diff --git a/Makefile b/Makefile index 95f169a..24f4f0e 100644 --- a/Makefile +++ b/Makefile @@ -5,9 +5,9 @@ # image build vars IMAGE ?= projects.registry.vmware.com/rpk/rpk -IMAGE_VERSION ?= v1.4.3 +IMAGE_VERSION ?= v1.4.4 IMAGE_BASE ?= projects.registry.vmware.com/rpk/rpk-base -IMAGE_BASE_VERSION ?= v1.4.0 +IMAGE_BASE_VERSION ?= v1.4.1 # rpk vars INVENTORY ?= `pwd`/build/inventory.yaml diff --git a/requirements.txt b/requirements.txt index 6a1fd63..c396113 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # base version of ansible -ansible==2.9.9 +ansible==2.9.10 # required for k8s ansible module openshift==0.11.1 diff --git a/roles/common/manifest-file-with-wait/tasks/main.yaml b/roles/common/manifest-file-with-wait/tasks/main.yaml index 6a33f04..9838912 100644 --- a/roles/common/manifest-file-with-wait/tasks/main.yaml +++ b/roles/common/manifest-file-with-wait/tasks/main.yaml @@ -6,6 +6,9 @@ src: "{{ manifest_template }}" dest: "{{ manifest_staging_dir }}/{{ manifest_template.split('.j2') | first | basename }}" mode: "0440" + # allow for different templating strings + variable_start_string: "{{ manifest_variable_start_string | default(omit) }}" + variable_end_string: "{{ manifest_variable_end_string | default(omit) }}" changed_when: false - name: "ensure {{ manifest_description | lower }} is present" diff --git a/roles/common/manifest-file/tasks/main.yaml b/roles/common/manifest-file/tasks/main.yaml index 8c0d34d..e454b04 100644 --- a/roles/common/manifest-file/tasks/main.yaml +++ b/roles/common/manifest-file/tasks/main.yaml @@ -6,6 +6,9 @@ src: "{{ manifest_template }}" dest: "{{ manifest_staging_dir }}/{{ manifest_template.split('.j2') | first | basename }}" mode: "0440" + # allow for different templating strings + variable_start_string: "{{ manifest_variable_start_string | default(omit) }}" + variable_end_string: "{{ manifest_variable_end_string | default(omit) }}" changed_when: false - name: "ensure {{ manifest_description | lower }} is present" diff --git a/roles/components/core/admission-control/templates/gatekeeper-app.yaml.j2 b/roles/components/core/admission-control/templates/gatekeeper-app.yaml.j2 index a261c90..aa24109 100644 --- a/roles/components/core/admission-control/templates/gatekeeper-app.yaml.j2 +++ b/roles/components/core/admission-control/templates/gatekeeper-app.yaml.j2 @@ -45,7 +45,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - image: {{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }} + image: "{{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }}" imagePullPolicy: Always livenessProbe: httpGet: @@ -124,7 +124,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name - image: {{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }} + image: "{{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }}" imagePullPolicy: Always livenessProbe: httpGet: diff --git a/roles/components/core/admission-control/templates/mutator-app.yaml.j2 b/roles/components/core/admission-control/templates/mutator-app.yaml.j2 index 28a333f..d09a89c 100644 --- a/roles/components/core/admission-control/templates/mutator-app.yaml.j2 +++ b/roles/components/core/admission-control/templates/mutator-app.yaml.j2 @@ -21,7 +21,7 @@ spec: spec: containers: - name: sac - image: {{ tanzu_admission_control.mutator.image }}:{{ tanzu_admission_control.mutator.image_tag }} + image: "{{ tanzu_admission_control.mutator.image }}:{{ tanzu_admission_control.mutator.image_tag }}" resources: {{ tanzu_admission_control.mutator.resources | default(tanzu_admission_control.default_resources) }} securityContext: runAsUser: 65532 diff --git a/roles/components/core/application-stack/templates/app/department/department-deployment.yaml.j2 b/roles/components/core/application-stack/templates/app/department/department-deployment.yaml.j2 index 6fa9a0c..9b962cb 100644 --- a/roles/components/core/application-stack/templates/app/department/department-deployment.yaml.j2 +++ b/roles/components/core/application-stack/templates/app/department/department-deployment.yaml.j2 @@ -36,7 +36,7 @@ spec: runAsUser: 1001 containers: - name: department - image: {{ tanzu_app_stack.department.remote_image }}:{{ tanzu_app_stack.department.remote_image_tag }} + image: "{{ tanzu_app_stack.department.remote_image }}:{{ tanzu_app_stack.department.remote_image_tag }}" imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/roles/components/core/application-stack/templates/app/employee/employee-deployment.yaml.j2 b/roles/components/core/application-stack/templates/app/employee/employee-deployment.yaml.j2 index dff2493..85cec24 100644 --- a/roles/components/core/application-stack/templates/app/employee/employee-deployment.yaml.j2 +++ b/roles/components/core/application-stack/templates/app/employee/employee-deployment.yaml.j2 @@ -36,7 +36,7 @@ spec: runAsUser: 1001 containers: - name: employee - image: {{ tanzu_app_stack.employee.remote_image }}:{{ tanzu_app_stack.employee.remote_image_tag }} + image: "{{ tanzu_app_stack.employee.remote_image }}:{{ tanzu_app_stack.employee.remote_image_tag }}" imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/roles/components/core/application-stack/templates/app/gateway/gateway-deployment.yaml.j2 b/roles/components/core/application-stack/templates/app/gateway/gateway-deployment.yaml.j2 index 88d2809..0338c09 100644 --- a/roles/components/core/application-stack/templates/app/gateway/gateway-deployment.yaml.j2 +++ b/roles/components/core/application-stack/templates/app/gateway/gateway-deployment.yaml.j2 @@ -23,7 +23,7 @@ spec: runAsUser: 1001 containers: - name: gateway - image: {{ tanzu_app_stack.gateway.remote_image }}:{{ tanzu_app_stack.gateway.remote_image_tag }} + image: "{{ tanzu_app_stack.gateway.remote_image }}:{{ tanzu_app_stack.gateway.remote_image_tag }}" imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/roles/components/core/application-stack/templates/app/organization/organization-deployment.yaml.j2 b/roles/components/core/application-stack/templates/app/organization/organization-deployment.yaml.j2 index ab284b0..2e1c579 100644 --- a/roles/components/core/application-stack/templates/app/organization/organization-deployment.yaml.j2 +++ b/roles/components/core/application-stack/templates/app/organization/organization-deployment.yaml.j2 @@ -36,7 +36,7 @@ spec: runAsUser: 1001 containers: - name: organization - image: {{ tanzu_app_stack.organization.remote_image }}:{{ tanzu_app_stack.organization.remote_image_tag }} + image: "{{ tanzu_app_stack.organization.remote_image }}:{{ tanzu_app_stack.organization.remote_image_tag }}" imagePullPolicy: Always ports: - containerPort: 8080 diff --git a/roles/components/core/application-stack/templates/db/mongodb-deployment.yaml.j2 b/roles/components/core/application-stack/templates/db/mongodb-deployment.yaml.j2 index 69419cf..cc4ac01 100644 --- a/roles/components/core/application-stack/templates/db/mongodb-deployment.yaml.j2 +++ b/roles/components/core/application-stack/templates/db/mongodb-deployment.yaml.j2 @@ -23,7 +23,7 @@ spec: runAsUser: 999 containers: - name: mongodb - image: {{ tanzu_app_stack.mongodb.image }}:{{ tanzu_app_stack.mongodb.image_tag }} + image: "{{ tanzu_app_stack.mongodb.image }}:{{ tanzu_app_stack.mongodb.image_tag }}" ports: - containerPort: 27017 env: diff --git a/roles/components/core/container-registry/templates/harbor-api.yaml.j2 b/roles/components/core/container-registry/templates/harbor-api.yaml.j2 index 3405684..555e198 100644 --- a/roles/components/core/container-registry/templates/harbor-api.yaml.j2 +++ b/roles/components/core/container-registry/templates/harbor-api.yaml.j2 @@ -28,7 +28,7 @@ spec: fsGroup: 10000 containers: - name: core - image: {{ tanzu_container_registry.core.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.core.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/roles/components/core/container-registry/templates/harbor-app.yaml.j2 b/roles/components/core/container-registry/templates/harbor-app.yaml.j2 index adf74d9..8496afa 100644 --- a/roles/components/core/container-registry/templates/harbor-app.yaml.j2 +++ b/roles/components/core/container-registry/templates/harbor-app.yaml.j2 @@ -30,7 +30,7 @@ spec: fsGroup: 10000 containers: - name: chartmuseum - image: {{ tanzu_container_registry.chartmuseum.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.chartmuseum.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -112,7 +112,7 @@ spec: fsGroup: 10000 containers: - name: clair - image: {{ tanzu_container_registry.clair.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.clair.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -144,7 +144,7 @@ spec: mountPath: /etc/harbor/ssl/clair resources: {{ tanzu_container_registry.clair.resources }} - name: adapter - image: {{ tanzu_container_registry.clair.adapter.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.clair.adapter.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -245,7 +245,7 @@ spec: fsGroup: 10000 containers: - name: jobservice - image: {{ tanzu_container_registry.jobservice.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.jobservice.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -348,13 +348,13 @@ spec: fsGroup: 10000 containers: - name: notary-server - image: {{ tanzu_container_registry.notary.server.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.notary.server.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent env: - name: MIGRATIONS_PATH value: migrations/server/postgresql - name: DB_URL - value: postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notaryserver?sslmode=disable + value: "postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notaryserver?sslmode=disable" volumeMounts: - name: config mountPath: /etc/notary/server-config.postgres.json @@ -401,13 +401,13 @@ spec: fsGroup: 10000 containers: - name: notary-signer - image: {{ tanzu_container_registry.notary.signer.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.notary.signer.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent env: - name: MIGRATIONS_PATH value: migrations/signer/postgresql - name: DB_URL - value: postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notarysigner?sslmode=disable + value: "postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notarysigner?sslmode=disable" - name: NOTARY_SIGNER_DEFAULTALIAS value: defaultalias volumeMounts: @@ -487,7 +487,7 @@ spec: fsGroup: 10000 containers: - name: registry - image: {{ tanzu_container_registry.registry.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.registry.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -536,7 +536,7 @@ spec: mountPath: /etc/harbor/ssl/registry resources: {{ tanzu_container_registry.registry.resources | default(tanzu_container_registry.default_resources) }} - name: registryctl - image: {{ tanzu_container_registry.registry.registryctl.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.registry.registryctl.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -661,7 +661,7 @@ spec: automountServiceAccountToken: false containers: - name: trivy - image: {{ tanzu_container_registry.trivy.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.trivy.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent securityContext: privileged: false diff --git a/roles/components/core/container-registry/templates/harbor-persistence.yaml.j2 b/roles/components/core/container-registry/templates/harbor-persistence.yaml.j2 index 7b351de..a5902a4 100644 --- a/roles/components/core/container-registry/templates/harbor-persistence.yaml.j2 +++ b/roles/components/core/container-registry/templates/harbor-persistence.yaml.j2 @@ -29,7 +29,7 @@ spec: fsGroup: 999 containers: - name: redis - image: {{ tanzu_container_registry.redis.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.redis.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: tcpSocket: @@ -101,7 +101,7 @@ spec: - name: "change-permission-of-directory" securityContext: runAsUser: 0 - image: {{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent command: ["/bin/sh"] args: ["-c", "chown -R postgres:postgres /var/lib/postgresql/data"] @@ -110,7 +110,7 @@ spec: mountPath: /var/lib/postgresql/data subPath: - name: "remove-lost-found" - image: {{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"] volumeMounts: @@ -119,7 +119,7 @@ spec: subPath: containers: - name: database - image: {{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/roles/components/core/container-registry/templates/harbor-web.yaml.j2 b/roles/components/core/container-registry/templates/harbor-web.yaml.j2 index 7b6613c..7886336 100644 --- a/roles/components/core/container-registry/templates/harbor-web.yaml.j2 +++ b/roles/components/core/container-registry/templates/harbor-web.yaml.j2 @@ -26,7 +26,7 @@ spec: spec: containers: - name: portal - image: {{ tanzu_container_registry.portal.image }}:{{ tanzu_container_registry.base_image_tag }} + image: "{{ tanzu_container_registry.portal.image }}:{{ tanzu_container_registry.base_image_tag }}" imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/roles/components/core/identity/templates/app-dex.yaml.j2 b/roles/components/core/identity/templates/app-dex.yaml.j2 index e72433c..e20ced5 100644 --- a/roles/components/core/identity/templates/app-dex.yaml.j2 +++ b/roles/components/core/identity/templates/app-dex.yaml.j2 @@ -154,7 +154,7 @@ spec: - /usr/local/bin/dex - serve - /etc/dex/cfg/config.yaml - image: {{ tanzu_identity.dex.image }}:{{ tanzu_identity.dex.image_tag }} + image: "{{ tanzu_identity.dex.image }}:{{ tanzu_identity.dex.image_tag }}" imagePullPolicy: IfNotPresent name: dex ports: diff --git a/roles/components/core/identity/templates/app-gangway.yaml.j2 b/roles/components/core/identity/templates/app-gangway.yaml.j2 index 4c0cbf6..9228f09 100644 --- a/roles/components/core/identity/templates/app-gangway.yaml.j2 +++ b/roles/components/core/identity/templates/app-gangway.yaml.j2 @@ -83,7 +83,7 @@ spec: runAsGroup: 65534 containers: - name: gangway - image: {{ tanzu_identity.gangway.image }}:{{ tanzu_identity.gangway.image_tag }} + image: "{{ tanzu_identity.gangway.image }}:{{ tanzu_identity.gangway.image_tag }}" imagePullPolicy: IfNotPresent command: - gangway diff --git a/roles/components/core/identity/templates/app-ldap.yaml.j2 b/roles/components/core/identity/templates/app-ldap.yaml.j2 index 095bfe1..a7afea6 100644 --- a/roles/components/core/identity/templates/app-ldap.yaml.j2 +++ b/roles/components/core/identity/templates/app-ldap.yaml.j2 @@ -50,7 +50,7 @@ spec: serviceAccountName: ldap containers: - name: ldap - image: {{ tanzu_identity.ldap.image }}:{{ tanzu_identity.ldap.image_tag }} + image: "{{ tanzu_identity.ldap.image }}:{{ tanzu_identity.ldap.image_tag }}" imagePullPolicy: IfNotPresent args: ["--copy-service"] env: diff --git a/roles/components/core/ingress/tasks/external-dns-internal.yaml b/roles/components/core/ingress/tasks/external-dns-internal.yaml index a1c64b5..2ef7c2b 100644 --- a/roles/components/core/ingress/tasks/external-dns-internal.yaml +++ b/roles/components/core/ingress/tasks/external-dns-internal.yaml @@ -1,18 +1,20 @@ # Copyright 2006-2021 VMware, Inc. # SPDX-License-Identifier: MIT --- +- name: "ensure internal external-dns provider config map is deployed" + include_role: + name: "common/manifest-file-with-wait" + vars: + manifest_description: "bind config map" + manifest_template: "config-bind.yaml.j2" + manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}" + manifest_variable_start_string: "<<" + manifest_variable_end_string: ">>" + - name: "ensure internal external-dns provider manifests are deployed" include_role: name: "common/manifest-file-with-wait" vars: - manifest_description: "{{ manifest.description }}" - manifest_template: "{{ manifest.template }}" - manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}" - with_items: - - description: "bind config" - template: "config-bind.yaml.j2" - - description: "external-dns internal provider" - template: "app-external-dns-internal.yaml.j2" - loop_control: - loop_var: "manifest" - label: "{{ manifest.template }}" + manifest_description: "external-dns internal provider" + manifest_template: "app-external-dns-internal.yaml.j2" + manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}" diff --git a/roles/components/core/ingress/templates/app-contour.yaml.j2 b/roles/components/core/ingress/templates/app-contour.yaml.j2 index b0c139e..9a3e511 100644 --- a/roles/components/core/ingress/templates/app-contour.yaml.j2 +++ b/roles/components/core/ingress/templates/app-contour.yaml.j2 @@ -49,7 +49,7 @@ spec: - --contour-key-file=/certs/tls.key - --config-path=/config/contour.yaml command: ["contour"] - image: {{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }} + image: "{{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}" imagePullPolicy: IfNotPresent resources: {{ tanzu_ingress.contour.resources | default(tanzu_ingress.default_resources) }} name: contour diff --git a/roles/components/core/ingress/templates/app-envoy.yaml.j2 b/roles/components/core/ingress/templates/app-envoy.yaml.j2 index 43cff45..bd1a526 100644 --- a/roles/components/core/ingress/templates/app-envoy.yaml.j2 +++ b/roles/components/core/ingress/templates/app-envoy.yaml.j2 @@ -35,7 +35,7 @@ spec: args: - envoy - shutdown-manager - image: {{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }} + image: "{{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}" imagePullPolicy: IfNotPresent resources: {{ tanzu_ingress.envoy.resources | default(tanzu_ingress.default_resources) }} lifecycle: @@ -59,7 +59,7 @@ spec: - --log-level info command: - envoy - image: {{ tanzu_ingress.envoy.image }}:{{ tanzu_ingress.envoy.image_tag }} + image: "{{ tanzu_ingress.envoy.image }}:{{ tanzu_ingress.envoy.image_tag }}" imagePullPolicy: IfNotPresent resources: {{ tanzu_ingress.envoy.resources | default(tanzu_ingress.default_resources) }} name: envoy @@ -109,7 +109,7 @@ spec: - --envoy-key-file=/certs/tls.key command: - contour - image: {{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }} + image: "{{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}" imagePullPolicy: IfNotPresent resources: {{ tanzu_ingress.contour.resources | default(tanzu_ingress.default_resources) }} name: envoy-initconfig diff --git a/roles/components/core/ingress/templates/app-external-dns-azure.yaml.j2 b/roles/components/core/ingress/templates/app-external-dns-azure.yaml.j2 index 98b2087..c996ae9 100644 --- a/roles/components/core/ingress/templates/app-external-dns-azure.yaml.j2 +++ b/roles/components/core/ingress/templates/app-external-dns-azure.yaml.j2 @@ -4,10 +4,10 @@ apiVersion: v1 kind: Secret metadata: - name: {{ tanzu_ingress.external_dns.resource_name }} - namespace: {{ tanzu_ingress.namespace }} + name: "{{ tanzu_ingress.external_dns.resource_name }}" + namespace: "{{ tanzu_ingress.namespace }}" labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" type: Opaque data: azure.json: {{ tanzu_ingress.azure_secret | to_json | b64encode }} @@ -15,20 +15,20 @@ data: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ tanzu_ingress.external_dns.resource_name }} - namespace: {{ tanzu_ingress.namespace }} + name: "{{ tanzu_ingress.external_dns.resource_name }}" + namespace: "{{ tanzu_ingress.namespace }}" labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" spec: strategy: type: Recreate selector: matchLabels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" template: metadata: labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" spec: securityContext: allowPrivilegeEscalation: false @@ -38,10 +38,10 @@ spec: fsGroup: 1001 runAsUser: 1001 runAsNonRoot: true - serviceAccountName: {{ tanzu_ingress.external_dns.resource_name }} + serviceAccountName: "{{ tanzu_ingress.external_dns.resource_name }}" containers: - - name: {{ tanzu_ingress.external_dns.resource_name }} - image: {{ tanzu_ingress.external_dns.image }}:{{ tanzu_ingress.external_dns.image_tag }} + - name: "{{ tanzu_ingress.external_dns.resource_name }}" + image: "{{ tanzu_ingress.external_dns.image }}:{{ tanzu_ingress.external_dns.image_tag }}" args: - --source=service - --source=ingress @@ -50,7 +50,7 @@ spec: - --policy={{ tanzu_ingress.external_dns.delete_records | bool | ternary("sync", "upsert-only") }} - --registry=txt - --interval={{ tanzu_ingress.external_dns.sync_interval_seconds | string }}s - - --txt-owner-id=tanzu-dns- {{ tanzu_cluster_name }} + - --txt-owner-id=tanzu-dns-{{ tanzu_cluster_name }} - --txt-prefix=rpk-tracker-record- volumeMounts: - name: azure-config-file @@ -60,4 +60,4 @@ spec: volumes: - name: azure-config-file secret: - secretName: {{ tanzu_ingress.external_dns.resource_name }} + secretName: "{{ tanzu_ingress.external_dns.resource_name }}" diff --git a/roles/components/core/ingress/templates/app-external-dns-internal.yaml.j2 b/roles/components/core/ingress/templates/app-external-dns-internal.yaml.j2 index ef7ce6f..61950ad 100644 --- a/roles/components/core/ingress/templates/app-external-dns-internal.yaml.j2 +++ b/roles/components/core/ingress/templates/app-external-dns-internal.yaml.j2 @@ -5,41 +5,41 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} - name: {{ tanzu_ingress.external_dns.resource_name }} - namespace: {{ tanzu_ingress.namespace }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" + name: "{{ tanzu_ingress.external_dns.resource_name }}" + namespace: "{{ tanzu_ingress.namespace }}" spec: replicas: {{ tanzu_ingress.external_dns.replicas }} selector: matchLabels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" strategy: type: Recreate template: metadata: labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" spec: securityContext: fsGroup: 106 - serviceAccountName: {{ tanzu_ingress.external_dns.resource_name }} + serviceAccountName: "{{ tanzu_ingress.external_dns.resource_name }}" initContainers: - - name: {{ tanzu_ingress.bind.resource_name }}-init - image: {{ tanzu_ingress.bind_init.image }}:{{ tanzu_ingress.bind_init.image_tag }} + - name: "{{ tanzu_ingress.bind.resource_name }}-init" + image: "{{ tanzu_ingress.bind_init.image }}:{{ tanzu_ingress.bind_init.image_tag }}" volumeMounts: - name: bind-var-lib-bind mountPath: /var/lib/bind readOnly: false - name: bind-configs - mountPath: /tmp/{{ tanzu_ingress_domain }}.db - subPath: {{ tanzu_ingress_domain }}.db + mountPath: /tmp/database.db + subPath: database.db command: - "sh" - "-c" - - "cp -f /tmp/{{ tanzu_ingress_domain }}.db /var/lib/bind/{{ tanzu_ingress_domain }}.db && chmod 664 /var/lib/bind/{{ tanzu_ingress_domain }}.db" + - "cp -f /tmp/database.db /var/lib/bind/database.db && chmod 664 /var/lib/bind/database.db" containers: - - name: {{ tanzu_ingress.bind.resource_name }} - image: {{ tanzu_ingress.bind.image }}:{{ tanzu_ingress.bind.image_tag }} + - name: "{{ tanzu_ingress.bind.resource_name }}" + image: "{{ tanzu_ingress.bind.image }}:{{ tanzu_ingress.bind.image_tag }}" ports: - containerPort: 53 protocol: UDP @@ -61,8 +61,8 @@ spec: mountPath: /etc/bind/named.conf.options subPath: named.conf.options resources: {{ tanzu_ingress.bind.resources | default(tanzu_ingress.default_resources) }} - - name: {{ tanzu_ingress.external_dns.resource_name }} - image: {{ tanzu_ingress.external_dns.image }}:{{ tanzu_ingress.external_dns.image_tag }} + - name: "{{ tanzu_ingress.external_dns.resource_name }}" + image: "{{ tanzu_ingress.external_dns.image }}:{{ tanzu_ingress.external_dns.image_tag }}" args: - --source=service - --source=ingress @@ -77,7 +77,7 @@ spec: - --policy={{ tanzu_ingress.external_dns.delete_records | bool | ternary("sync", "upsert-only") }} - --registry=txt - --txt-owner-id=tanzu-dns-{{ tanzu_cluster_name }} - - --txt-prefix=ivy-tracker-record- + - --txt-prefix=rpk-tracker-record- resources: {{ tanzu_ingress.external_dns.resources | default(tanzu_ingress.default_resources) }} volumes: - name: bind-var-lib-bind @@ -91,9 +91,9 @@ apiVersion: v1 kind: Service metadata: name: bind-udp - namespace: {{ tanzu_ingress.namespace }} + namespace: "{{ tanzu_ingress.namespace }}" labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" annotations: # NOTE: this only works on 1.19.1+vmware.1+, but not prior # this annotation will be ignored on other cloud providers @@ -103,7 +103,7 @@ metadata: metallb.universe.tf/address-pool: default spec: selector: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" type: LoadBalancer ports: - name: dns-udp diff --git a/roles/components/core/ingress/templates/app-external-dns-route53.yaml.j2 b/roles/components/core/ingress/templates/app-external-dns-route53.yaml.j2 index 8f8d67f..03e7312 100644 --- a/roles/components/core/ingress/templates/app-external-dns-route53.yaml.j2 +++ b/roles/components/core/ingress/templates/app-external-dns-route53.yaml.j2 @@ -4,10 +4,10 @@ apiVersion: v1 kind: Secret metadata: - name: {{ tanzu_ingress.external_dns.resource_name }} - namespace: {{ tanzu_ingress.namespace }} + name: "{{ tanzu_ingress.external_dns.resource_name }}" + namespace: "{{ tanzu_ingress.namespace }}" labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" type: Opaque data: aws_access_key: "{{ aws_access_key | b64encode }}" @@ -16,20 +16,20 @@ data: apiVersion: apps/v1 kind: Deployment metadata: - name: {{ tanzu_ingress.external_dns.resource_name }} - namespace: {{ tanzu_ingress.namespace }} + name: "{{ tanzu_ingress.external_dns.resource_name }}" + namespace: "{{ tanzu_ingress.namespace }}" labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" spec: strategy: type: Recreate selector: matchLabels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" template: metadata: labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "{{ tanzu_ingress.external_dns.resource_name }}" spec: securityContext: allowPrivilegeEscalation: false @@ -39,20 +39,20 @@ spec: fsGroup: 1001 runAsUser: 1001 runAsNonRoot: true - serviceAccountName: {{ tanzu_ingress.external_dns.resource_name }} + serviceAccountName: "{{ tanzu_ingress.external_dns.resource_name }}" containers: - - name: {{ tanzu_ingress.external_dns.resource_name }} - image: {{ tanzu_ingress.external_dns.image }}:{{ tanzu_ingress.external_dns.image_tag }} + - name: "{{ tanzu_ingress.external_dns.resource_name }}" + image: "{{ tanzu_ingress.external_dns.image }}:{{ tanzu_ingress.external_dns.image_tag }}" env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: {{ tanzu_ingress.external_dns.resource_name }} + name: "{{ tanzu_ingress.external_dns.resource_name }}" key: aws_access_key - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ tanzu_ingress.external_dns.resource_name }} + name: "{{ tanzu_ingress.external_dns.resource_name }}" key: aws_secret_key args: - --source=service @@ -68,5 +68,5 @@ spec: # is an AWS Route53 specific type). CNAME records also need a txt-prefix to avoid # conflicts. - --aws-prefer-cname - - --txt-prefix=ivy-tracker-record- + - --txt-prefix=rpk-tracker-record- resources: {{ tanzu_ingress.external_dns.resources | default(tanzu_ingress.default_resources) }} diff --git a/roles/components/core/ingress/templates/app-load-balancer.yaml.j2 b/roles/components/core/ingress/templates/app-load-balancer.yaml.j2 index 8aba829..10b50f8 100644 --- a/roles/components/core/ingress/templates/app-load-balancer.yaml.j2 +++ b/roles/components/core/ingress/templates/app-load-balancer.yaml.j2 @@ -45,7 +45,7 @@ spec: "beta.kubernetes.io/os": linux containers: - name: controller - image: {{ tanzu_ingress.metallb.controller.image }}:{{ tanzu_ingress.metallb.controller.image_tag }} + image: "{{ tanzu_ingress.metallb.controller.image }}:{{ tanzu_ingress.metallb.controller.image_tag }}" imagePullPolicy: IfNotPresent resources: {{ tanzu_ingress.metallb.resources | default(tanzu_ingress.default_resources) }} args: @@ -88,7 +88,7 @@ spec: hostNetwork: true containers: - name: speaker - image: {{ tanzu_ingress.metallb.speaker.image }}:{{ tanzu_ingress.metallb.speaker.image_tag }} + image: "{{ tanzu_ingress.metallb.speaker.image }}:{{ tanzu_ingress.metallb.speaker.image_tag }}" imagePullPolicy: IfNotPresent args: - --port=7472 diff --git a/roles/components/core/ingress/templates/config-bind.yaml.j2 b/roles/components/core/ingress/templates/config-bind.yaml.j2 index bfac034..4c9b96d 100644 --- a/roles/components/core/ingress/templates/config-bind.yaml.j2 +++ b/roles/components/core/ingress/templates/config-bind.yaml.j2 @@ -5,9 +5,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: bind-configs - namespace: {{ tanzu_ingress.namespace }} + namespace: "<< tanzu_ingress.namespace >>" labels: - app.kubernetes.io/name: {{ tanzu_ingress.external_dns.resource_name }} + app.kubernetes.io/name: "<< tanzu_ingress.external_dns.resource_name >>" data: named.conf.options: | options { @@ -30,19 +30,19 @@ data: }; named.conf.local: | - zone "{{ tanzu_ingress_domain }}." { + zone "<< tanzu_ingress_domain >>." { type primary; - file "/var/lib/bind/{{ tanzu_ingress_domain }}.db"; + file "/var/lib/bind/database.db"; }; - {{ tanzu_ingress_domain }}.db: | + database.db: | $TTL 60 ; 1 minute - @ IN SOA {{ tanzu_ingress_domain }}. root.{{ tanzu_ingress_domain }}. ( + @ IN SOA << tanzu_ingress_domain >>. root.<< tanzu_ingress_domain >>. ( 16 ; serial 60 ; refresh (1 minute) 60 ; retry (1 minute) 60 ; expire (1 minute) 60 ; minimum (1 minute) ) - NS ns.{{ tanzu_ingress_domain }}. - ns.{{ tanzu_ingress_domain }}. A 127.0.0.1 + NS ns.<< tanzu_ingress_domain >>. + ns.<< tanzu_ingress_domain >>. A 127.0.0.1 diff --git a/roles/components/core/logging/templates/app-fluent-bit.yaml.j2 b/roles/components/core/logging/templates/app-fluent-bit.yaml.j2 index 867353b..c3afba5 100644 --- a/roles/components/core/logging/templates/app-fluent-bit.yaml.j2 +++ b/roles/components/core/logging/templates/app-fluent-bit.yaml.j2 @@ -215,7 +215,7 @@ spec: spec: containers: - name: fluent-bit - image: {{ tanzu_logging.fluent.image }}:{{ tanzu_logging.fluent.image_version }} + image: "{{ tanzu_logging.fluent.image }}:{{ tanzu_logging.fluent.image_version }}" imagePullPolicy: IfNotPresent resources: {{ tanzu_logging.fluent.resources }} ports: diff --git a/roles/components/core/secret-management/hashicorp-vault/templates/server-app.yaml.j2 b/roles/components/core/secret-management/hashicorp-vault/templates/server-app.yaml.j2 index fe2d43e..6dde958 100644 --- a/roles/components/core/secret-management/hashicorp-vault/templates/server-app.yaml.j2 +++ b/roles/components/core/secret-management/hashicorp-vault/templates/server-app.yaml.j2 @@ -59,7 +59,7 @@ spec: defaultMode: 0750 containers: - name: {{ tanzu_secrets.hashicorp_vault.resource_name }} - image: {{ tanzu_secrets.hashicorp_vault.image }}:{{ tanzu_secrets.hashicorp_vault.image_tag }} + image: "{{ tanzu_secrets.hashicorp_vault.image }}:{{ tanzu_secrets.hashicorp_vault.image_tag }}" imagePullPolicy: IfNotPresent command: - "/bin/sh" diff --git a/roles/components/core/security/tasks/main.yaml b/roles/components/core/security/tasks/main.yaml index 5fb0204..999cfff 100644 --- a/roles/components/core/security/tasks/main.yaml +++ b/roles/components/core/security/tasks/main.yaml @@ -45,6 +45,27 @@ manifest_template: "app-cert-manager.yaml.j2" manifest_staging_dir: "{{ tanzu_security.staging_dir }}" +- name: "ensure ca cluster issuers certificate exists" + import_role: + name: "common/manifest-file-with-wait" + vars: + manifest_description: "ca cluster issuers certificate" + manifest_template: "cluster-issuers-ca-cert.yaml.j2" + manifest_staging_dir: "{{ tanzu_security.staging_dir }}" + when: + - (tanzu_security.ca.tls_root_ca_cert == "") or (tanzu_security.ca.tls_root_ca_key == "") + +- name: "ensure ca cluster issuers secret exists" + import_role: + name: "common/manifest-file-with-wait" + vars: + manifest_description: "ca cluster issuers secret" + manifest_template: "cluster-issuers-ca-secret.yaml.j2" + manifest_staging_dir: "{{ tanzu_security.staging_dir }}" + when: + - tanzu_security.ca.tls_root_ca_cert != "" + - tanzu_security.ca.tls_root_ca_key != "" + - name: "ensure {{ item }} cluster issuers exist" include_role: name: "common/manifest-file" @@ -56,12 +77,12 @@ - self - "{{ tanzu_security.tls_providers }}" -- name: "ensure ca cert secret exists" +- name: "ensure extra ca cert secrets exists" import_role: name: "common/manifest-file" vars: - manifest_description: "root ca cert" - manifest_template: "secret-root-ca-certs.yaml.j2" + manifest_description: "extra root ca certs" + manifest_template: "root-ca-certs-extra.yaml.j2" manifest_staging_dir: "{{ tanzu_security.staging_dir }}" when: - ("ca" in tanzu_security.tls_providers) or diff --git a/roles/components/core/security/templates/cluster-issuers-ca-cert.yaml.j2 b/roles/components/core/security/templates/cluster-issuers-ca-cert.yaml.j2 new file mode 100644 index 0000000..58770c8 --- /dev/null +++ b/roles/components/core/security/templates/cluster-issuers-ca-cert.yaml.j2 @@ -0,0 +1,15 @@ +# Copyright 2006-2021 VMware, Inc. +# SPDX-License-Identifier: MIT +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: root-ca + namespace: "{{ tanzu_security.namespace }}" +spec: + secretName: ca-keypair + commonName: ca + isCA: true + issuerRef: + name: self + kind: ClusterIssuer diff --git a/roles/components/core/security/templates/cluster-issuers-ca-secret.yaml.j2 b/roles/components/core/security/templates/cluster-issuers-ca-secret.yaml.j2 new file mode 100644 index 0000000..914caa0 --- /dev/null +++ b/roles/components/core/security/templates/cluster-issuers-ca-secret.yaml.j2 @@ -0,0 +1,11 @@ +# Copyright 2006-2021 VMware, Inc. +# SPDX-License-Identifier: MIT +--- +apiVersion: v1 +kind: Secret +metadata: + name: ca-keypair + namespace: "{{ tanzu_security.namespace }}" +data: + tls.crt: "{{ tanzu_security.ca.tls_root_ca_cert }}" + tls.key: "{{ tanzu_security.ca.tls_root_ca_key }}" diff --git a/roles/components/core/security/templates/cluster-issuers-ca.yaml.j2 b/roles/components/core/security/templates/cluster-issuers-ca.yaml.j2 index c0b0c3f..4c846fb 100644 --- a/roles/components/core/security/templates/cluster-issuers-ca.yaml.j2 +++ b/roles/components/core/security/templates/cluster-issuers-ca.yaml.j2 @@ -1,30 +1,5 @@ # Copyright 2006-2021 VMware, Inc. # SPDX-License-Identifier: MIT -{% if (tanzu_security.ca.tls_root_ca_cert == "") and (tanzu_security.ca.tls_root_ca_key == "") %} ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: root-ca - namespace: "{{ tanzu_security.namespace }}" -spec: - secretName: ca-keypair - commonName: ca - isCA: true - issuerRef: - name: self - kind: ClusterIssuer -{% else %} ---- -apiVersion: v1 -kind: Secret -metadata: - name: ca-keypair - namespace: "{{ tanzu_security.namespace }}" -data: - tls.crt: "{{ tanzu_security.ca.tls_root_ca_cert }}" - tls.key: "{{ tanzu_security.ca.tls_root_ca_key }}" -{% endif %} --- apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer diff --git a/roles/components/core/security/templates/job-deliver-ca.yaml.j2 b/roles/components/core/security/templates/job-deliver-ca.yaml.j2 index d4fd219..872e892 100644 --- a/roles/components/core/security/templates/job-deliver-ca.yaml.j2 +++ b/roles/components/core/security/templates/job-deliver-ca.yaml.j2 @@ -12,7 +12,7 @@ data: set -eux # first ensure the ca certificate exists in the kubernetes pki directory - if [[ `cat /tmp/tanzu-ca/ca.crt` == "" ]]; then + if [[ $(cat /tmp/tanzu-ca/ca.crt) == "" ]]; then echo "tanzu ca cert is empty" exit 1 fi @@ -58,7 +58,7 @@ data: fi # restart containerd - CONTAINERD_PID=`pgrep -x containerd` + CONTAINERD_PID=$(pgrep -x containerd) if [[ "${CONTAINERD_PID}" != '' ]]; then kill -1 ${CONTAINERD_PID} else @@ -92,7 +92,7 @@ spec: imagePullPolicy: IfNotPresent resources: {{ tanzu_security.default_resources }} containers: - - image: {{ tanzu_security.cert_delivery_job.default.image }}:{{ tanzu_security.cert_delivery_job.default.image_tag }} + - image: "{{ tanzu_security.cert_delivery_job.default.image }}:{{ tanzu_security.cert_delivery_job.default.image_tag }}" name: {{ tanzu_security.cert_delivery_job.resource_name }} command: - "/bin/bash" @@ -131,7 +131,7 @@ spec: - name: system-pki hostPath: path: /etc/pki - type: Directory + type: DirectoryOrCreate - name: system-share hostPath: path: /usr/share @@ -144,4 +144,4 @@ spec: secretName: ca-keypair - name: extra-ca secret: - secretName: root-ca-certs + secretName: extra-root-ca-certs diff --git a/roles/components/core/security/templates/root-ca-certs-extra.yaml.j2 b/roles/components/core/security/templates/root-ca-certs-extra.yaml.j2 new file mode 100644 index 0000000..01d7960 --- /dev/null +++ b/roles/components/core/security/templates/root-ca-certs-extra.yaml.j2 @@ -0,0 +1,11 @@ +# Copyright 2006-2021 VMware, Inc. +# SPDX-License-Identifier: MIT +--- +apiVersion: v1 +kind: Secret +metadata: + name: extra-root-ca-certs + namespace: "{{ tanzu_security.namespace }}" +data: + wildcard-ca.crt: "{{ tanzu_security.wildcard.tls_root_ca_cert | default('') }}" + le-stage-ca.crt: "{{ tanzu_security.letsencrypt_stage.tls_root_ca_cert | default('') }}" diff --git a/roles/components/core/security/templates/secret-root-ca-certs.yaml.j2 b/roles/components/core/security/templates/secret-root-ca-certs.yaml.j2 deleted file mode 100644 index a9dba4c..0000000 --- a/roles/components/core/security/templates/secret-root-ca-certs.yaml.j2 +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2006-2021 VMware, Inc. -# SPDX-License-Identifier: MIT ---- -apiVersion: v1 -kind: Secret -metadata: - name: root-ca-certs - namespace: "{{ tanzu_security.namespace }}" -data: -{% if ("wildcard" in tanzu_security.tls_providers) and (tanzu_security.wildcard.tls_root_ca_cert != "") %} - wildcard-ca.crt: "{{ tanzu_security.wildcard.tls_root_ca_cert }}" -{% endif %} -{% if ("letsencrypt-stage" in tanzu_security.tls_providers) and (tanzu_security.letsencrypt_stage.tls_root_ca_cert != "") %} - le-stage-ca.crt: "{{ tanzu_security.letsencrypt_stage.tls_root_ca_cert }}" -{% endif %} diff --git a/roles/components/core/service-mesh/istio/templates/istio-operator.yaml.j2 b/roles/components/core/service-mesh/istio/templates/istio-operator.yaml.j2 index 2573e78..4400e5e 100644 --- a/roles/components/core/service-mesh/istio/templates/istio-operator.yaml.j2 +++ b/roles/components/core/service-mesh/istio/templates/istio-operator.yaml.j2 @@ -165,7 +165,7 @@ spec: serviceAccountName: {{ tanzu_mesh.operator.service_account }} containers: - name: istio-operator - image: {{ tanzu_mesh.image_repo }}/{{ tanzu_mesh.operator.image }}:{{ tanzu_mesh.image_tag }} + image: "{{ tanzu_mesh.image_repo }}/{{ tanzu_mesh.operator.image }}:{{ tanzu_mesh.image_tag }}" command: - operator - server diff --git a/roles/components/core/storage/templates/app-csi-ephemeral.yaml.j2 b/roles/components/core/storage/templates/app-csi-ephemeral.yaml.j2 index 94ecda0..ee3f2d1 100644 --- a/roles/components/core/storage/templates/app-csi-ephemeral.yaml.j2 +++ b/roles/components/core/storage/templates/app-csi-ephemeral.yaml.j2 @@ -44,7 +44,7 @@ spec: serviceAccountName: {{ tanzu_storage.ephemeral.csi_attacher.resource_name }} containers: - name: csi-attacher - image: {{ tanzu_storage.ephemeral.csi_attacher.image }}:{{ tanzu_storage.ephemeral.csi_attacher.image_tag }} + image: "{{ tanzu_storage.ephemeral.csi_attacher.image }}:{{ tanzu_storage.ephemeral.csi_attacher.image_tag }}" args: - --v=5 - --csi-address=/csi/csi.sock @@ -124,7 +124,7 @@ spec: - mountPath: /csi-data-dir name: csi-data-dir - name: hostpath - image: {{ tanzu_storage.ephemeral.csi_plugin.image }}:{{ tanzu_storage.ephemeral.csi_plugin.image_tag }} + image: "{{ tanzu_storage.ephemeral.csi_plugin.image }}:{{ tanzu_storage.ephemeral.csi_plugin.image_tag }}" args: - "--drivername=hostpath.csi.k8s.io" - "--v=5" @@ -246,7 +246,7 @@ spec: serviceAccountName: {{ tanzu_storage.ephemeral.csi_provisioner.resource_name }} containers: - name: csi-provisioner - image: {{ tanzu_storage.ephemeral.csi_provisioner.image }}:{{ tanzu_storage.ephemeral.csi_provisioner.image_tag }} + image: "{{ tanzu_storage.ephemeral.csi_provisioner.image }}:{{ tanzu_storage.ephemeral.csi_provisioner.image_tag }}" args: - -v=5 - --csi-address=/csi/csi.sock @@ -309,7 +309,7 @@ spec: serviceAccountName: {{ tanzu_storage.ephemeral.csi_resizer.resource_name }} containers: - name: csi-resizer - image: {{ tanzu_storage.ephemeral.csi_resizer.image }}:{{ tanzu_storage.ephemeral.csi_resizer.image_tag }} + image: "{{ tanzu_storage.ephemeral.csi_resizer.image }}:{{ tanzu_storage.ephemeral.csi_resizer.image_tag }}" args: - -v=5 - -csi-address=/csi/csi.sock @@ -371,7 +371,7 @@ spec: serviceAccount: {{ tanzu_storage.ephemeral.csi_snapshotter.resource_name }} containers: - name: csi-snapshotter - image: {{ tanzu_storage.ephemeral.csi_snapshotter.image }}:{{ tanzu_storage.ephemeral.csi_snapshotter.image_tag }} + image: "{{ tanzu_storage.ephemeral.csi_snapshotter.image }}:{{ tanzu_storage.ephemeral.csi_snapshotter.image_tag }}" args: - -v=5 - --csi-address=/csi/csi.sock diff --git a/roles/components/core/storage/templates/app-snapshot-controller.yaml.j2 b/roles/components/core/storage/templates/app-snapshot-controller.yaml.j2 index 67bdf18..ef3b219 100644 --- a/roles/components/core/storage/templates/app-snapshot-controller.yaml.j2 +++ b/roles/components/core/storage/templates/app-snapshot-controller.yaml.j2 @@ -22,7 +22,7 @@ spec: serviceAccount: {{ tanzu_storage.ephemeral.csi_snapshot_controller.resource_name }} containers: - name: {{ tanzu_storage.ephemeral.csi_snapshot_controller.resource_name }} - image: {{ tanzu_storage.ephemeral.csi_snapshot_controller.image }}:{{ tanzu_storage.ephemeral.csi_snapshot_controller.image_tag }} + image: "{{ tanzu_storage.ephemeral.csi_snapshot_controller.image }}:{{ tanzu_storage.ephemeral.csi_snapshot_controller.image_tag }}" args: - "--v=5" - "--leader-election=false" diff --git a/roles/components/core/workload-tenancy/templates/app-namespace-operator.yaml.j2 b/roles/components/core/workload-tenancy/templates/app-namespace-operator.yaml.j2 index 273b877..9f551d9 100644 --- a/roles/components/core/workload-tenancy/templates/app-namespace-operator.yaml.j2 +++ b/roles/components/core/workload-tenancy/templates/app-namespace-operator.yaml.j2 @@ -22,7 +22,7 @@ spec: serviceAccountName: {{ tanzu_workload_tenancy.namespace_operator.service_account }} containers: - name: {{ tanzu_workload_tenancy.namespace_operator.app_name }} - image: {{ tanzu_workload_tenancy.namespace_operator.image }}:{{ tanzu_workload_tenancy.namespace_operator.image_tag }} + image: "{{ tanzu_workload_tenancy.namespace_operator.image }}:{{ tanzu_workload_tenancy.namespace_operator.image_tag }}" resources: {{ tanzu_workload_tenancy.namespace_operator.resources }} securityContext: runAsNonRoot: true diff --git a/roles/components/extensions/spring-cloud-data-flow/templates/app-skipper.yaml.j2 b/roles/components/extensions/spring-cloud-data-flow/templates/app-skipper.yaml.j2 index 3634486..77704e5 100644 --- a/roles/components/extensions/spring-cloud-data-flow/templates/app-skipper.yaml.j2 +++ b/roles/components/extensions/spring-cloud-data-flow/templates/app-skipper.yaml.j2 @@ -203,7 +203,7 @@ spec: - name: SPRING_CLOUD_KUBERNETES_SECRETS_PATHS value: /workspace/runtime/secrets # image: registry.pivotal.io/p-scdf-for-kubernetes/spring-cloud-skipper-server@sha256:1aedd8dcf185ca50788208e063a47332ffa5afd7ef5d114c2a8a4d697544d416 - image: {{ tanzu_container_registry.core.dns +'/'+ tanzu_spring_cloud_data_flow.registry.project.project_name + '/spring-cloud-skipper-server:' + tanzu_spring_cloud_data_flow.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns +'/'+ tanzu_spring_cloud_data_flow.registry.project.project_name + '/spring-cloud-skipper-server:' + tanzu_spring_cloud_data_flow.registry.destination_tag }}" imagePullPolicy: Always livenessProbe: httpGet: diff --git a/roles/components/extensions/spring-cloud-data-flow/templates/app-spring-cloud-data-flow.yaml.j2 b/roles/components/extensions/spring-cloud-data-flow/templates/app-spring-cloud-data-flow.yaml.j2 index c922666..a5acf23 100644 --- a/roles/components/extensions/spring-cloud-data-flow/templates/app-spring-cloud-data-flow.yaml.j2 +++ b/roles/components/extensions/spring-cloud-data-flow/templates/app-spring-cloud-data-flow.yaml.j2 @@ -228,7 +228,7 @@ spec: - name: SPRING_CLOUD_KUBERNETES_SECRETS_PATHS value: /workspace/runtime/secrets # image: registry.pivotal.io/p-scdf-for-kubernetes/spring-cloud-dataflow-pro-server@sha256:fba425ef984e600dd4278e2013fae8a51cf0be4089c405cc6c06245871305089 - image: {{ tanzu_container_registry.core.dns +'/'+ tanzu_spring_cloud_data_flow.registry.project.project_name + '/spring-cloud-dataflow-pro-server:' + tanzu_spring_cloud_data_flow.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns +'/'+ tanzu_spring_cloud_data_flow.registry.project.project_name + '/spring-cloud-dataflow-pro-server:' + tanzu_spring_cloud_data_flow.registry.destination_tag }}" livenessProbe: httpGet: path: /management/health diff --git a/roles/components/extensions/spring-cloud-gateway/templates/spring-cloud-gateway-deployment.yaml.j2 b/roles/components/extensions/spring-cloud-gateway/templates/spring-cloud-gateway-deployment.yaml.j2 index 5cb1199..c40874c 100644 --- a/roles/components/extensions/spring-cloud-gateway/templates/spring-cloud-gateway-deployment.yaml.j2 +++ b/roles/components/extensions/spring-cloud-gateway/templates/spring-cloud-gateway-deployment.yaml.j2 @@ -25,7 +25,7 @@ spec: - name: harborsecrets containers: - name: scg-reconciler - image: {{ tanzu_container_registry.core.dns +'/'+ tanzu_spring_cloud_gateway.registry.project.project_name + '/scg-reconciler:' + tanzu_spring_cloud_gateway.registry.destination_tag }} ##dev.registry.pivotal.io/spring-cloud-gateway/scg-reconciler + image: "{{ tanzu_container_registry.core.dns +'/'+ tanzu_spring_cloud_gateway.registry.project.project_name + '/scg-reconciler:' + tanzu_spring_cloud_gateway.registry.destination_tag }} ##dev.registry.pivotal.io/spring-cloud-gateway/scg-reconciler" env: - name: gateway.image.name value: {{ tanzu_container_registry.core.dns +'/'+ tanzu_spring_cloud_gateway.registry.project.project_name + '/gateway:' + tanzu_spring_cloud_gateway.registry.destination_tag }} ##dev.registry.pivotal.io/spring-cloud-gateway/gateway diff --git a/roles/components/extensions/tanzu-build-service/templates/buildservice-pod-webhook.yaml.j2 b/roles/components/extensions/tanzu-build-service/templates/buildservice-pod-webhook.yaml.j2 index f149dcf..3c08f63 100644 --- a/roles/components/extensions/tanzu-build-service/templates/buildservice-pod-webhook.yaml.j2 +++ b/roles/components/extensions/tanzu-build-service/templates/buildservice-pod-webhook.yaml.j2 @@ -58,7 +58,7 @@ metadata: rpk.module : "{{ tanzu_build_service.module }}" rpk.resource: "build-service-configmap" data: - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/setup-ca-certs:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/setup-ca-certs:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration @@ -110,7 +110,7 @@ spec: serviceAccountName: cert-injection-webhook-sa containers: - name: server - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/pod-webhook:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/pod-webhook:' + tanzu_build_service.registry.destination_tag }}" imagePullPolicy: Always args: - -- diff --git a/roles/components/extensions/tanzu-build-service/templates/buildservice-secret-syncer.yaml.j2 b/roles/components/extensions/tanzu-build-service/templates/buildservice-secret-syncer.yaml.j2 index 07cb4a6..0660b92 100644 --- a/roles/components/extensions/tanzu-build-service/templates/buildservice-secret-syncer.yaml.j2 +++ b/roles/components/extensions/tanzu-build-service/templates/buildservice-secret-syncer.yaml.j2 @@ -27,7 +27,7 @@ spec: - name: canonical-registry-secret containers: - name: server - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/secret-syncer:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/secret-syncer:' + tanzu_build_service.registry.destination_tag }}" imagePullPolicy: Always env: - name: SECRET_SYNCER_NAMESPACE diff --git a/roles/components/extensions/tanzu-build-service/templates/buildservice-smart-warmer.yaml.j2 b/roles/components/extensions/tanzu-build-service/templates/buildservice-smart-warmer.yaml.j2 index 2b963c0..ec26b78 100644 --- a/roles/components/extensions/tanzu-build-service/templates/buildservice-smart-warmer.yaml.j2 +++ b/roles/components/extensions/tanzu-build-service/templates/buildservice-smart-warmer.yaml.j2 @@ -9,7 +9,7 @@ metadata: rpk.heritage: "true" rpk.module : "{{ tanzu_build_service.module }}" data: - image: {{ tanzu_container_registry.core.dns +'/'+ tanzu_build_service.registry.project.project_name + '/sleeper:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns +'/'+ tanzu_build_service.registry.project.project_name + '/sleeper:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: apps/v1 kind: Deployment @@ -74,7 +74,7 @@ spec: kubernetes.io/os: linux initContainers: - name: sleeper - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/sleeper:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/sleeper:' + tanzu_build_service.registry.destination_tag }}" args: - -- - sleeper @@ -91,7 +91,7 @@ spec: cpu: 1m containers: - name: completion - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/kpack-completion:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/kpack-completion:' + tanzu_build_service.registry.destination_tag }}" command: - /drop/sleeper args: @@ -106,7 +106,7 @@ spec: cpu: 1m imagePullPolicy: Always - name: rebase - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/kpack-rebase:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/kpack-rebase:' + tanzu_build_service.registry.destination_tag }}" command: - /drop/sleeper args: @@ -121,7 +121,7 @@ spec: cpu: 1m imagePullPolicy: Always - name: build-init - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/kpack-build-init:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/kpack-build-init:' + tanzu_build_service.registry.destination_tag }}" command: - /drop/sleeper args: @@ -136,7 +136,7 @@ spec: cpu: 1m imagePullPolicy: Always - name: setup-ca-certs - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/setup-ca-certs:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/setup-ca-certs:' + tanzu_build_service.registry.destination_tag }}" command: - /drop/sleeper args: @@ -151,7 +151,7 @@ spec: cpu: 1m imagePullPolicy: Always - name: stackify - image: {{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/stackify:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/' + tanzu_build_service.registry.project.project_name + '/stackify:' + tanzu_build_service.registry.destination_tag }}" command: - /drop/sleeper args: diff --git a/roles/components/extensions/tanzu-build-service/templates/cluster-stack.yaml.j2 b/roles/components/extensions/tanzu-build-service/templates/cluster-stack.yaml.j2 index 0795f92..727e191 100644 --- a/roles/components/extensions/tanzu-build-service/templates/cluster-stack.yaml.j2 +++ b/roles/components/extensions/tanzu-build-service/templates/cluster-stack.yaml.j2 @@ -8,6 +8,6 @@ metadata: spec: id: "io.buildpacks.stacks.bionic" buildImage: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/build-full:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/build-full:' + tanzu_build_service.registry.destination_tag }}" runImage: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/run-full:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/run-full:' + tanzu_build_service.registry.destination_tag }}" diff --git a/roles/components/extensions/tanzu-build-service/templates/cluster-store.yaml.j2 b/roles/components/extensions/tanzu-build-service/templates/cluster-store.yaml.j2 index 9bd6a3d..58b7730 100644 --- a/roles/components/extensions/tanzu-build-service/templates/cluster-store.yaml.j2 +++ b/roles/components/extensions/tanzu-build-service/templates/cluster-store.yaml.j2 @@ -6,4 +6,4 @@ metadata: name: {{ tanzu_build_service.demo.store.name }} spec: sources: - - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name +'/nodejs:'+ tanzu_build_service.registry.destination_tag }} + - image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name +'/nodejs:'+ tanzu_build_service.registry.destination_tag }}" diff --git a/roles/components/extensions/tanzu-build-service/templates/kpack-release.yaml.j2 b/roles/components/extensions/tanzu-build-service/templates/kpack-release.yaml.j2 index efcda17..ab6e107 100644 --- a/roles/components/extensions/tanzu-build-service/templates/kpack-release.yaml.j2 +++ b/roles/components/extensions/tanzu-build-service/templates/kpack-release.yaml.j2 @@ -49,7 +49,7 @@ metadata: rpk.module : "{{ tanzu_build_service.module }}" app.kubernetes.io/name: "{{ tanzu_build_service.module }}" data: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-build-init:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-build-init:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: v1 kind: ConfigMap @@ -61,7 +61,7 @@ metadata: rpk.module : "{{ tanzu_build_service.module }}" app.kubernetes.io/name: "{{ tanzu_build_service.module }}" data: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-build-init-windows:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-build-init-windows:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: v1 kind: ConfigMap @@ -73,7 +73,7 @@ metadata: rpk.module : "{{ tanzu_build_service.module }}" app.kubernetes.io/name: "{{ tanzu_build_service.module }}" data: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-rebase:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-rebase:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: v1 kind: ConfigMap @@ -85,7 +85,7 @@ metadata: rpk.module : "{{ tanzu_build_service.module }}" app.kubernetes.io/name: "{{ tanzu_build_service.module }}" data: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-lifecycle:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-lifecycle:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: v1 kind: ConfigMap @@ -97,7 +97,7 @@ metadata: rpk.module : "{{ tanzu_build_service.module }}" app.kubernetes.io/name: "{{ tanzu_build_service.module }}" data: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-completion:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-completion:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: v1 kind: ConfigMap @@ -109,7 +109,7 @@ metadata: rpk.module : "{{ tanzu_build_service.module }}" app.kubernetes.io/name: "{{ tanzu_build_service.module }}" data: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-completion-windows:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-completion-windows:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: v1 kind: Service @@ -158,7 +158,7 @@ spec: {{ item }} {% endfor %} - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/setup-ca-certs:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/setup-ca-certs:' + tanzu_build_service.registry.destination_tag }}" imagePullPolicy: IfNotPresent name: setup-ca-certs volumeMounts: @@ -168,7 +168,7 @@ spec: containers: - name: controller - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-controller:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-controller:' + tanzu_build_service.registry.destination_tag }}" env: - name: CONFIG_LOGGING_NAME value: config-logging @@ -261,7 +261,7 @@ spec: kubernetes.io/os: linux containers: - name: webhook - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-webhook:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/kpack-webhook:' + tanzu_build_service.registry.destination_tag }}" ports: - name: https-webhook containerPort: 8443 diff --git a/roles/components/extensions/tanzu-build-service/templates/stack-operator-release.yaml.j2 b/roles/components/extensions/tanzu-build-service/templates/stack-operator-release.yaml.j2 index 0592b8d..a24d1be 100644 --- a/roles/components/extensions/tanzu-build-service/templates/stack-operator-release.yaml.j2 +++ b/roles/components/extensions/tanzu-build-service/templates/stack-operator-release.yaml.j2 @@ -241,7 +241,7 @@ metadata: name: stackify-image namespace: {{ tanzu_build_service.namespace_stack_operator_system }} data: - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/stackify:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/stackify:' + tanzu_build_service.registry.destination_tag }}" --- apiVersion: v1 @@ -310,7 +310,7 @@ spec: name: stackify-image - name: REBUILD_INTERVAL value: 24h - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/stacks-operator-controller:' + tanzu_build_service.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_build_service.registry.project.project_name + '/stacks-operator-controller:' + tanzu_build_service.registry.destination_tag }}" name: manager resources: limits: diff --git a/roles/components/extensions/tanzu-observability/templates/app-wavefront.yaml.j2 b/roles/components/extensions/tanzu-observability/templates/app-wavefront.yaml.j2 index 90abb47..f7ce96e 100644 --- a/roles/components/extensions/tanzu-observability/templates/app-wavefront.yaml.j2 +++ b/roles/components/extensions/tanzu-observability/templates/app-wavefront.yaml.j2 @@ -279,7 +279,7 @@ spec: serviceAccountName: wavefront-collector containers: - name: wavefront-collector - image: {{ tanzu_observability.collector.image }}:{{ tanzu_observability.collector.image_tag }} + image: "{{ tanzu_observability.collector.image }}:{{ tanzu_observability.collector.image_tag }}" imagePullPolicy: IfNotPresent command: - /wavefront-collector @@ -350,7 +350,7 @@ spec: spec: containers: - name: wavefront-proxy - image: {{ tanzu_observability.proxy.image }}:{{ tanzu_observability.proxy.image_tag }} + image: "{{ tanzu_observability.proxy.image }}:{{ tanzu_observability.proxy.image_tag }}" imagePullPolicy: IfNotPresent env: - name: WAVEFRONT_URL diff --git a/roles/components/extensions/tanzu-service-mesh/templates/tanzu-service-mesh-operator-deployment.yaml.j2 b/roles/components/extensions/tanzu-service-mesh/templates/tanzu-service-mesh-operator-deployment.yaml.j2 index 704e069..9c92009 100644 --- a/roles/components/extensions/tanzu-service-mesh/templates/tanzu-service-mesh-operator-deployment.yaml.j2 +++ b/roles/components/extensions/tanzu-service-mesh/templates/tanzu-service-mesh-operator-deployment.yaml.j2 @@ -239,7 +239,7 @@ spec: containers: - name: operator-ecr-read-only--renew-token # Image in public repo. See ticket AS-1019 - image: {{ tanzu_service_mesh.images.operator_ecr.image }}:{{ tanzu_service_mesh.images.operator_ecr.image_tag }} + image: "{{ tanzu_service_mesh.images.operator_ecr.image }}:{{ tanzu_service_mesh.images.operator_ecr.image_tag }}" # imagePullPolicy: Always imagePullPolicy: IfNotPresent env: @@ -295,7 +295,7 @@ spec: serviceAccountName: operator-ecr-read-only--service-account containers: - name: operator-ecr-read-only--renew-token - image: {{ tanzu_service_mesh.images.operator_ecr.image }}:{{ tanzu_service_mesh.images.operator_ecr.image_tag }} + image: "{{ tanzu_service_mesh.images.operator_ecr.image }}:{{ tanzu_service_mesh.images.operator_ecr.image_tag }}" # imagePullPolicy: Always imagePullPolicy: IfNotPresent env: diff --git a/roles/components/extensions/tanzu-sql/templates/tanzu-sql-release.yaml.j2 b/roles/components/extensions/tanzu-sql/templates/tanzu-sql-release.yaml.j2 index a79731c..9c522b7 100644 --- a/roles/components/extensions/tanzu-sql/templates/tanzu-sql-release.yaml.j2 +++ b/roles/components/extensions/tanzu-sql/templates/tanzu-sql-release.yaml.j2 @@ -141,7 +141,7 @@ spec: serviceAccountName: postgres-operator-service-account containers: - name: postgres-operator - image: {{ tanzu_container_registry.core.dns + '/'+ tanzu_sql.registry.project.project_name + '/postgres-operator:' + tanzu_sql.registry.destination_tag }} + image: "{{ tanzu_container_registry.core.dns + '/'+ tanzu_sql.registry.project.project_name + '/postgres-operator:' + tanzu_sql.registry.destination_tag }}" command: ["./manager", "--webhook-cert-directory", "/tmp/postgres-operator-webhook-server-cert-secret"] imagePullPolicy: IfNotPresent env: