,7 +25,7 @@ metadata: name: loki-data-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -38,7 +38,7 @@ metadata: name: loki-storage-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -51,7 +51,7 @@ metadata: name: grafana-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: @@ -64,7 +64,7 @@ metadata: name: p8s-pvc namespace: {{ .Release.Namespace }} spec: - storageClassName: default + storageClassName: {{ .Values.lgtm.storage.storageClass }} accessModes: - ReadWriteOnce resources: diff --git a/sources/otel-lgtm-stack/v1.0.7/values.yaml b/sources/otel-lgtm-stack/v1.0.7/values.yaml index 6ea2fd2e..53cd4247 100644 --- a/sources/otel-lgtm-stack/v1.0.7/values.yaml +++ b/sources/otel-lgtm-stack/v1.0.7/values.yaml @@ -11,11 +11,12 @@ namespace: otel-lgtm-stack # LGTM Stack storage configuration lgtm: storage: + storageClass: default # Tempo storage for traces tempo: 50Gi - # Loki storage for logs + # Loki storage for logs loki: 50Gi - # Grafana storage for dashboards/config + # Grafana storage for dashboards/config grafana: 10Gi # Mimir/Prometheus storage for metrics mimir: 50Gi From 2e9f6235380ba9b95ec964036cd240f7ddd35da3 Mon Sep 17 00:00:00 2001 From: brownzebra Date: Thu, 23 Apr 2026 11:46:36 +0300 Subject: [PATCH 23/23] update sbom for cluster-cert for small --- sbom/components.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sbom/components.yaml b/sbom/components.yaml index 56d7a1cf..27b4f940 100644 --- a/sbom/components.yaml +++ b/sbom/components.yaml @@ -103,6 +103,12 @@ components: projectUrl: https://github.com/silogen/cluster-forge/tree/main/sources/cluster-auth license: Apache License 2.0 licenseUrl: https://github.com/silogen/cluster-forge/blob/main/LICENSE + cluster-cert: + path: cluster-cert/0.0.6 + sourceUrl: https://github.com/silogen/cluster-forge/tree/main/sources/cluster-cert + projectUrl: https://github.com/silogen/cluster-forge/tree/main/sources/cluster-cert + license: Apache License 2.0 + licenseUrl: https://github.com/silogen/cluster-forge/blob/main/LICENSE cnpg-operator: path: cnpg-operator/0.26.0 valuesFile: values.yaml @@ -275,4 +281,3 @@ components: projectUrl: https://github.com/rabbitmq/cluster-operator/ license: Mozilla Public License 2.0 licenseUrl: https://github.com/rabbitmq/cluster-operator/blob/main/LICENSE.txt - \ No newline at end of file