From a76cbc658b568d09aba7d147417651c6603ec901 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 18 Dec 2025 19:36:46 +0530 Subject: [PATCH 01/77] [patch] add support to additional-infrastructure on gitops --- .../instance1/ibm-mas-instance-base.yaml | 14 +++++++++- .../07-additional-infrastructure-cr.yaml | 27 +++++++++++++++++++ .../templates/550-ibm-mas-addons-config.yaml | 11 +++++++- 3 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index 86d09dd2a..130c1889b 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -8,7 +8,7 @@ region: cluster: id: cluster1 - url: https://api.cluster1.cakv.p3.openshiftapps.com:443 + url: https://api.cluster1.example.com:6443 instance: id: instance1 @@ -16,3 +16,15 @@ instance: sm: aws_access_key_id: "" aws_secret_access_key: "" + +mas_wipe_mongo_data: false + +# Additional Infrastructure Configuration Example +additional_infrastructure: true +additional_infrastructure_instances: + - name: "instance1" + cost: 200 + reasonCode: "rc1" + - name: "instance2" + cost: 300 + reasonCode: "rc2" diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml new file mode 100644 index 000000000..27d0c3201 --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -0,0 +1,27 @@ +{{- if eq .Values.additional_infrastructure true }} +--- +apiVersion: addons.mas.ibm.com/v1 +kind: GenericAddon +metadata: + name: "{{ .Values.instance_id }}-addons-additional-infrastructure" + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "557" + labels: + mas.ibm.com/configScope: system + mas.ibm.com/instanceId: {{ .Values.instance_id }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + displayName: "{{ .Values.instance_id }}-AdditionalInfrastructure" + addonType: additional-infrastructure + config: + addonIdentifier: {{ .Values.instance_id }} + instances: +{{- range .Values.additional_infrastructure_instances }} + - name: {{ .name }} + cost: {{ .cost }} + reasonCode: {{ .reasonCode }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index 0ebe136be..52ee6e527 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -1,4 +1,4 @@ -{{ if or (not (empty .Values.allow_list)) (.Values.enhanced_dr) (.Values.extensions) (.Values.additional_vpn) (not (empty .Values.ibm_db2u_databases)) (.Values.cluster_nonshared) }} +{{ if or (not (empty .Values.allow_list)) (.Values.enhanced_dr) (.Values.extensions) (.Values.additional_vpn) (.Values.additional_infrastructure) (not (empty .Values.ibm_db2u_databases)) (.Values.cluster_nonshared) }} --- # IBM Maximo Operator Catalog apiVersion: argoproj.io/v1alpha1 @@ -43,6 +43,15 @@ spec: extensions: {{ .Values.extensions }} additional_vpn: {{ .Values.additional_vpn }} cluster_nonshared: {{ .Values.cluster_nonshared }} + additional_infrastructure: {{ .Values.additional_infrastructure }} + {{- if .Values.additional_infrastructure_instances }} + additional_infrastructure_instances: + {{- range .Values.additional_infrastructure_instances }} + - name: "{{ .name }}" + cost: {{ .cost }} + reasonCode: "{{ .reasonCode }}" + {{- end }} + {{- end }} databases: {{- range $val := .Values.ibm_db2u_databases }} {{- if and (contains "sdb" $val.db2_instance_name) ($val.replica_db) }} From 422fee1e3a0a4bc396bafeb3ef5ebc0729f88dc5 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 18 Dec 2025 19:42:02 +0530 Subject: [PATCH 02/77] [patch] update ibm-mas-instance-base.yml --- .../dev/cluster1/instance1/ibm-mas-instance-base.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index 130c1889b..cd0ad32e9 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -8,7 +8,7 @@ region: cluster: id: cluster1 - url: https://api.cluster1.example.com:6443 + url: https://api.cluster1.cakv.p3.openshiftapps.com:443 instance: id: instance1 @@ -17,8 +17,6 @@ sm: aws_access_key_id: "" aws_secret_access_key: "" -mas_wipe_mongo_data: false - # Additional Infrastructure Configuration Example additional_infrastructure: true additional_infrastructure_instances: From 86e047157eb07731edb53323aa4f2e22bf391669 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 22 Dec 2025 12:31:09 +0530 Subject: [PATCH 03/77] [patch] update example in ibm-mas-instance-base.yml --- .../instance1/ibm-mas-instance-base.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index cd0ad32e9..fcdd1c3ea 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -18,11 +18,12 @@ sm: aws_secret_access_key: "" # Additional Infrastructure Configuration Example -additional_infrastructure: true -additional_infrastructure_instances: - - name: "instance1" - cost: 200 - reasonCode: "rc1" - - name: "instance2" - cost: 300 - reasonCode: "rc2" +additional_infrastructure: + install: true + instances: + - name: "instance-name-1" + cost: 100 + reasonCode: "REASON_CODE_1" + - name: "instance-name-2" + cost: 250 + reasonCode: "REASON_CODE_2" From 8fe5bd5199e8938cf07c51982202ed2b366fe5dd Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 22 Dec 2025 16:10:46 +0530 Subject: [PATCH 04/77] [patch] update instance-base.yml --- .../dev/cluster1/instance1/ibm-mas-instance-base.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index fcdd1c3ea..f257d90b0 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -21,9 +21,9 @@ sm: additional_infrastructure: install: true instances: - - name: "instance-name-1" + - name: instance-name-1 cost: 100 - reasonCode: "REASON_CODE_1" - - name: "instance-name-2" + reasonCode: REASON_CODE_1 + - name: instance-name-2 cost: 250 - reasonCode: "REASON_CODE_2" + reasonCode: REASON_CODE_2 From e362fbc82f3c8b64422e9ea98a3dbb1e8e48e62e Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 23 Dec 2025 12:22:17 +0530 Subject: [PATCH 05/77] [patch] update cr for additional infrastructure --- .../templates/07-additional-infrastructure-cr.yaml | 4 ++-- .../templates/550-ibm-mas-addons-config.yaml | 10 ++-------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 27d0c3201..3a24be024 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.additional_infrastructure true }} +{{- if eq .Values.additional_infrastructure.install true }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -19,7 +19,7 @@ spec: config: addonIdentifier: {{ .Values.instance_id }} instances: -{{- range .Values.additional_infrastructure_instances }} +{{- range .Values.additional_infrastructure.instances }} - name: {{ .name }} cost: {{ .cost }} reasonCode: {{ .reasonCode }} diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index 52ee6e527..dd3882fec 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -43,14 +43,8 @@ spec: extensions: {{ .Values.extensions }} additional_vpn: {{ .Values.additional_vpn }} cluster_nonshared: {{ .Values.cluster_nonshared }} - additional_infrastructure: {{ .Values.additional_infrastructure }} - {{- if .Values.additional_infrastructure_instances }} - additional_infrastructure_instances: - {{- range .Values.additional_infrastructure_instances }} - - name: "{{ .name }}" - cost: {{ .cost }} - reasonCode: "{{ .reasonCode }}" - {{- end }} + {{- if .Values.additional_infrastructure }} + additional_infrastructure: {{ .Values.additional_infrastructure | toYaml | nindent 14 }} {{- end }} databases: {{- range $val := .Values.ibm_db2u_databases }} From f732c0904ad029981fef32c95853ae010d8f5d46 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 29 Dec 2025 12:01:17 +0530 Subject: [PATCH 06/77] [patch] update template to uninstall add-on --- .../templates/07-additional-infrastructure-cr.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 3a24be024..b8476cc43 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.additional_infrastructure.install true }} +{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -18,10 +18,12 @@ spec: addonType: additional-infrastructure config: addonIdentifier: {{ .Values.instance_id }} +{{- if .Values.additional_infrastructure.instances }} instances: {{- range .Values.additional_infrastructure.instances }} - name: {{ .name }} cost: {{ .cost }} reasonCode: {{ .reasonCode }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file From ccfe9829f4838d324e4500e01c280279e0a0c173 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 29 Dec 2025 12:31:42 +0530 Subject: [PATCH 07/77] [patch] assign default value to instances --- .../templates/07-additional-infrastructure-cr.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index b8476cc43..c178009e9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -18,12 +18,14 @@ spec: addonType: additional-infrastructure config: addonIdentifier: {{ .Values.instance_id }} -{{- if .Values.additional_infrastructure.instances }} instances: +{{- if .Values.additional_infrastructure.instances }} {{- range .Values.additional_infrastructure.instances }} - name: {{ .name }} cost: {{ .cost }} reasonCode: {{ .reasonCode }} {{- end }} +{{- else }} + [] {{- end }} {{- end }} \ No newline at end of file From 8dda6045a42dcf38fe403cecb47ab86d4778da91 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 29 Dec 2025 13:09:06 +0530 Subject: [PATCH 08/77] [patch] update template to handle uninstall case --- .../templates/07-additional-infrastructure-cr.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index c178009e9..1d6daad8d 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} +{{- if .Values.additional_infrastructure }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -7,12 +7,16 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "557" +{{- if eq .Values.additional_infrastructure.install false }} + argocd.argoproj.io/sync-options: Delete=true +{{- end }} labels: mas.ibm.com/configScope: system mas.ibm.com/instanceId: {{ .Values.instance_id }} {{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} +{{- if eq .Values.additional_infrastructure.install true }} spec: displayName: "{{ .Values.instance_id }}-AdditionalInfrastructure" addonType: additional-infrastructure @@ -28,4 +32,5 @@ spec: {{- else }} [] {{- end }} +{{- end }} {{- end }} \ No newline at end of file From 3757c3a9271d1d777fa489a4ffaad0cc75e5b5ec Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 30 Dec 2025 12:21:21 +0530 Subject: [PATCH 09/77] [patch] add changes to fix uninstall case --- .../templates/07-additional-infrastructure-cr.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 1d6daad8d..c178009e9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,4 +1,4 @@ -{{- if .Values.additional_infrastructure }} +{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -7,16 +7,12 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "557" -{{- if eq .Values.additional_infrastructure.install false }} - argocd.argoproj.io/sync-options: Delete=true -{{- end }} labels: mas.ibm.com/configScope: system mas.ibm.com/instanceId: {{ .Values.instance_id }} {{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} -{{- if eq .Values.additional_infrastructure.install true }} spec: displayName: "{{ .Values.instance_id }}-AdditionalInfrastructure" addonType: additional-infrastructure @@ -32,5 +28,4 @@ spec: {{- else }} [] {{- end }} -{{- end }} {{- end }} \ No newline at end of file From 6ea30dc42fc83048c9565b61a33f4484ba921eb5 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 30 Dec 2025 14:19:08 +0530 Subject: [PATCH 10/77] [patch] add case to delete the CR --- .../07-additional-infrastructure-cr.yaml | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index c178009e9..641e16eba 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,4 +1,5 @@ -{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} +{{- if .Values.additional_infrastructure }} +{{- if eq .Values.additional_infrastructure.install true }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -28,4 +29,22 @@ spec: {{- else }} [] {{- end }} +{{- else }} +--- +# Placeholder to keep application tracking the resource for deletion +# When install: false, ArgoCD will delete the actual CR +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ .Values.instance_id }}-addons-additional-infrastructure-placeholder" + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "557" + argocd.argoproj.io/compare-options: IgnoreExtraneous + labels: + mas.ibm.com/instanceId: {{ .Values.instance_id }} + mas.ibm.com/addon-placeholder: "true" +data: + message: "Placeholder for additional-infrastructure addon deletion tracking" +{{- end }} {{- end }} \ No newline at end of file From 9f34eb6e0cffd2a1b4a8d0a8c91d3e728f62516b Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 30 Dec 2025 15:16:58 +0530 Subject: [PATCH 11/77] [patch] add files to delete addon --- .../07-additional-infrastructure-cr.yaml | 21 +--- ...sync-delete-additional-infrastructure.yaml | 110 ++++++++++++++++++ 2 files changed, 111 insertions(+), 20 deletions(-) create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 641e16eba..c178009e9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,5 +1,4 @@ -{{- if .Values.additional_infrastructure }} -{{- if eq .Values.additional_infrastructure.install true }} +{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -29,22 +28,4 @@ spec: {{- else }} [] {{- end }} -{{- else }} ---- -# Placeholder to keep application tracking the resource for deletion -# When install: false, ArgoCD will delete the actual CR -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ .Values.instance_id }}-addons-additional-infrastructure-placeholder" - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "557" - argocd.argoproj.io/compare-options: IgnoreExtraneous - labels: - mas.ibm.com/instanceId: {{ .Values.instance_id }} - mas.ibm.com/addon-placeholder: "true" -data: - message: "Placeholder for additional-infrastructure addon deletion tracking" -{{- end }} {{- end }} \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml new file mode 100644 index 000000000..425832663 --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml @@ -0,0 +1,110 @@ +{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install false) }} +{{- /* +Reuse the same deletion logic as PostDelete hooks (e.g., mongo-config, jdbc-config) +This runs as PostSync when install: false to delete the CR +*/}} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} +{{- $cr_name := printf "%s-addons-additional-infrastructure" .Values.instance_id }} +{{- $cr_kind := "GenericAddon" }} +{{- $cr_api_version := "addons.mas.ibm.com/v1" }} +{{- $job_name := printf "postsync-delete-cr-job-%s" $cr_name }} +{{- $sa_name := "postdelete-delete-cr-sa" }} +{{- $job_label := "postsync-delete-cr-job" }} +{{- $ns := printf "mas-%s-core" .Values.instance_id }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $job_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/hook: PostSync + argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation + argocd.argoproj.io/sync-wave: "558" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ $job_label }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} + spec: + containers: + - name: run + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + env: + - name: CR_NAMESPACE + value: {{ $ns }} + - name: CR_NAME + value: {{ $cr_name }} + - name: CR_API_VERSION + value: {{ $cr_api_version }} + - name: CR_KIND + value: {{ $cr_kind }} + command: + - /bin/sh + - -c + - | + set -e + + function delete_oc_resource(){ + RESOURCE=$1 + NAMESPACE=$2 + echo + echo "------------------------------------------------------------------" + echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " + + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -z "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE not found, skipping" + return 0 + fi + + echo "oc delete resource $RESOURCE in namespace $NAMESPACE " + + # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) + # so, temporarily set +e + set +e + oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true + return_code=$? + set -e + + echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -n "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE still present, failing job" + exit 1 + fi + + echo "... verified" + return 0 + + } + + delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" + + restartPolicy: Never + serviceAccountName: {{ $sa_name }} + backoffLimit: 4 +{{- end }} From 50e6b43185409353525b2b7f854505ea37e8b1ba Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 30 Dec 2025 19:17:48 +0530 Subject: [PATCH 12/77] [patch] remove prune condition --- ...sync-delete-additional-infrastructure.yaml | 110 ------------------ .../templates/550-ibm-mas-addons-config.yaml | 2 - 2 files changed, 112 deletions(-) delete mode 100644 instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml deleted file mode 100644 index 425832663..000000000 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-postsync-delete-additional-infrastructure.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install false) }} -{{- /* -Reuse the same deletion logic as PostDelete hooks (e.g., mongo-config, jdbc-config) -This runs as PostSync when install: false to delete the CR -*/}} -{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} -{{- $cr_name := printf "%s-addons-additional-infrastructure" .Values.instance_id }} -{{- $cr_kind := "GenericAddon" }} -{{- $cr_api_version := "addons.mas.ibm.com/v1" }} -{{- $job_name := printf "postsync-delete-cr-job-%s" $cr_name }} -{{- $sa_name := "postdelete-delete-cr-sa" }} -{{- $job_label := "postsync-delete-cr-job" }} -{{- $ns := printf "mas-%s-core" .Values.instance_id }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $job_name }} - namespace: {{ $ns }} - annotations: - argocd.argoproj.io/hook: PostSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation - argocd.argoproj.io/sync-wave: "558" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ $job_label }} -{{- if .Values.custom_labels }} -{{ .Values.custom_labels | toYaml | indent 8 }} -{{- end }} - spec: - containers: - - name: run - image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - env: - - name: CR_NAMESPACE - value: {{ $ns }} - - name: CR_NAME - value: {{ $cr_name }} - - name: CR_API_VERSION - value: {{ $cr_api_version }} - - name: CR_KIND - value: {{ $cr_kind }} - command: - - /bin/sh - - -c - - | - set -e - - function delete_oc_resource(){ - RESOURCE=$1 - NAMESPACE=$2 - echo - echo "------------------------------------------------------------------" - echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " - - # don't want a non-zero rc from oc delete to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -z "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE not found, skipping" - return 0 - fi - - echo "oc delete resource $RESOURCE in namespace $NAMESPACE " - - # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) - # so, temporarily set +e - set +e - oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true - return_code=$? - set -e - - echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -n "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE still present, failing job" - exit 1 - fi - - echo "... verified" - return 0 - - } - - delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" - - restartPolicy: Never - serviceAccountName: {{ $sa_name }} - backoffLimit: 4 -{{- end }} diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index dd3882fec..08154b743 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -73,9 +73,7 @@ spec: {{- end }} syncPolicy: automated: - {{- if .Values.auto_delete }} prune: true - {{- end }} selfHeal: true retry: limit: 20 From 7f2c69951bdfbd762c8b24a7b432ee270d14620b Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 2 Jan 2026 19:45:53 +0530 Subject: [PATCH 13/77] [patch] update template to uninstall --- .../07-additional-infrastructure-cr.yaml | 58 ++++++++++++++++++- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index c178009e9..a8be37e19 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,4 +1,10 @@ -{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} +{{- /* +CLI Image Digest - must be updated when CLI version changes +*/}} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} + +{{- if .Values.additional_infrastructure }} +{{- if eq .Values.additional_infrastructure.install true }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -6,7 +12,7 @@ metadata: name: "{{ .Values.instance_id }}-addons-additional-infrastructure" namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/sync-wave: "557" + argocd.argoproj.io/sync-wave: "558" labels: mas.ibm.com/configScope: system mas.ibm.com/instanceId: {{ .Values.instance_id }} @@ -28,4 +34,52 @@ spec: {{- else }} [] {{- end }} +{{- else }} +--- +# Cleanup Job - Deletes GenericAddon when install is set to false +apiVersion: batch/v1 +kind: Job +metadata: + name: "cleanup-{{ .Values.instance_id }}-additional-infrastructure-{{ now | date "20060102-150405" }}" + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/hook: PreSync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + argocd.argoproj.io/sync-wave: "557" + labels: + mas.ibm.com/instanceId: {{ .Values.instance_id }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + ttlSecondsAfterFinished: 300 + backoffLimit: 3 + template: + metadata: + labels: + app: cleanup-additional-infrastructure + spec: + serviceAccountName: argocd-application-controller + restartPolicy: Never + containers: + - name: cleanup + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + command: + - /bin/bash + - -c + - | + set -e + echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" + + if oc get genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core &>/dev/null; then + echo "Found GenericAddon, deleting..." + oc delete genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core --ignore-not-found=true + echo "GenericAddon deleted successfully" + else + echo "GenericAddon not found, nothing to clean up" + fi + + echo "Cleanup complete" +{{- end }} {{- end }} \ No newline at end of file From 092251739511d2821318eeb12863f47515e449ed Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 6 Jan 2026 14:23:36 +0530 Subject: [PATCH 14/77] [patch] did changes for testing --- .../07-additional-infrastructure-cr.yaml | 61 +++++++++++++++++-- 1 file changed, 56 insertions(+), 5 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index a8be37e19..04b62765e 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -4,7 +4,7 @@ CLI Image Digest - must be updated when CLI version changes {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} {{- if .Values.additional_infrastructure }} -{{- if eq .Values.additional_infrastructure.install true }} +{{- if eq .Values.additional_infrastructure.install "true" }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -12,7 +12,7 @@ metadata: name: "{{ .Values.instance_id }}-addons-additional-infrastructure" namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/sync-wave: "558" + argocd.argoproj.io/sync-wave: "557" labels: mas.ibm.com/configScope: system mas.ibm.com/instanceId: {{ .Values.instance_id }} @@ -35,19 +35,70 @@ spec: [] {{- end }} {{- else }} + +{{- /* +Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. +*/}} +{{- $_job_name_prefix := "cleanup-additional-infrastructure" }} + +{{- /* +A dict of values that influence the behaviour of the job in some way. +Any changes to values in this dict will trigger a rerun of the job. +Since jobs must be idemopotent, it's generally safe to pass in values here that are not +strictly necessary (i.e. including some values that don't actually influence job behaviour). +We may want to refine this further though for jobs that can take a long time to complete. +Included in $_job_hash (see below). +*/}} +{{- $_job_config_values := omit .Values "junitreporter" }} + +{{- /* +Increment this value whenever you make a change to an immutable field of the Job resource. +E.g. passing in a new environment variable. +Included in $_job_hash (see below). +*/}} +{{- $_job_version := "v1" }} + +{{- /* +10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest +This is to ensure ArgoCD will create a new job resource intead of attempting (and failing) to update an +immutable field of any existing Job resource. +*/}} +{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} + +{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} + +{{- /* +Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. + +When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label +to identify old Job resources that should be pruned on behalf of ArgoCD. + +Any Job resources in the same namespace that have the mas.ibm.com/job-cleanup-group with this value +will be considered to belong to the same cleanup group. All but the most recent (i.e. with the latest "creation_timestamp") +Jobs will be automatically deleted. + +$_job_cleanup_group can usually just be based on $_job_name_prefix. There are some special cases +where multiple Jobs are created in our templates using a Helm loop. In those cases, additional descriminators +must be added to $_job_cleanup_group. + +By convention, we sha1sum this value to guarantee we never exceed the 63 char limit regardless of which discriminators +are required here. + +*/}} +{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} + --- # Cleanup Job - Deletes GenericAddon when install is set to false apiVersion: batch/v1 kind: Job metadata: - name: "cleanup-{{ .Values.instance_id }}-additional-infrastructure-{{ now | date "20060102-150405" }}" + name: {{ $_job_name }} namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation argocd.argoproj.io/sync-wave: "557" labels: mas.ibm.com/instanceId: {{ .Values.instance_id }} + mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} {{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} From 9d2d4026f5dc6e655ee64b5fc61c759a18ad1dbd Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 6 Jan 2026 16:13:11 +0530 Subject: [PATCH 15/77] [patch] update template --- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 04b62765e..5e30b5f98 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -4,7 +4,7 @@ CLI Image Digest - must be updated when CLI version changes {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} {{- if .Values.additional_infrastructure }} -{{- if eq .Values.additional_infrastructure.install "true" }} +{{- if or (eq .Values.additional_infrastructure.install true) (eq .Values.additional_infrastructure.install "true") }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon From c8008c8df9f5c3c420352f1285135ce74d2efb83 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 6 Jan 2026 19:06:29 +0530 Subject: [PATCH 16/77] [patch] update template --- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 5e30b5f98..95f7e29ac 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -4,7 +4,7 @@ CLI Image Digest - must be updated when CLI version changes {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} {{- if .Values.additional_infrastructure }} -{{- if or (eq .Values.additional_infrastructure.install true) (eq .Values.additional_infrastructure.install "true") }} +{{- if eq .Values.additional_infrastructure.install true }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon From 2cb3bace80af6c48cb115c65e25899ee1e4b2833 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 Jan 2026 10:30:58 -0500 Subject: [PATCH 17/77] [patch] add service account for addon cleanup --- .../templates/00-rbac.yaml | 53 +++++++++++++++++++ .../07-additional-infrastructure-cr.yaml | 2 +- 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml new file mode 100644 index 000000000..b0ab908b1 --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -0,0 +1,53 @@ +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: addon-cleaner-sa + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "00" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: addon-cleaner-role + annotations: + argocd.argoproj.io/sync-wave: "00" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +rules: + - verbs: + - get + - list + - delete + apiGroups: + - addons.mas.ibm.com + resources: + - genericaddons + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: addon-cleaner-rb + annotations: + argocd.argoproj.io/sync-wave: "002" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: addon-cleaner-sa + namespace: mas-{{ .Values.instance_id }}-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: addon-cleaner-role diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 95f7e29ac..f4359de33 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -110,7 +110,7 @@ spec: labels: app: cleanup-additional-infrastructure spec: - serviceAccountName: argocd-application-controller + serviceAccountName: addon-cleaner-sa restartPolicy: Never containers: - name: cleanup From 1e40c07dcf1f8ff81c2a821ac2024bd3dbdd9bfd Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 Jan 2026 10:33:03 -0500 Subject: [PATCH 18/77] [patch] change naming --- .../550-ibm-mas-addons-config/templates/00-rbac.yaml | 10 +++++----- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index b0ab908b1..beb250dfd 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -2,7 +2,7 @@ kind: ServiceAccount apiVersion: v1 metadata: - name: addon-cleaner-sa + name: addon-cleanup-sa namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "00" @@ -15,7 +15,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: addon-cleaner-role + name: addon-cleanup-role annotations: argocd.argoproj.io/sync-wave: "00" {{- if .Values.custom_labels }} @@ -36,7 +36,7 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: addon-cleaner-rb + name: addon-cleanup-rb annotations: argocd.argoproj.io/sync-wave: "002" {{- if .Values.custom_labels }} @@ -45,9 +45,9 @@ metadata: {{- end }} subjects: - kind: ServiceAccount - name: addon-cleaner-sa + name: addon-cleanup-sa namespace: mas-{{ .Values.instance_id }}-core roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: addon-cleaner-role + name: addon-cleanup-role diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index f4359de33..19965f2c1 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -110,7 +110,7 @@ spec: labels: app: cleanup-additional-infrastructure spec: - serviceAccountName: addon-cleaner-sa + serviceAccountName: addon-cleanup-sa restartPolicy: Never containers: - name: cleanup From 3639337cb91fd4038cac4853b77ff00d7d938635 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 Jan 2026 10:51:53 -0500 Subject: [PATCH 19/77] [patch] fix failing addon lookup --- .../templates/07-additional-infrastructure-cr.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 19965f2c1..3277dbf03 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -122,15 +122,15 @@ spec: - | set -e echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" + + ADDON_LOOKUP=$(oc get genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core --ignore-not-found) - if oc get genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core &>/dev/null; then + if [[ ! -z $ADDON_LOOKUP ]] then echo "Found GenericAddon, deleting..." - oc delete genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core --ignore-not-found=true - echo "GenericAddon deleted successfully" + oc delete genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core + echo "Cleanup complete" else - echo "GenericAddon not found, nothing to clean up" + echo "GenericAddon not found, nothing to clean up. Exiting..." fi - - echo "Cleanup complete" {{- end }} {{- end }} \ No newline at end of file From 005950d538dbfa3fb29c494542a4733dfc6bafb9 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 Jan 2026 10:59:51 -0500 Subject: [PATCH 20/77] [patch] fix syntax error --- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 3277dbf03..ae3adb36f 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -125,7 +125,7 @@ spec: ADDON_LOOKUP=$(oc get genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core --ignore-not-found) - if [[ ! -z $ADDON_LOOKUP ]] then + if [[ ! -z $ADDON_LOOKUP ]]; then echo "Found GenericAddon, deleting..." oc delete genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core echo "Cleanup complete" From be7809c3cf59c7aa4d1fac34ad916d451f459757 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 Jan 2026 11:12:10 -0500 Subject: [PATCH 21/77] [patch] specify api group --- .../templates/07-additional-infrastructure-cr.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index ae3adb36f..89a1959c1 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -122,12 +122,11 @@ spec: - | set -e echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" - - ADDON_LOOKUP=$(oc get genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core --ignore-not-found) + ADDON_LOOKUP=$(oc get GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core -o json --ignore-not-found) if [[ ! -z $ADDON_LOOKUP ]]; then echo "Found GenericAddon, deleting..." - oc delete genericaddon "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core + oc delete GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core echo "Cleanup complete" else echo "GenericAddon not found, nothing to clean up. Exiting..." From 9863eab5da40b6e2f36f2af6f2d783699c61e990 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 Jan 2026 12:17:47 -0500 Subject: [PATCH 22/77] [patch] job structure --- .../07-additional-infrastructure-cr.yaml | 43 ++++++++++--------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 89a1959c1..5c06dcf0c 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -103,33 +103,34 @@ metadata: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} spec: - ttlSecondsAfterFinished: 300 - backoffLimit: 3 + backoffLimit: 4 template: +{{- if .Values.custom_labels }} metadata: labels: - app: cleanup-additional-infrastructure +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} spec: serviceAccountName: addon-cleanup-sa restartPolicy: Never containers: - - name: cleanup - image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} - imagePullPolicy: IfNotPresent - command: - - /bin/bash - - -c - - | - set -e - echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" - ADDON_LOOKUP=$(oc get GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core -o json --ignore-not-found) - - if [[ ! -z $ADDON_LOOKUP ]]; then - echo "Found GenericAddon, deleting..." - oc delete GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core - echo "Cleanup complete" - else - echo "GenericAddon not found, nothing to clean up. Exiting..." - fi + - name: cleanup + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + command: + - /bin/bash + - -c + - | + set -e + echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" + ADDON_LOOKUP=$(oc get GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core -o json --ignore-not-found) + + if [[ ! -z $ADDON_LOOKUP ]]; then + echo "Found GenericAddon, deleting..." + oc delete GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core + echo "Cleanup complete" + else + echo "GenericAddon not found, nothing to clean up. Exiting..." + fi {{- end }} {{- end }} \ No newline at end of file From 4438299e4ee1f395d920c16032cb171505ac3000 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Thu, 8 Jan 2026 12:58:36 -0500 Subject: [PATCH 23/77] [patch] add debug/test --- .../templates/07-additional-infrastructure-cr.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 5c06dcf0c..01cfc3dd5 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -123,6 +123,8 @@ spec: - | set -e echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" + echo "test oc command" + oc projects ADDON_LOOKUP=$(oc get GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core -o json --ignore-not-found) if [[ ! -z $ADDON_LOOKUP ]]; then From a725a0b79cfd906d1564475870e1dd51a2d77681 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Fri, 9 Jan 2026 10:59:16 -0500 Subject: [PATCH 24/77] [patch] add resource limits --- .../templates/07-additional-infrastructure-cr.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 01cfc3dd5..4bcd4d13f 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -117,6 +117,13 @@ spec: - name: cleanup image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi command: - /bin/bash - -c From 59dbc35414b1c9c5a21a0b3c4a21c38283676af6 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Fri, 9 Jan 2026 18:36:08 -0500 Subject: [PATCH 25/77] [patch] add network policy for cleanup job --- .../templates/00-networkpolicy.yaml | 16 ++++++++++++++++ .../07-additional-infrastructure-cr.yaml | 1 + 2 files changed, 17 insertions(+) create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml new file mode 100644 index 000000000..13484f1a7 --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-oc-addon-cleanup-job + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "001" +spec: + podSelector: + matchLabels: + app: addon-cleanup-job + egress: + - {} + policyTypes: + - Egress diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 4bcd4d13f..da073b35b 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -108,6 +108,7 @@ spec: {{- if .Values.custom_labels }} metadata: labels: + app: addon-cleanup-job {{ .Values.custom_labels | toYaml | indent 8 }} {{- end }} spec: From 2a24bee4bfa5730aff04a6115c4337bdf8cd73a0 Mon Sep 17 00:00:00 2001 From: Caroline Azadze Date: Fri, 9 Jan 2026 18:39:16 -0500 Subject: [PATCH 26/77] [patch] add instance id to name of network policy --- .../550-ibm-mas-addons-config/templates/00-networkpolicy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index 13484f1a7..49808243b 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: allow-oc-addon-cleanup-job + name: "{{ .Values.instance_id }}-allow-oc-addon-cleanup-job" namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "001" From c941457bf5e8986b362e9cffe5669ae0f067452e Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 13:58:54 +0530 Subject: [PATCH 27/77] [patch] update template to fix uninstall case --- .../templates/07-additional-infrastructure-cr.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index da073b35b..986f6ddfe 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -131,8 +131,6 @@ spec: - | set -e echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" - echo "test oc command" - oc projects ADDON_LOOKUP=$(oc get GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core -o json --ignore-not-found) if [[ ! -z $ADDON_LOOKUP ]]; then From 6cbcab5b362e4a92a29179459e321f9c86e77765 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 14:26:38 +0530 Subject: [PATCH 28/77] [patch] update template --- .../07-additional-infrastructure-cr.yaml | 115 +----------------- 1 file changed, 1 insertion(+), 114 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 986f6ddfe..c178009e9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -1,10 +1,4 @@ -{{- /* -CLI Image Digest - must be updated when CLI version changes -*/}} -{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} - -{{- if .Values.additional_infrastructure }} -{{- if eq .Values.additional_infrastructure.install true }} +{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon @@ -34,111 +28,4 @@ spec: {{- else }} [] {{- end }} -{{- else }} - -{{- /* -Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. -*/}} -{{- $_job_name_prefix := "cleanup-additional-infrastructure" }} - -{{- /* -A dict of values that influence the behaviour of the job in some way. -Any changes to values in this dict will trigger a rerun of the job. -Since jobs must be idemopotent, it's generally safe to pass in values here that are not -strictly necessary (i.e. including some values that don't actually influence job behaviour). -We may want to refine this further though for jobs that can take a long time to complete. -Included in $_job_hash (see below). -*/}} -{{- $_job_config_values := omit .Values "junitreporter" }} - -{{- /* -Increment this value whenever you make a change to an immutable field of the Job resource. -E.g. passing in a new environment variable. -Included in $_job_hash (see below). -*/}} -{{- $_job_version := "v1" }} - -{{- /* -10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest -This is to ensure ArgoCD will create a new job resource intead of attempting (and failing) to update an -immutable field of any existing Job resource. -*/}} -{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} - -{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} - -{{- /* -Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. - -When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label -to identify old Job resources that should be pruned on behalf of ArgoCD. - -Any Job resources in the same namespace that have the mas.ibm.com/job-cleanup-group with this value -will be considered to belong to the same cleanup group. All but the most recent (i.e. with the latest "creation_timestamp") -Jobs will be automatically deleted. - -$_job_cleanup_group can usually just be based on $_job_name_prefix. There are some special cases -where multiple Jobs are created in our templates using a Helm loop. In those cases, additional descriminators -must be added to $_job_cleanup_group. - -By convention, we sha1sum this value to guarantee we never exceed the 63 char limit regardless of which discriminators -are required here. - -*/}} -{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} - ---- -# Cleanup Job - Deletes GenericAddon when install is set to false -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $_job_name }} - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "557" - labels: - mas.ibm.com/instanceId: {{ .Values.instance_id }} - mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} -{{- if .Values.custom_labels }} -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - backoffLimit: 4 - template: -{{- if .Values.custom_labels }} - metadata: - labels: - app: addon-cleanup-job -{{ .Values.custom_labels | toYaml | indent 8 }} -{{- end }} - spec: - serviceAccountName: addon-cleanup-sa - restartPolicy: Never - containers: - - name: cleanup - image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - command: - - /bin/bash - - -c - - | - set -e - echo "Checking for GenericAddon: {{ .Values.instance_id }}-addons-additional-infrastructure" - ADDON_LOOKUP=$(oc get GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core -o json --ignore-not-found) - - if [[ ! -z $ADDON_LOOKUP ]]; then - echo "Found GenericAddon, deleting..." - oc delete GenericAddon.addons.mas.ibm.com "{{ .Values.instance_id }}-addons-additional-infrastructure" -n mas-{{ .Values.instance_id }}-core - echo "Cleanup complete" - else - echo "GenericAddon not found, nothing to clean up. Exiting..." - fi -{{- end }} {{- end }} \ No newline at end of file From 8fac86c71615a9bd4d92852a26062e4b248ae1f7 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 15:01:48 +0530 Subject: [PATCH 29/77] [patch] update template --- .../07-additional-infrastructure-cr.yaml | 154 ++++++++++++++++++ 1 file changed, 154 insertions(+) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index c178009e9..8ac263841 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -28,4 +28,158 @@ spec: {{- else }} [] {{- end }} +{{- end }} + +{{- /* +CLI Image Digest - must be updated when CLI version changes +*/}} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} + +{{- /* +Cleanup Job - Runs when additional_infrastructure.install is set to false +This job runs during ArgoCD sync to clean up the GenericAddon and Argo Application +*/}} +{{- if .Values.additional_infrastructure }} +{{- if eq .Values.additional_infrastructure.install false }} + +{{- /* +Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. +*/}} +{{- $_job_name_prefix := "cleanup-additional-infrastructure" }} + +{{- /* +A dict of values that influence the behaviour of the job in some way. +Any changes to values in this dict will trigger a rerun of the job. +*/}} +{{- $_job_config_values := omit .Values "junitreporter" }} + +{{- /* +Increment this value whenever you make a change to an immutable field of the Job resource. +*/}} +{{- $_job_version := "v3" }} + +{{- /* +10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest +This ensures ArgoCD will create a new job resource instead of attempting to update an immutable field. +*/}} +{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} + +{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} + +{{- /* +Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. +When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label +to identify old Job resources that should be pruned on behalf of ArgoCD. +*/}} +{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} + +--- +# Cleanup Job - Deletes GenericAddon and Argo Application when install is set to false +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $_job_name }} + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "557" + labels: + mas.ibm.com/instanceId: {{ .Values.instance_id }} + mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + backoffLimit: 4 + template: +{{- if .Values.custom_labels }} + metadata: + labels: + app: addon-cleanup-job +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} + spec: + serviceAccountName: addon-cleanup-sa + restartPolicy: Never + containers: + - name: cleanup + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + env: + - name: CLUSTER_ID + value: "{{ .Values.cluster_id }}" + - name: INSTANCE_ID + value: "{{ .Values.instance_id }}" + - name: ARGO_NAMESPACE + value: "{{ .Values.argo_namespace | default "openshift-gitops" }}" + command: + - /bin/bash + - -c + - | + set -e + + # Function to delete a resource with verification + function delete_resource() { + local RESOURCE=$1 + local NAMESPACE=$2 + local RESOURCE_NAME=$3 + + echo "" + echo "================================================================" + echo "Checking for ${RESOURCE}: ${RESOURCE_NAME} in namespace ${NAMESPACE}" + + set +e + RESOURCE_LOOKUP=$(oc get ${RESOURCE} "${RESOURCE_NAME}" -n ${NAMESPACE} -o json --ignore-not-found 2>/dev/null) + set -e + + if [[ -z "$RESOURCE_LOOKUP" ]]; then + echo "${RESOURCE} not found, nothing to clean up." + return 0 + fi + + echo "Found ${RESOURCE}, deleting..." + set +e + oc delete ${RESOURCE} "${RESOURCE_NAME}" -n ${NAMESPACE} --timeout=300s --wait=true + DELETE_RC=$? + set -e + + if [[ $DELETE_RC -ne 0 ]]; then + echo "Warning: Delete command returned non-zero exit code: $DELETE_RC" + fi + + # Verify deletion + echo "Verifying ${RESOURCE} is deleted..." + set +e + RESOURCE_LOOKUP=$(oc get ${RESOURCE} "${RESOURCE_NAME}" -n ${NAMESPACE} -o json --ignore-not-found 2>/dev/null) + set -e + + if [[ -n "$RESOURCE_LOOKUP" ]]; then + echo "ERROR: ${RESOURCE} still present after deletion attempt" + return 1 + fi + + echo "Successfully deleted ${RESOURCE}" + return 0 + } + + # Step 1: Delete the GenericAddon + echo "Step 1: Cleaning up GenericAddon resource" + delete_resource "GenericAddon.addons.mas.ibm.com" "mas-${INSTANCE_ID}-core" "${INSTANCE_ID}-addons-additional-infrastructure" + + # Step 2: Delete the Argo Application + echo "" + echo "Step 2: Cleaning up Argo Application" + ARGO_APP_NAME="addons.${CLUSTER_ID}.${INSTANCE_ID}" + delete_resource "Application.argoproj.io" "${ARGO_NAMESPACE}" "${ARGO_APP_NAME}" + + echo "" + echo "================================================================" + echo "Cleanup complete - All resources successfully deleted" +{{- end }} {{- end }} \ No newline at end of file From 52d39b2c4a7621b78e7b425d09ff741144fd768d Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 16:23:48 +0530 Subject: [PATCH 30/77] [patch] update template --- .../07-additional-infrastructure-cr.yaml | 37 +++++++++++-------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 8ac263841..4a10f0faa 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -126,26 +126,26 @@ spec: # Function to delete a resource with verification function delete_resource() { - local RESOURCE=$1 - local NAMESPACE=$2 - local RESOURCE_NAME=$3 + local RESOURCE_TYPE=$1 + local RESOURCE_NAME=$2 + local NAMESPACE=$3 echo "" echo "================================================================" - echo "Checking for ${RESOURCE}: ${RESOURCE_NAME} in namespace ${NAMESPACE}" + echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" set +e - RESOURCE_LOOKUP=$(oc get ${RESOURCE} "${RESOURCE_NAME}" -n ${NAMESPACE} -o json --ignore-not-found 2>/dev/null) + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found 2>/dev/null) set -e if [[ -z "$RESOURCE_LOOKUP" ]]; then - echo "${RESOURCE} not found, nothing to clean up." + echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." return 0 fi - echo "Found ${RESOURCE}, deleting..." + echo "Found ${RESOURCE_TYPE}/${RESOURCE_NAME}, deleting..." set +e - oc delete ${RESOURCE} "${RESOURCE_NAME}" -n ${NAMESPACE} --timeout=300s --wait=true + oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=300s --wait=true DELETE_RC=$? set -e @@ -154,32 +154,37 @@ spec: fi # Verify deletion - echo "Verifying ${RESOURCE} is deleted..." + echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." set +e - RESOURCE_LOOKUP=$(oc get ${RESOURCE} "${RESOURCE_NAME}" -n ${NAMESPACE} -o json --ignore-not-found 2>/dev/null) + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found 2>/dev/null) set -e if [[ -n "$RESOURCE_LOOKUP" ]]; then - echo "ERROR: ${RESOURCE} still present after deletion attempt" + echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" return 1 fi - echo "Successfully deleted ${RESOURCE}" + echo "Successfully deleted ${RESOURCE_TYPE}/${RESOURCE_NAME}" return 0 } - # Step 1: Delete the GenericAddon + # Step 1: Delete the GenericAddon (if it exists) echo "Step 1: Cleaning up GenericAddon resource" - delete_resource "GenericAddon.addons.mas.ibm.com" "mas-${INSTANCE_ID}-core" "${INSTANCE_ID}-addons-additional-infrastructure" + delete_resource "genericaddon" "${INSTANCE_ID}-addons-additional-infrastructure" "mas-${INSTANCE_ID}-core" || true # Step 2: Delete the Argo Application echo "" echo "Step 2: Cleaning up Argo Application" ARGO_APP_NAME="addons.${CLUSTER_ID}.${INSTANCE_ID}" - delete_resource "Application.argoproj.io" "${ARGO_NAMESPACE}" "${ARGO_APP_NAME}" + echo "Argo Application name: ${ARGO_APP_NAME}" + echo "Argo namespace: ${ARGO_NAMESPACE}" + + # Delete the Argo Application + delete_resource "application" "${ARGO_APP_NAME}" "${ARGO_NAMESPACE}" echo "" echo "================================================================" - echo "Cleanup complete - All resources successfully deleted" + echo "Cleanup complete - All resources processed" + echo "Note: The Argo Application deletion will trigger ArgoCD to clean up all managed resources" {{- end }} {{- end }} \ No newline at end of file From f938e9a017acf69ae9015d4fb45550624980d308 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 16:58:24 +0530 Subject: [PATCH 31/77] [patch] update template to fix uninstall case --- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 4a10f0faa..b0b21a67b 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -33,7 +33,7 @@ spec: {{- /* CLI Image Digest - must be updated when CLI version changes */}} -{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} +{{- $_cli_image_digest := "sha256:2cb24d497f6aaac2fb89f77c5ff0c3dae736c811821f1ba217529347d2360c26" }} {{- /* Cleanup Job - Runs when additional_infrastructure.install is set to false From 74a3001264196715de904a0299674cb1a6a10198 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 18:18:43 +0530 Subject: [PATCH 32/77] [patch] update template for testing --- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index b0b21a67b..8d7ecf98b 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -170,7 +170,7 @@ spec: # Step 1: Delete the GenericAddon (if it exists) echo "Step 1: Cleaning up GenericAddon resource" - delete_resource "genericaddon" "${INSTANCE_ID}-addons-additional-infrastructure" "mas-${INSTANCE_ID}-core" || true + delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-additional-infrastructure" "mas-${INSTANCE_ID}-core" || true # Step 2: Delete the Argo Application echo "" From 4bfa35868f7c8d32814d1621d5acd52960ca2a59 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 18:45:37 +0530 Subject: [PATCH 33/77] [patch] update template --- .../550-ibm-mas-addons-config/templates/00-rbac.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index beb250dfd..ef514e580 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -27,6 +27,7 @@ rules: - get - list - delete + - watch apiGroups: - addons.mas.ibm.com resources: From 72274f61fec00d119eaebda7726152710ba58b31 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 19:44:00 +0530 Subject: [PATCH 34/77] [patch] add echo for testing --- .../templates/07-additional-infrastructure-cr.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 8d7ecf98b..5321361d2 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -138,6 +138,8 @@ spec: RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found 2>/dev/null) set -e + echo "RESOURCE_LOOKUP value: '${RESOURCE_LOOKUP}'" + if [[ -z "$RESOURCE_LOOKUP" ]]; then echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." return 0 From 066e62c29cdbc29bc20e1051b9401f05ed64e412 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 20:02:42 +0530 Subject: [PATCH 35/77] [patch] add echo for testing --- .../templates/07-additional-infrastructure-cr.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 5321361d2..3e331c7fa 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -135,12 +135,13 @@ spec: echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" set +e - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found 2>/dev/null) + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} -o name 2>&1) + RC=$? set -e echo "RESOURCE_LOOKUP value: '${RESOURCE_LOOKUP}'" - if [[ -z "$RESOURCE_LOOKUP" ]]; then + if [[ $RC -ne 0 ]]; then echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." return 0 fi @@ -158,10 +159,13 @@ spec: # Verify deletion echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." set +e - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found 2>/dev/null) + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} -o name 2>&1) + RC=$? set -e - if [[ -n "$RESOURCE_LOOKUP" ]]; then + echo "Verification RESOURCE_LOOKUP value: '${RESOURCE_LOOKUP}'" + + if [[ $RC -eq 0 ]]; then echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" return 1 fi From f284fb1745eab3f4e757b4081e1294295110d7e0 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 20:19:07 +0530 Subject: [PATCH 36/77] [patch] update cli image --- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 3e331c7fa..6350f3001 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -33,7 +33,7 @@ spec: {{- /* CLI Image Digest - must be updated when CLI version changes */}} -{{- $_cli_image_digest := "sha256:2cb24d497f6aaac2fb89f77c5ff0c3dae736c811821f1ba217529347d2360c26" }} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} {{- /* Cleanup Job - Runs when additional_infrastructure.install is set to false From a06df7bfaca38cfc5ad008fdd90486f51a1b1d90 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 20:33:14 +0530 Subject: [PATCH 37/77] [patch] update network policy --- .../templates/00-networkpolicy.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index 49808243b..8237778e9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -11,6 +11,11 @@ spec: matchLabels: app: addon-cleanup-job egress: - - {} + - to: + -ipBlock: + cidr: 172.30.0.0/16 + ports: + - protocol: TCP + port: 443 policyTypes: - Egress From 39375745cc430c594648af65aa3b7197ed50cdf0 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 21:56:35 +0530 Subject: [PATCH 38/77] [patch] update changes for testing --- .../templates/00-networkpolicy.yaml | 13 +++++++------ .../07-additional-infrastructure-cr.yaml | 18 ++++-------------- 2 files changed, 11 insertions(+), 20 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index 8237778e9..26664e7e4 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -1,4 +1,6 @@ --- +# Permit outbound communication by the Job pods +# (Needed to communicate with the K8S HTTP API) apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -6,16 +8,15 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "001" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} spec: podSelector: matchLabels: app: addon-cleanup-job egress: - - to: - -ipBlock: - cidr: 172.30.0.0/16 - ports: - - protocol: TCP - port: 443 + - {} policyTypes: - Egress diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 6350f3001..18ef7fd3d 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -134,14 +134,9 @@ spec: echo "================================================================" echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" - set +e - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} -o name 2>&1) - RC=$? - set -e - - echo "RESOURCE_LOOKUP value: '${RESOURCE_LOOKUP}'" + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - if [[ $RC -ne 0 ]]; then + if [[ -z "$RESOURCE_LOOKUP" ]]; then echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." return 0 fi @@ -158,14 +153,9 @@ spec: # Verify deletion echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." - set +e - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} -o name 2>&1) - RC=$? - set -e - - echo "Verification RESOURCE_LOOKUP value: '${RESOURCE_LOOKUP}'" + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - if [[ $RC -eq 0 ]]; then + if [[ ! -z "$RESOURCE_LOOKUP" ]]; then echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" return 1 fi From 6514e0f8e259e4bcf72bf611dabaf45e2ad348af Mon Sep 17 00:00:00 2001 From: hita pandya Date: Mon, 12 Jan 2026 22:26:50 +0530 Subject: [PATCH 39/77] [patch] update sync wave --- .../templates/00-networkpolicy.yaml | 2 +- .../550-ibm-mas-addons-config/templates/00-rbac.yaml | 6 +++--- .../templates/07-additional-infrastructure-cr.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index 26664e7e4..cd7e167b0 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -7,7 +7,7 @@ metadata: name: "{{ .Values.instance_id }}-allow-oc-addon-cleanup-job" namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/sync-wave: "001" + argocd.argoproj.io/sync-wave: "558" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index ef514e580..b565dcb98 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -5,7 +5,7 @@ metadata: name: addon-cleanup-sa namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/sync-wave: "00" + argocd.argoproj.io/sync-wave: "557" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -17,7 +17,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: addon-cleanup-role annotations: - argocd.argoproj.io/sync-wave: "00" + argocd.argoproj.io/sync-wave: "557" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -39,7 +39,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: addon-cleanup-rb annotations: - argocd.argoproj.io/sync-wave: "002" + argocd.argoproj.io/sync-wave: "558" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index 18ef7fd3d..e1cdd8736 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -6,7 +6,7 @@ metadata: name: "{{ .Values.instance_id }}-addons-additional-infrastructure" namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/sync-wave: "557" + argocd.argoproj.io/sync-wave: "559" labels: mas.ibm.com/configScope: system mas.ibm.com/instanceId: {{ .Values.instance_id }} @@ -81,7 +81,7 @@ metadata: name: {{ $_job_name }} namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/sync-wave: "557" + argocd.argoproj.io/sync-wave: "559" labels: mas.ibm.com/instanceId: {{ .Values.instance_id }} mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} From be72581881c105cf6aaf6eedb0cbd2f3e6083fe9 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 13 Jan 2026 10:58:04 +0530 Subject: [PATCH 40/77] [patch] update changes for testing --- .../templates/07-additional-infrastructure-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index e1cdd8736..a7eeee104 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -91,10 +91,10 @@ metadata: spec: backoffLimit: 4 template: -{{- if .Values.custom_labels }} metadata: labels: app: addon-cleanup-job +{{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 8 }} {{- end }} spec: From 3ed9fb95f283735dc1fcdb3dc1880e70c6e1e9e0 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 13 Jan 2026 11:25:27 +0530 Subject: [PATCH 41/77] [patch] update changes for testing --- .../07-additional-infrastructure-cr.yaml | 29 +++++-------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index a7eeee104..aa2cce3c3 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -37,7 +37,7 @@ CLI Image Digest - must be updated when CLI version changes {{- /* Cleanup Job - Runs when additional_infrastructure.install is set to false -This job runs during ArgoCD sync to clean up the GenericAddon and Argo Application +This job runs during ArgoCD sync to clean up the GenericAddon CR */}} {{- if .Values.additional_infrastructure }} {{- if eq .Values.additional_infrastructure.install false }} @@ -56,7 +56,7 @@ Any changes to values in this dict will trigger a rerun of the job. {{- /* Increment this value whenever you make a change to an immutable field of the Job resource. */}} -{{- $_job_version := "v3" }} +{{- $_job_version := "v4" }} {{- /* 10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest @@ -74,7 +74,7 @@ to identify old Job resources that should be pruned on behalf of ArgoCD. {{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} --- -# Cleanup Job - Deletes GenericAddon and Argo Application when install is set to false +# Cleanup Job - Deletes GenericAddon CR when install is set to false apiVersion: batch/v1 kind: Job metadata: @@ -112,12 +112,8 @@ spec: cpu: 10m memory: 64Mi env: - - name: CLUSTER_ID - value: "{{ .Values.cluster_id }}" - name: INSTANCE_ID value: "{{ .Values.instance_id }}" - - name: ARGO_NAMESPACE - value: "{{ .Values.argo_namespace | default "openshift-gitops" }}" command: - /bin/bash - -c @@ -164,23 +160,12 @@ spec: return 0 } - # Step 1: Delete the GenericAddon (if it exists) - echo "Step 1: Cleaning up GenericAddon resource" - delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-additional-infrastructure" "mas-${INSTANCE_ID}-core" || true - - # Step 2: Delete the Argo Application - echo "" - echo "Step 2: Cleaning up Argo Application" - ARGO_APP_NAME="addons.${CLUSTER_ID}.${INSTANCE_ID}" - echo "Argo Application name: ${ARGO_APP_NAME}" - echo "Argo namespace: ${ARGO_NAMESPACE}" - - # Delete the Argo Application - delete_resource "application" "${ARGO_APP_NAME}" "${ARGO_NAMESPACE}" + # Delete the GenericAddon CR + echo "Cleaning up GenericAddon resource" + delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-additional-infrastructure" "mas-${INSTANCE_ID}-core" echo "" echo "================================================================" - echo "Cleanup complete - All resources processed" - echo "Note: The Argo Application deletion will trigger ArgoCD to clean up all managed resources" + echo "Cleanup complete - GenericAddon CR removed" {{- end }} {{- end }} \ No newline at end of file From 06bfd47bc0ed508b10166d1b84b3fc65c53290da Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 13 Jan 2026 14:32:56 +0530 Subject: [PATCH 42/77] [patch] update changes for testing --- .../templates/07-additional-infrastructure-cr.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml index aa2cce3c3..d7ec019ac 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml @@ -90,6 +90,7 @@ metadata: {{- end }} spec: backoffLimit: 4 + ttlSecondsAfterFinished: 300 template: metadata: labels: From 56ff31a5fb59fcf1bb848f797b22fe953baf4378 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 20 Jan 2026 14:54:32 +0530 Subject: [PATCH 43/77] [patch] add support to additional resources on gitops --- .../instance1/ibm-mas-instance-base.yaml | 8 +-- .../templates/00-networkpolicy.yaml | 2 + .../templates/00-rbac.yaml | 10 +++- .../templates/08-additional-resources-cr.yaml | 31 +++++++++++ ...ture-cr.yaml => 08-addon-cleanup-job.yaml} | 55 ++++--------------- .../templates/550-ibm-mas-addons-config.yaml | 6 +- 6 files changed, 58 insertions(+), 54 deletions(-) create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml rename instance-applications/550-ibm-mas-addons-config/templates/{07-additional-infrastructure-cr.yaml => 08-addon-cleanup-job.yaml} (75%) diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index f257d90b0..128301016 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -17,13 +17,13 @@ sm: aws_access_key_id: "" aws_secret_access_key: "" -# Additional Infrastructure Configuration Example -additional_infrastructure: +# Additional Resources Configuration Example +additional_resources: install: true instances: - name: instance-name-1 cost: 100 - reasonCode: REASON_CODE_1 + reasonCode: 101 - name: instance-name-2 cost: 250 - reasonCode: REASON_CODE_2 + reasonCode: 102 diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index cd7e167b0..c8bad0e17 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -1,3 +1,4 @@ +{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources }} --- # Permit outbound communication by the Job pods # (Needed to communicate with the K8S HTTP API) @@ -20,3 +21,4 @@ spec: - {} policyTypes: - Egress +{{- end }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index b565dcb98..2f882ae56 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -1,3 +1,4 @@ +{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources }} --- kind: ServiceAccount apiVersion: v1 @@ -12,10 +13,11 @@ metadata: {{- end }} --- -kind: ClusterRole +kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: addon-cleanup-role + namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "557" {{- if .Values.custom_labels }} @@ -34,10 +36,11 @@ rules: - genericaddons --- -kind: ClusterRoleBinding +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: addon-cleanup-rb + namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "558" {{- if .Values.custom_labels }} @@ -50,5 +53,6 @@ subjects: namespace: mas-{{ .Values.instance_id }}-core roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: addon-cleanup-role +{{- end }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml new file mode 100644 index 000000000..93a21984c --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.additional_resources (eq .Values.additional_resources.install true) }} +--- +apiVersion: addons.mas.ibm.com/v1 +kind: GenericAddon +metadata: + name: "{{ .Values.instance_id }}-addons-additional-resources" + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "559" + labels: + mas.ibm.com/configScope: system + mas.ibm.com/instanceId: {{ .Values.instance_id }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + displayName: "{{ .Values.instance_id }}-AdditionalResources" + addonType: additional-resources + config: + addonIdentifier: {{ .Values.instance_id }} + instances: +{{- if .Values.additional_resources.instances }} +{{- range .Values.additional_resources.instances }} + - name: {{ .name }} + cost: {{ .cost }} + reasonCode: {{ .reasonCode }} +{{- end }} +{{- else }} + [] +{{- end }} +{{- end }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml similarity index 75% rename from instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml rename to instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index d7ec019ac..66dab4a29 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/07-additional-infrastructure-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -1,51 +1,16 @@ -{{- if and .Values.additional_infrastructure (eq .Values.additional_infrastructure.install true) }} ---- -apiVersion: addons.mas.ibm.com/v1 -kind: GenericAddon -metadata: - name: "{{ .Values.instance_id }}-addons-additional-infrastructure" - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "559" - labels: - mas.ibm.com/configScope: system - mas.ibm.com/instanceId: {{ .Values.instance_id }} -{{- if .Values.custom_labels }} -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - displayName: "{{ .Values.instance_id }}-AdditionalInfrastructure" - addonType: additional-infrastructure - config: - addonIdentifier: {{ .Values.instance_id }} - instances: -{{- if .Values.additional_infrastructure.instances }} -{{- range .Values.additional_infrastructure.instances }} - - name: {{ .name }} - cost: {{ .cost }} - reasonCode: {{ .reasonCode }} -{{- end }} -{{- else }} - [] -{{- end }} -{{- end }} - {{- /* CLI Image Digest - must be updated when CLI version changes */}} {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} -{{- /* -Cleanup Job - Runs when additional_infrastructure.install is set to false -This job runs during ArgoCD sync to clean up the GenericAddon CR -*/}} -{{- if .Values.additional_infrastructure }} -{{- if eq .Values.additional_infrastructure.install false }} +{{- if .Values.additional_resources }} +{{- if eq .Values.additional_infrastructure.install false) }} {{- /* Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. */}} -{{- $_job_name_prefix := "cleanup-additional-infrastructure" }} +{{- $_job_name_prefix := "cleanup-addons" }} +{{- $_addon_type := "additional-resources" }} {{- /* A dict of values that influence the behaviour of the job in some way. @@ -115,6 +80,8 @@ spec: env: - name: INSTANCE_ID value: "{{ .Values.instance_id }}" + - name: ADDON_TYPE + value: "{{ $_addon_type }}" command: - /bin/bash - -c @@ -161,12 +128,12 @@ spec: return 0 } - # Delete the GenericAddon CR - echo "Cleaning up GenericAddon resource" - delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-additional-infrastructure" "mas-${INSTANCE_ID}-core" + # Delete the GenericAddon CR using the addon type from environment + echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" + delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" echo "" echo "================================================================" - echo "Cleanup complete - GenericAddon CR removed" + echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" +{{- end }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index ce6b647dd..3fefea4d4 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -1,4 +1,4 @@ -{{ if or (not (empty .Values.allow_list)) (.Values.enhanced_dr) (.Values.extensions) (.Values.additional_vpn) (.Values.application_configuration) (not (empty .Values.ibm_db2u_databases)) (.Values.cluster_nonshared) }} +{{ if or (not (empty .Values.allow_list)) (.Values.enhanced_dr) (.Values.extensions) (.Values.additional_vpn) (.Values.application_configuration) (not (empty .Values.ibm_db2u_databases)) (.Values.cluster_nonshared) (.Values.additional_resources) }} --- # IBM Maximo Operator Catalog apiVersion: argoproj.io/v1alpha1 @@ -44,8 +44,8 @@ spec: additional_vpn: {{ .Values.additional_vpn }} cluster_nonshared: {{ .Values.cluster_nonshared }} application_configuration: {{ .Values.application_configuration }} - {{- if .Values.additional_infrastructure }} - additional_infrastructure: {{ .Values.additional_infrastructure | toYaml | nindent 14 }} + {{- if .Values.additional_resources }} + additional_resources: {{ .Values.additional_resources | toYaml | nindent 14 }} {{- end }} databases: {{- range $val := .Values.ibm_db2u_databases }} From 22ad9f3e1d85253784462fb845311eb2378bce83 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 20 Jan 2026 14:56:58 +0530 Subject: [PATCH 44/77] [patch] add condition --- .../templates/550-ibm-mas-addons-config.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index 3fefea4d4..6fe425820 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -74,7 +74,9 @@ spec: {{- end }} syncPolicy: automated: + {{- if .Values.auto_delete }} prune: true + {{- end }} selfHeal: true retry: limit: 20 From 7ed5df7c7c37ee35dbdce43d60ae8de935b3e798 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 20 Jan 2026 14:58:16 +0530 Subject: [PATCH 45/77] [patch] update indentation --- .../templates/550-ibm-mas-addons-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index 6fe425820..68e58db2a 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -74,9 +74,9 @@ spec: {{- end }} syncPolicy: automated: - {{- if .Values.auto_delete }} + {{- if .Values.auto_delete }} prune: true - {{- end }} + {{- end }} selfHeal: true retry: limit: 20 From 221d0d53203dfb75f91121d642c0aef8cea68246 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 20 Jan 2026 14:59:12 +0530 Subject: [PATCH 46/77] [patch] correct indentation --- .../templates/550-ibm-mas-addons-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index 68e58db2a..b6259b352 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -74,9 +74,9 @@ spec: {{- end }} syncPolicy: automated: - {{- if .Values.auto_delete }} + {{- if .Values.auto_delete }} prune: true - {{- end }} + {{- end }} selfHeal: true retry: limit: 20 From bcf531af971d2e74c1ef9b289d934f570ca8e27a Mon Sep 17 00:00:00 2001 From: hita pandya Date: Tue, 20 Jan 2026 17:15:34 +0530 Subject: [PATCH 47/77] [patch] fix argo issue --- .../templates/08-addon-cleanup-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index 66dab4a29..4e3034bab 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -4,7 +4,7 @@ CLI Image Digest - must be updated when CLI version changes {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} {{- if .Values.additional_resources }} -{{- if eq .Values.additional_infrastructure.install false) }} +{{- if eq .Values.additional_resources.install false }} {{- /* Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. From 3ed3cf29c9357dca80d1418967763d6600ad82d8 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Wed, 21 Jan 2026 14:42:39 +0530 Subject: [PATCH 48/77] [patch] update condition fore clean up job --- .../templates/08-addon-cleanup-job.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index 4e3034bab..488187819 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -3,8 +3,15 @@ CLI Image Digest - must be updated when CLI version changes */}} {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} -{{- if .Values.additional_resources }} -{{- if eq .Values.additional_resources.install false }} +{{- if not .Values.additional_resources }} +{{- /* Cleanup job runs when additional_resources section is removed from the config */}} +{{- /* Check if the GenericAddon CR actually exists before creating cleanup job */}} +{{- $_addon_cr_name := printf "%s-addons-additional-resources" .Values.instance_id }} +{{- $_addon_namespace := printf "mas-%s-core" .Values.instance_id }} +{{- $_addon_exists := lookup "addons.mas.ibm.com/v1" "GenericAddon" $_addon_namespace $_addon_cr_name }} + +{{- if $_addon_exists }} +{{- /* Only create cleanup job if the CR actually exists */}} {{- /* Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. From b2482586e0d3e04ca61deffaf78dfa9a5deec1a8 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Wed, 21 Jan 2026 15:29:07 +0530 Subject: [PATCH 49/77] [patch] update condition for clean up job --- .../dev/cluster1/instance1/ibm-mas-instance-base.yaml | 1 - .../templates/08-additional-resources-cr.yaml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index 128301016..90fd59c27 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -19,7 +19,6 @@ sm: # Additional Resources Configuration Example additional_resources: - install: true instances: - name: instance-name-1 cost: 100 diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml index 93a21984c..846febca9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.additional_resources (eq .Values.additional_resources.install true) }} +{{- if .Values.additional_resources }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon From 21e6b2ab5cb4e503eeaef0b25537233aac4a6ec8 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Wed, 21 Jan 2026 18:22:23 +0530 Subject: [PATCH 50/77] [patch] update clean up job --- .../templates/08-addon-cleanup-job.yaml | 135 +++++++----------- 1 file changed, 49 insertions(+), 86 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index 488187819..4055380bb 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -1,72 +1,34 @@ +{{- if .Values.use_postdelete_hooks }} + {{- /* CLI Image Digest - must be updated when CLI version changes */}} {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} -{{- if not .Values.additional_resources }} -{{- /* Cleanup job runs when additional_resources section is removed from the config */}} -{{- /* Check if the GenericAddon CR actually exists before creating cleanup job */}} -{{- $_addon_cr_name := printf "%s-addons-additional-resources" .Values.instance_id }} -{{- $_addon_namespace := printf "mas-%s-core" .Values.instance_id }} -{{- $_addon_exists := lookup "addons.mas.ibm.com/v1" "GenericAddon" $_addon_namespace $_addon_cr_name }} - -{{- if $_addon_exists }} -{{- /* Only create cleanup job if the CR actually exists */}} - -{{- /* -Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. -*/}} -{{- $_job_name_prefix := "cleanup-addons" }} -{{- $_addon_type := "additional-resources" }} - -{{- /* -A dict of values that influence the behaviour of the job in some way. -Any changes to values in this dict will trigger a rerun of the job. -*/}} -{{- $_job_config_values := omit .Values "junitreporter" }} - -{{- /* -Increment this value whenever you make a change to an immutable field of the Job resource. -*/}} -{{- $_job_version := "v4" }} - -{{- /* -10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest -This ensures ArgoCD will create a new job resource instead of attempting to update an immutable field. -*/}} -{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} - -{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} - +{{- if .Values.additional_resources }} {{- /* -Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. -When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label -to identify old Job resources that should be pruned on behalf of ArgoCD. +PostDelete hook - This job will run when the ArgoCD application is deleted +It will clean up the GenericAddon CR that was created */}} -{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} - --- -# Cleanup Job - Deletes GenericAddon CR when install is set to false apiVersion: batch/v1 kind: Job metadata: - name: {{ $_job_name }} + name: postdelete-addon-cleanup-job namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/sync-wave: "559" - labels: - mas.ibm.com/instanceId: {{ .Values.instance_id }} - mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} + argocd.argoproj.io/hook: PostDelete + argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation {{- if .Values.custom_labels }} + labels: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} spec: backoffLimit: 4 - ttlSecondsAfterFinished: 300 template: metadata: labels: - app: addon-cleanup-job + app: postdelete-addon-cleanup-job {{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 8 }} {{- end }} @@ -87,60 +49,61 @@ spec: env: - name: INSTANCE_ID value: "{{ .Values.instance_id }}" - - name: ADDON_TYPE - value: "{{ $_addon_type }}" + - name: CR_NAMESPACE + value: "mas-{{ .Values.instance_id }}-core" + - name: CR_NAME + value: "{{ .Values.instance_id }}-addons-additional-resources" + - name: CR_API_VERSION + value: "addons.mas.ibm.com/v1" + - name: CR_KIND + value: "GenericAddon" command: - - /bin/bash + - /bin/sh - -c - | set -e - # Function to delete a resource with verification - function delete_resource() { - local RESOURCE_TYPE=$1 - local RESOURCE_NAME=$2 - local NAMESPACE=$3 + function delete_oc_resource(){ + RESOURCE=$1 + NAMESPACE=$2 + echo + echo "------------------------------------------------------------------" + echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " - echo "" - echo "================================================================" - echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" - - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - - if [[ -z "$RESOURCE_LOOKUP" ]]; then - echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." + # don't want a non-zero rc from oc get to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -z "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE not found, skipping" return 0 fi - echo "Found ${RESOURCE_TYPE}/${RESOURCE_NAME}, deleting..." + echo "oc delete resource $RESOURCE in namespace $NAMESPACE " + + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e set +e - oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=300s --wait=true - DELETE_RC=$? + oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true + return_code=$? set -e - if [[ $DELETE_RC -ne 0 ]]; then - echo "Warning: Delete command returned non-zero exit code: $DELETE_RC" - fi - - # Verify deletion - echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - - if [[ ! -z "$RESOURCE_LOOKUP" ]]; then - echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" - return 1 + echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " + # don't want a non-zero rc from oc get to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -n "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE still present, failing job" + exit 1 fi - echo "Successfully deleted ${RESOURCE_TYPE}/${RESOURCE_NAME}" + echo "... verified" return 0 } - # Delete the GenericAddon CR using the addon type from environment - echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" - delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" - - echo "" - echo "================================================================" - echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" + delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" {{- end }} {{- end }} From eec8113dfb21e96fe20860312a051c144028944f Mon Sep 17 00:00:00 2001 From: hita pandya Date: Wed, 21 Jan 2026 18:28:36 +0530 Subject: [PATCH 51/77] [patch] update condition --- .../templates/08-addon-cleanup-job.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index 4055380bb..f24007476 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -5,10 +5,9 @@ CLI Image Digest - must be updated when CLI version changes */}} {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} -{{- if .Values.additional_resources }} {{- /* PostDelete hook - This job will run when the ArgoCD application is deleted -It will clean up the GenericAddon CR that was created +It will clean up the GenericAddon CR that was created (if it exists) */}} --- apiVersion: batch/v1 @@ -106,4 +105,3 @@ spec: delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" {{- end }} -{{- end }} From a4c36f62298e044f09d3c498a7b5c188b5759344 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Wed, 21 Jan 2026 19:04:57 +0530 Subject: [PATCH 52/77] [patch] add post delete hook value --- .../templates/550-ibm-mas-addons-config.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index b6259b352..20c35c7ed 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -44,6 +44,7 @@ spec: additional_vpn: {{ .Values.additional_vpn }} cluster_nonshared: {{ .Values.cluster_nonshared }} application_configuration: {{ .Values.application_configuration }} + use_postdelete_hooks: {{ .Values.use_postdelete_hooks | default true }} {{- if .Values.additional_resources }} additional_resources: {{ .Values.additional_resources | toYaml | nindent 14 }} {{- end }} From aed092fb3da2c22d24580a8ea1069fb9ca2168c0 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 11:55:59 +0530 Subject: [PATCH 53/77] [patch] add support to uninstall additional resources --- .../instance1/ibm-mas-instance-base.yaml | 1 + .../templates/08-additional-resources-cr.yaml | 2 +- .../templates/08-addon-cleanup-job.yaml | 128 +++++++++++------- 3 files changed, 82 insertions(+), 49 deletions(-) diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index 90fd59c27..128301016 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -19,6 +19,7 @@ sm: # Additional Resources Configuration Example additional_resources: + install: true instances: - name: instance-name-1 cost: 100 diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml index 846febca9..93a21984c 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml @@ -1,4 +1,4 @@ -{{- if .Values.additional_resources }} +{{- if and .Values.additional_resources (eq .Values.additional_resources.install true) }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index f24007476..a4e69d45b 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -1,33 +1,65 @@ -{{- if .Values.use_postdelete_hooks }} - {{- /* CLI Image Digest - must be updated when CLI version changes */}} {{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} +{{- if .Values.additional_resources }} +{{- if eq .Values.additional_resources.install false }} + +{{- /* +Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. +*/}} +{{- $_job_name_prefix := "cleanup-addons" }} +{{- $_addon_type := "additional-resources" }} + +{{- /* +A dict of values that influence the behaviour of the job in some way. +Any changes to values in this dict will trigger a rerun of the job. +*/}} +{{- $_job_config_values := omit .Values "junitreporter" }} + +{{- /* +Increment this value whenever you make a change to an immutable field of the Job resource. +*/}} +{{- $_job_version := "v4" }} + +{{- /* +10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest +This ensures ArgoCD will create a new job resource instead of attempting to update an immutable field. +*/}} +{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} + +{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} + {{- /* -PostDelete hook - This job will run when the ArgoCD application is deleted -It will clean up the GenericAddon CR that was created (if it exists) +Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. +When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label +to identify old Job resources that should be pruned on behalf of ArgoCD. */}} +{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} + --- +# Cleanup Job - Deletes GenericAddon CR when install is set to false apiVersion: batch/v1 kind: Job metadata: - name: postdelete-addon-cleanup-job + name: {{ $_job_name }} namespace: mas-{{ .Values.instance_id }}-core annotations: - argocd.argoproj.io/hook: PostDelete - argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation -{{- if .Values.custom_labels }} + argocd.argoproj.io/sync-wave: "559" labels: + mas.ibm.com/instanceId: {{ .Values.instance_id }} + mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} +{{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} spec: backoffLimit: 4 + ttlSecondsAfterFinished: 300 template: metadata: labels: - app: postdelete-addon-cleanup-job + app: addon-cleanup-job {{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 8 }} {{- end }} @@ -48,60 +80,60 @@ spec: env: - name: INSTANCE_ID value: "{{ .Values.instance_id }}" - - name: CR_NAMESPACE - value: "mas-{{ .Values.instance_id }}-core" - - name: CR_NAME - value: "{{ .Values.instance_id }}-addons-additional-resources" - - name: CR_API_VERSION - value: "addons.mas.ibm.com/v1" - - name: CR_KIND - value: "GenericAddon" + - name: ADDON_TYPE + value: "{{ $_addon_type }}" command: - - /bin/sh + - /bin/bash - -c - | set -e - function delete_oc_resource(){ - RESOURCE=$1 - NAMESPACE=$2 - echo - echo "------------------------------------------------------------------" - echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " + # Function to delete a resource with verification + function delete_resource() { + local RESOURCE_TYPE=$1 + local RESOURCE_NAME=$2 + local NAMESPACE=$3 - # don't want a non-zero rc from oc get to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -z "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE not found, skipping" + echo "" + echo "================================================================" + echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" + + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) + + if [[ -z "$RESOURCE_LOOKUP" ]]; then + echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." return 0 fi - echo "oc delete resource $RESOURCE in namespace $NAMESPACE " - - # don't want a non-zero rc from oc delete to cause the job to fail - # so, temporarily set +e + echo "Found ${RESOURCE_TYPE}/${RESOURCE_NAME}, deleting..." set +e - oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true - return_code=$? + oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=300s --wait=true + DELETE_RC=$? set -e - echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " - # don't want a non-zero rc from oc get to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -n "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE still present, failing job" - exit 1 + if [[ $DELETE_RC -ne 0 ]]; then + echo "Warning: Delete command returned non-zero exit code: $DELETE_RC" fi - echo "... verified" + # Verify deletion + echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) + + if [[ ! -z "$RESOURCE_LOOKUP" ]]; then + echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" + return 1 + fi + + echo "Successfully deleted ${RESOURCE_TYPE}/${RESOURCE_NAME}" return 0 } - delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" + # Delete the GenericAddon CR using the addon type from environment + echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" + delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" + + echo "" + echo "================================================================" + echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" {{- end }} +{{- end }} \ No newline at end of file From bc9ff6919b0a15d1387878cef0188d52a6f1d8ee Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 14:05:50 +0530 Subject: [PATCH 54/77] [patch] update condition --- .../550-ibm-mas-addons-config/templates/00-networkpolicy.yaml | 2 +- .../550-ibm-mas-addons-config/templates/00-rbac.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index c8bad0e17..5695ca4ba 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources }} +{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources.install }} --- # Permit outbound communication by the Job pods # (Needed to communicate with the K8S HTTP API) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index 2f882ae56..996957a3c 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources }} +{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources.install }} --- kind: ServiceAccount apiVersion: v1 From b034aec584560d568a4bffc8e145669b3432d527 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 14:24:02 +0530 Subject: [PATCH 55/77] [patch] add delete policy --- .../templates/00-networkpolicy.yaml | 2 ++ .../550-ibm-mas-addons-config/templates/00-rbac.yaml | 6 ++++++ .../templates/08-addon-cleanup-job.yaml | 2 ++ 3 files changed, 10 insertions(+) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index 5695ca4ba..aaab6ccda 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -9,6 +9,8 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "558" + argocd.argoproj.io/hook: PreDelete + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index 996957a3c..665c7582c 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -7,6 +7,8 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "557" + argocd.argoproj.io/hook: PreDelete + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -20,6 +22,8 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "557" + argocd.argoproj.io/hook: PreDelete + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -43,6 +47,8 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "558" + argocd.argoproj.io/hook: PreDelete + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index a4e69d45b..53d047c5d 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -47,6 +47,8 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "559" + argocd.argoproj.io/hook: PreDelete + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation labels: mas.ibm.com/instanceId: {{ .Values.instance_id }} mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} From fe5fadd60e18c3952992c59f266abfe14b53fd73 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 15:28:15 +0530 Subject: [PATCH 56/77] [patch] fix indentation issue --- .../550-ibm-mas-addons-config/templates/00-networkpolicy.yaml | 2 +- .../550-ibm-mas-addons-config/templates/00-rbac.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index aaab6ccda..54edf6baf 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources.install }} +{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration (and .Values.additional_resources .Values.additional_resources.install) }} --- # Permit outbound communication by the Job pods # (Needed to communicate with the K8S HTTP API) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index 665c7582c..56c926c75 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration .Values.additional_resources.install }} +{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration (and .Values.additional_resources .Values.additional_resources.install) }} --- kind: ServiceAccount apiVersion: v1 From 54764f9bf0bc150c37df86809144c5d8e32098c4 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 18:29:25 +0530 Subject: [PATCH 57/77] [patch] update changes to clean up network policy --- .../templates/00-rbac.yaml | 32 +++++++++-- .../templates/08-addon-cleanup-job.yaml | 53 ++++++++++++++++++- 2 files changed, 80 insertions(+), 5 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index 56c926c75..3b6f30d51 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -1,4 +1,3 @@ -{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration (and .Values.additional_resources .Values.additional_resources.install) }} --- kind: ServiceAccount apiVersion: v1 @@ -38,6 +37,34 @@ rules: - addons.mas.ibm.com resources: - genericaddons + - verbs: + - get + - list + - delete + - watch + apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - verbs: + - get + - list + - delete + - watch + apiGroups: + - "" + resources: + - serviceaccounts + - verbs: + - get + - list + - delete + - watch + apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings --- kind: RoleBinding @@ -60,5 +87,4 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: addon-cleanup-role -{{- end }} + name: addon-cleanup-role \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index 53d047c5d..d9043ab86 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -6,11 +6,18 @@ CLI Image Digest - must be updated when CLI version changes {{- if .Values.additional_resources }} {{- if eq .Values.additional_resources.install false }} +{{- $_addon_type := "additional-resources" }} +{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} +{{- $_namespace := printf "mas-%s-core" .Values.instance_id }} + +{{- /* Check if the GenericAddon CR exists before creating the cleanup job */}} +{{- $genericAddon := lookup "addons.mas.ibm.com/v1" "GenericAddon" $_namespace $_addon_cr_name }} +{{- if $genericAddon }} + {{- /* Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. */}} {{- $_job_name_prefix := "cleanup-addons" }} -{{- $_addon_type := "additional-resources" }} {{- /* A dict of values that influence the behaviour of the job in some way. @@ -115,10 +122,27 @@ spec: if [[ $DELETE_RC -ne 0 ]]; then echo "Warning: Delete command returned non-zero exit code: $DELETE_RC" + echo "Attempting to remove finalizers..." + + # Try to patch out finalizers if delete failed + set +e + oc patch ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} \ + --type json \ + -p='[{"op": "remove", "path": "/metadata/finalizers"}]' 2>&1 + PATCH_RC=$? + set -e + + if [[ $PATCH_RC -eq 0 ]]; then + echo "Successfully removed finalizers, retrying deletion..." + set +e + oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=60s --wait=true 2>&1 + set -e + fi fi # Verify deletion echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." + sleep 3 RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) if [[ ! -z "$RESOURCE_LOOKUP" ]]; then @@ -134,8 +158,33 @@ spec: echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" + # Delete the NetworkPolicy for addon cleanup job echo "" echo "================================================================" - echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" + echo "Cleaning up NetworkPolicy for addon cleanup job" + delete_resource "networkpolicy" "${INSTANCE_ID}-allow-oc-addon-cleanup-job" "mas-${INSTANCE_ID}-core" + + # Delete the ServiceAccount for addon cleanup + echo "" + echo "================================================================" + echo "Cleaning up ServiceAccount for addon cleanup" + delete_resource "serviceaccount" "addon-cleanup-sa" "mas-${INSTANCE_ID}-core" + + # Delete the Role for addon cleanup + echo "" + echo "================================================================" + echo "Cleaning up Role for addon cleanup" + delete_resource "role" "addon-cleanup-role" "mas-${INSTANCE_ID}-core" + + # Delete the RoleBinding for addon cleanup + echo "" + echo "================================================================" + echo "Cleaning up RoleBinding for addon cleanup" + delete_resource "rolebinding" "addon-cleanup-rb" "mas-${INSTANCE_ID}-core" + + echo "" + echo "================================================================" + echo "Cleanup complete - All resources removed for ${ADDON_TYPE}" +{{- end }} {{- end }} {{- end }} \ No newline at end of file From d6acfca1609bea813d6139891ce711168b559890 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 18:56:10 +0530 Subject: [PATCH 58/77] [patch] remove hook --- .../templates/00-networkpolicy.yaml | 2 -- .../550-ibm-mas-addons-config/templates/00-rbac.yaml | 6 ------ 2 files changed, 8 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index 54edf6baf..9692faaa9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -9,8 +9,6 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "558" - argocd.argoproj.io/hook: PreDelete - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml index 3b6f30d51..15c3ec586 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml @@ -6,8 +6,6 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "557" - argocd.argoproj.io/hook: PreDelete - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -21,8 +19,6 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "557" - argocd.argoproj.io/hook: PreDelete - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -74,8 +70,6 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "558" - argocd.argoproj.io/hook: PreDelete - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} From 3a8f6957d1eb4bdefada5ccca81177c7ef960f4a Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 18:57:01 +0530 Subject: [PATCH 59/77] [patch] remove condition --- .../550-ibm-mas-addons-config/templates/00-networkpolicy.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml index 9692faaa9..14c2d229d 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml @@ -1,4 +1,3 @@ -{{- if or .Values.allow_list .Values.additional_vpn .Values.enhanced_dr .Values.extensions .Values.replica_db .Values.cluster_nonshared .Values.application_configuration (and .Values.additional_resources .Values.additional_resources.install) }} --- # Permit outbound communication by the Job pods # (Needed to communicate with the K8S HTTP API) @@ -20,5 +19,4 @@ spec: egress: - {} policyTypes: - - Egress -{{- end }} + - Egress \ No newline at end of file From e28a71fe7737250938f4328181d1c2da976f8104 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 19:03:39 +0530 Subject: [PATCH 60/77] [patch] remove hook --- .../templates/08-addon-cleanup-job.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index d9043ab86..f815781cb 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -54,8 +54,6 @@ metadata: namespace: mas-{{ .Values.instance_id }}-core annotations: argocd.argoproj.io/sync-wave: "559" - argocd.argoproj.io/hook: PreDelete - argocd.argoproj.io/hook-delete-policy: BeforeHookCreation labels: mas.ibm.com/instanceId: {{ .Values.instance_id }} mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} From 75f83c4f33930167cb8c6548b20fb9f711076ce5 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 19:09:24 +0530 Subject: [PATCH 61/77] [patch] remove condition for testing --- .../templates/08-addon-cleanup-job.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index f815781cb..e00aa7320 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -12,7 +12,6 @@ CLI Image Digest - must be updated when CLI version changes {{- /* Check if the GenericAddon CR exists before creating the cleanup job */}} {{- $genericAddon := lookup "addons.mas.ibm.com/v1" "GenericAddon" $_namespace $_addon_cr_name }} -{{- if $genericAddon }} {{- /* Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. @@ -184,5 +183,4 @@ spec: echo "================================================================" echo "Cleanup complete - All resources removed for ${ADDON_TYPE}" {{- end }} -{{- end }} {{- end }} \ No newline at end of file From e3874f50bf2d70b762c56f5162c0990204053016 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 19:22:27 +0530 Subject: [PATCH 62/77] [patch] update sequece for testing --- .../templates/08-addon-cleanup-job.yaml | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index e00aa7320..43f47abe4 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -155,17 +155,11 @@ spec: echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" - # Delete the NetworkPolicy for addon cleanup job + # Delete the RoleBinding for addon cleanup (before Role) echo "" echo "================================================================" - echo "Cleaning up NetworkPolicy for addon cleanup job" - delete_resource "networkpolicy" "${INSTANCE_ID}-allow-oc-addon-cleanup-job" "mas-${INSTANCE_ID}-core" - - # Delete the ServiceAccount for addon cleanup - echo "" - echo "================================================================" - echo "Cleaning up ServiceAccount for addon cleanup" - delete_resource "serviceaccount" "addon-cleanup-sa" "mas-${INSTANCE_ID}-core" + echo "Cleaning up RoleBinding for addon cleanup" + delete_resource "rolebinding" "addon-cleanup-rb" "mas-${INSTANCE_ID}-core" # Delete the Role for addon cleanup echo "" @@ -173,11 +167,18 @@ spec: echo "Cleaning up Role for addon cleanup" delete_resource "role" "addon-cleanup-role" "mas-${INSTANCE_ID}-core" - # Delete the RoleBinding for addon cleanup + # Delete the ServiceAccount for addon cleanup echo "" echo "================================================================" - echo "Cleaning up RoleBinding for addon cleanup" - delete_resource "rolebinding" "addon-cleanup-rb" "mas-${INSTANCE_ID}-core" + echo "Cleaning up ServiceAccount for addon cleanup" + delete_resource "serviceaccount" "addon-cleanup-sa" "mas-${INSTANCE_ID}-core" + + # IMPORTANT: Delete NetworkPolicy LAST to maintain network connectivity + # Deleting it earlier would block API server access for subsequent commands + echo "" + echo "================================================================" + echo "Cleaning up NetworkPolicy for addon cleanup job (deleting last to maintain connectivity)" + delete_resource "networkpolicy" "${INSTANCE_ID}-allow-oc-addon-cleanup-job" "mas-${INSTANCE_ID}-core" echo "" echo "================================================================" From 10ab3657a9a45625f05da51c2a0547d0a07d1c71 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 20:04:18 +0530 Subject: [PATCH 63/77] [patch] update network policies --- .../templates/00-networkpolicy.yaml | 22 ----- .../templates/00-rbac.yaml | 84 ------------------- .../templates/08-addon-cleanup-job.yaml | 40 +++------ 3 files changed, 13 insertions(+), 133 deletions(-) delete mode 100644 instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml delete mode 100644 instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml deleted file mode 100644 index 14c2d229d..000000000 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-networkpolicy.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Permit outbound communication by the Job pods -# (Needed to communicate with the K8S HTTP API) -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: "{{ .Values.instance_id }}-allow-oc-addon-cleanup-job" - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "558" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - podSelector: - matchLabels: - app: addon-cleanup-job - egress: - - {} - policyTypes: - - Egress \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml b/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml deleted file mode 100644 index 15c3ec586..000000000 --- a/instance-applications/550-ibm-mas-addons-config/templates/00-rbac.yaml +++ /dev/null @@ -1,84 +0,0 @@ ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: addon-cleanup-sa - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "557" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} - ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: addon-cleanup-role - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "557" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -rules: - - verbs: - - get - - list - - delete - - watch - apiGroups: - - addons.mas.ibm.com - resources: - - genericaddons - - verbs: - - get - - list - - delete - - watch - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - verbs: - - get - - list - - delete - - watch - apiGroups: - - "" - resources: - - serviceaccounts - - verbs: - - get - - list - - delete - - watch - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - - rolebindings - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: addon-cleanup-rb - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "558" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -subjects: - - kind: ServiceAccount - name: addon-cleanup-sa - namespace: mas-{{ .Values.instance_id }}-core -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: addon-cleanup-role \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml index 43f47abe4..3d40173d7 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml @@ -44,6 +44,14 @@ to identify old Job resources that should be pruned on behalf of ArgoCD. */}} {{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} +# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) +# The values below must align with the values in that file +{{ $role_name := "postdelete-delete-cr-r" }} +{{ $sa_name := "postdelete-delete-cr-sa" }} +{{ $rb_name := "postdelete-delete-cr-rb" }} +{{ $np_name := "postdelete-delete-cr-np" }} +{{ $job_label := "postdelete-delete-cr-job" }} + --- # Cleanup Job - Deletes GenericAddon CR when install is set to false apiVersion: batch/v1 @@ -65,12 +73,12 @@ spec: template: metadata: labels: - app: addon-cleanup-job + app: {{ $job_label }} {{- if .Values.custom_labels }} {{ .Values.custom_labels | toYaml | indent 8 }} {{- end }} spec: - serviceAccountName: addon-cleanup-sa + serviceAccountName: {{ $sa_name }} restartPolicy: Never containers: - name: cleanup @@ -155,33 +163,11 @@ spec: echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" - # Delete the RoleBinding for addon cleanup (before Role) - echo "" - echo "================================================================" - echo "Cleaning up RoleBinding for addon cleanup" - delete_resource "rolebinding" "addon-cleanup-rb" "mas-${INSTANCE_ID}-core" - - # Delete the Role for addon cleanup - echo "" - echo "================================================================" - echo "Cleaning up Role for addon cleanup" - delete_resource "role" "addon-cleanup-role" "mas-${INSTANCE_ID}-core" - - # Delete the ServiceAccount for addon cleanup - echo "" - echo "================================================================" - echo "Cleaning up ServiceAccount for addon cleanup" - delete_resource "serviceaccount" "addon-cleanup-sa" "mas-${INSTANCE_ID}-core" - - # IMPORTANT: Delete NetworkPolicy LAST to maintain network connectivity - # Deleting it earlier would block API server access for subsequent commands echo "" echo "================================================================" - echo "Cleaning up NetworkPolicy for addon cleanup job (deleting last to maintain connectivity)" - delete_resource "networkpolicy" "${INSTANCE_ID}-allow-oc-addon-cleanup-job" "mas-${INSTANCE_ID}-core" - + echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" echo "" - echo "================================================================" - echo "Cleanup complete - All resources removed for ${ADDON_TYPE}" + echo "NOTE: Shared RBAC resources (ServiceAccount, Role, RoleBinding, NetworkPolicy)" + echo "are managed by the ibm-mas-suite chart and will be cleaned up separately." {{- end }} {{- end }} \ No newline at end of file From 1de3207099849bb178abd766775c50e9ab3f79b1 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Thu, 22 Jan 2026 20:18:59 +0530 Subject: [PATCH 64/77] [patch] add generic addon --- .../templates/01-postdelete-crs-resources.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/instance-applications/130-ibm-mas-suite/templates/01-postdelete-crs-resources.yaml b/instance-applications/130-ibm-mas-suite/templates/01-postdelete-crs-resources.yaml index d9c738747..2b58bb336 100644 --- a/instance-applications/130-ibm-mas-suite/templates/01-postdelete-crs-resources.yaml +++ b/instance-applications/130-ibm-mas-suite/templates/01-postdelete-crs-resources.yaml @@ -63,6 +63,15 @@ rules: - "config.mas.ibm.com" resources: - "*" + - verbs: + - delete + - get + - list + - watch + apiGroups: + - addons.mas.ibm.com + resources: + - genericaddons --- kind: ServiceAccount From f307990a15b583659259989610f5ba347e74b92f Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 12:03:17 +0530 Subject: [PATCH 65/77] [patch] add support to delete cr for clean up --- .../instance1/ibm-mas-instance-base.yaml | 1 - .../templates/08-additional-resources-cr.yaml | 2 +- .../templates/08-addon-cleanup-job.yaml | 173 ------------------ .../templates/postdelete-delete-cr.yaml | 118 ++++++++++++ 4 files changed, 119 insertions(+), 175 deletions(-) delete mode 100644 instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml diff --git a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml index 128301016..90fd59c27 100644 --- a/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml +++ b/example-config/dev/cluster1/instance1/ibm-mas-instance-base.yaml @@ -19,7 +19,6 @@ sm: # Additional Resources Configuration Example additional_resources: - install: true instances: - name: instance-name-1 cost: 100 diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml index 93a21984c..846febca9 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/08-additional-resources-cr.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.additional_resources (eq .Values.additional_resources.install true) }} +{{- if .Values.additional_resources }} --- apiVersion: addons.mas.ibm.com/v1 kind: GenericAddon diff --git a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml b/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml deleted file mode 100644 index 3d40173d7..000000000 --- a/instance-applications/550-ibm-mas-addons-config/templates/08-addon-cleanup-job.yaml +++ /dev/null @@ -1,173 +0,0 @@ -{{- /* -CLI Image Digest - must be updated when CLI version changes -*/}} -{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} - -{{- if .Values.additional_resources }} -{{- if eq .Values.additional_resources.install false }} - -{{- $_addon_type := "additional-resources" }} -{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} -{{- $_namespace := printf "mas-%s-core" .Values.instance_id }} - -{{- /* Check if the GenericAddon CR exists before creating the cleanup job */}} -{{- $genericAddon := lookup "addons.mas.ibm.com/v1" "GenericAddon" $_namespace $_addon_cr_name }} - -{{- /* -Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. -*/}} -{{- $_job_name_prefix := "cleanup-addons" }} - -{{- /* -A dict of values that influence the behaviour of the job in some way. -Any changes to values in this dict will trigger a rerun of the job. -*/}} -{{- $_job_config_values := omit .Values "junitreporter" }} - -{{- /* -Increment this value whenever you make a change to an immutable field of the Job resource. -*/}} -{{- $_job_version := "v4" }} - -{{- /* -10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest -This ensures ArgoCD will create a new job resource instead of attempting to update an immutable field. -*/}} -{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} - -{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} - -{{- /* -Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. -When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label -to identify old Job resources that should be pruned on behalf of ArgoCD. -*/}} -{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} - -# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) -# The values below must align with the values in that file -{{ $role_name := "postdelete-delete-cr-r" }} -{{ $sa_name := "postdelete-delete-cr-sa" }} -{{ $rb_name := "postdelete-delete-cr-rb" }} -{{ $np_name := "postdelete-delete-cr-np" }} -{{ $job_label := "postdelete-delete-cr-job" }} - ---- -# Cleanup Job - Deletes GenericAddon CR when install is set to false -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $_job_name }} - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "559" - labels: - mas.ibm.com/instanceId: {{ .Values.instance_id }} - mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} -{{- if .Values.custom_labels }} -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - backoffLimit: 4 - ttlSecondsAfterFinished: 300 - template: - metadata: - labels: - app: {{ $job_label }} -{{- if .Values.custom_labels }} -{{ .Values.custom_labels | toYaml | indent 8 }} -{{- end }} - spec: - serviceAccountName: {{ $sa_name }} - restartPolicy: Never - containers: - - name: cleanup - image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - env: - - name: INSTANCE_ID - value: "{{ .Values.instance_id }}" - - name: ADDON_TYPE - value: "{{ $_addon_type }}" - command: - - /bin/bash - - -c - - | - set -e - - # Function to delete a resource with verification - function delete_resource() { - local RESOURCE_TYPE=$1 - local RESOURCE_NAME=$2 - local NAMESPACE=$3 - - echo "" - echo "================================================================" - echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" - - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - - if [[ -z "$RESOURCE_LOOKUP" ]]; then - echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." - return 0 - fi - - echo "Found ${RESOURCE_TYPE}/${RESOURCE_NAME}, deleting..." - set +e - oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=300s --wait=true - DELETE_RC=$? - set -e - - if [[ $DELETE_RC -ne 0 ]]; then - echo "Warning: Delete command returned non-zero exit code: $DELETE_RC" - echo "Attempting to remove finalizers..." - - # Try to patch out finalizers if delete failed - set +e - oc patch ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} \ - --type json \ - -p='[{"op": "remove", "path": "/metadata/finalizers"}]' 2>&1 - PATCH_RC=$? - set -e - - if [[ $PATCH_RC -eq 0 ]]; then - echo "Successfully removed finalizers, retrying deletion..." - set +e - oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=60s --wait=true 2>&1 - set -e - fi - fi - - # Verify deletion - echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." - sleep 3 - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - - if [[ ! -z "$RESOURCE_LOOKUP" ]]; then - echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" - return 1 - fi - - echo "Successfully deleted ${RESOURCE_TYPE}/${RESOURCE_NAME}" - return 0 - } - - # Delete the GenericAddon CR using the addon type from environment - echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" - delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" - - echo "" - echo "================================================================" - echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" - echo "" - echo "NOTE: Shared RBAC resources (ServiceAccount, Role, RoleBinding, NetworkPolicy)" - echo "are managed by the ibm-mas-suite chart and will be cleaned up separately." -{{- end }} -{{- end }} \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml new file mode 100644 index 000000000..2fc05274c --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -0,0 +1,118 @@ +{{- if .Values.use_postdelete_hooks }} + +{{- /* +Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. +*/}} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} + +{{- $_addon_type := "additional-resources" }} +{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} + +{{ $job_name := printf "postdelete-delete-cr-job-%s" $_addon_cr_name }} + +# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) +# The values below must align with the values in that file +{{ $role_name := "postdelete-delete-cr-r" }} +{{ $sa_name := "postdelete-delete-cr-sa" }} +{{ $rb_name := "postdelete-delete-cr-rb" }} +{{ $np_name := "postdelete-delete-cr-np" }} +{{ $job_label := "postdelete-delete-cr-job" }} +{{ $ns := printf "mas-%s-core" .Values.instance_id }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $job_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/hook: PostDelete + argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ $job_label }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} + spec: + containers: + - name: run + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + env: + - name: CR_NAMESPACE + value: {{ $ns }} + - name: CR_NAME + value: {{ $_addon_cr_name }} + - name: CR_API_VERSION + value: addons.mas.ibm.com/v1 + - name: CR_KIND + value: GenericAddon + command: + - /bin/sh + - -c + - | + + set -e + + function delete_oc_resource(){ + RESOURCE=$1 + NAMESPACE=$2 + echo + echo "------------------------------------------------------------------" + echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " + + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -z "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE not found, skipping" + return 0 + fi + + echo "oc delete resource $RESOURCE in namespace $NAMESPACE " + + # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) + # so, temporarily set +e + set +e + oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true + return_code=$? + set -e + + echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -n "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE still present, failing job" + exit 1 + fi + + echo "... verified" + return 0 + + } + + delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" + + restartPolicy: Never + serviceAccountName: {{ $sa_name }} + backoffLimit: 4 +{{- end }} \ No newline at end of file From 9c117750a377fdd75ccf764d61b42e115f7d74f8 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 14:18:34 +0530 Subject: [PATCH 66/77] [patch] update condition --- .../templates/postdelete-delete-cr.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml index 2fc05274c..389e9147e 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -1,5 +1,3 @@ -{{- if .Values.use_postdelete_hooks }} - {{- /* Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. */}} @@ -114,5 +112,4 @@ spec: restartPolicy: Never serviceAccountName: {{ $sa_name }} - backoffLimit: 4 -{{- end }} \ No newline at end of file + backoffLimit: 4 \ No newline at end of file From 7ff7cd86dc1e55c8a774f695828b1c8039099c96 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 14:34:25 +0530 Subject: [PATCH 67/77] [patch] update condition --- .../templates/postdelete-delete-cr.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml index 389e9147e..4fcf1bd9a 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.additional_resources.instances }} {{- /* Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. */}} @@ -112,4 +113,5 @@ spec: restartPolicy: Never serviceAccountName: {{ $sa_name }} - backoffLimit: 4 \ No newline at end of file + backoffLimit: 4 +{{- end }} \ No newline at end of file From 12fbf0acc6cba9e32b1b02239001abc837a58015 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 14:36:27 +0530 Subject: [PATCH 68/77] [patch] update condition --- .../templates/postdelete-delete-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml index 4fcf1bd9a..cbd268486 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.additional_resources.instances }} +{{- if not .Values.additional_resources }} {{- /* Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. */}} From ddc478a2166bc7041fdff9d08b87cab5335a02bc Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 14:41:14 +0530 Subject: [PATCH 69/77] [patch] fix lint issue --- .../templates/postdelete-delete-cr.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml index cbd268486..2abe52474 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -1,4 +1,5 @@ {{- if not .Values.additional_resources }} + {{- /* Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. */}} @@ -64,16 +65,13 @@ spec: - /bin/sh - -c - | - set -e - function delete_oc_resource(){ RESOURCE=$1 NAMESPACE=$2 echo echo "------------------------------------------------------------------" echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail # so, temporarily set +e set +e @@ -83,16 +81,13 @@ spec: echo "$RESOURCE not found, skipping" return 0 fi - echo "oc delete resource $RESOURCE in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) # so, temporarily set +e set +e oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true return_code=$? set -e - echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " # don't want a non-zero rc from oc delete to cause the job to fail # so, temporarily set +e @@ -103,14 +98,11 @@ spec: echo "$RESOURCE still present, failing job" exit 1 fi - echo "... verified" return 0 } - delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" - restartPolicy: Never serviceAccountName: {{ $sa_name }} backoffLimit: 4 From e8d89378aaece9bb80a4847c679c6add595561f3 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 14:54:29 +0530 Subject: [PATCH 70/77] [patch] update the condition --- .../templates/postdelete-delete-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml index 2abe52474..f514227a1 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.additional_resources }} +{{- if .Values.use_postdelete_hooks }} {{- /* Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. From d75c4c8c1eb187772de2c4f3433ca9f5f687717c Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 15:50:35 +0530 Subject: [PATCH 71/77] [patch] add support to delete addon cr --- .../templates/cleanup-addons.yaml | 179 ++++++++++++++++++ .../templates/postdelete-delete-cr.yaml | 109 ----------- 2 files changed, 179 insertions(+), 109 deletions(-) create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml delete mode 100644 instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml b/instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml new file mode 100644 index 000000000..51e915f8e --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml @@ -0,0 +1,179 @@ +{{- /* +CLI Image Digest - must be updated when CLI version changes +*/}} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} + +{{- if not .Values.additional_resources }} + +{{- $_addon_type := "additional-resources" }} +{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} +{{- $_namespace := printf "mas-%s-core" .Values.instance_id }} + +{{- /* +Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. +*/}} +{{- $_job_name_prefix := "cleanup-addons" }} + +{{- /* +A dict of values that influence the behaviour of the job in some way. +Any changes to values in this dict will trigger a rerun of the job. +*/}} +{{- $_job_config_values := omit .Values "junitreporter" }} + +{{- /* +Increment this value whenever you make a change to an immutable field of the Job resource. +*/}} +{{- $_job_version := "v1" }} + +{{- /* +10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest +This ensures ArgoCD will create a new job resource instead of attempting to update an immutable field. +*/}} +{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} + +{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} + +{{- /* +Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. +When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label +to identify old Job resources that should be pruned on behalf of ArgoCD. +*/}} +{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} + +# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) +# The values below must align with the values in that file +{{ $role_name := "postdelete-delete-cr-r" }} +{{ $sa_name := "postdelete-delete-cr-sa" }} +{{ $rb_name := "postdelete-delete-cr-rb" }} +{{ $np_name := "postdelete-delete-cr-np" }} +{{ $job_label := "cleanup-addons-job" }} + +--- +# Cleanup Job - Deletes GenericAddon CR when additional_resources is not set +# This job deletes itself after completion and ArgoCD won't track it +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $_job_name }} + namespace: mas-{{ .Values.instance_id }}-core + annotations: + argocd.argoproj.io/sync-wave: "559" + argocd.argoproj.io/compare-options: IgnoreExtraneous + argocd.argoproj.io/sync-options: Prune=false + labels: + mas.ibm.com/instanceId: {{ .Values.instance_id }} + mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} +{{- if .Values.custom_labels}} +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end}} +spec: + backoffLimit: 4 + ttlSecondsAfterFinished: 300 + template: + metadata: + labels: + app: {{ $job_label }} +{{- if .Values.custom_labels}} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end}} + spec: + serviceAccountName: {{ $sa_name }} + restartPolicy: Never + containers: + - name: cleanup + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + env: + - name: INSTANCE_ID + value: "{{ .Values.instance_id }}" + - name: ADDON_TYPE + value: "{{ $_addon_type }}" + command: + - /bin/bash + - -c + - | + set -e + + # Function to delete a resource with verification + function delete_resource() { + local RESOURCE_TYPE=$1 + local RESOURCE_NAME=$2 + local NAMESPACE=$3 + + echo "" + echo "================================================================" + echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" + + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) + + if [[ -z "$RESOURCE_LOOKUP" ]]; then + echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." + return 0 + fi + + echo "Found ${RESOURCE_TYPE}/${RESOURCE_NAME}, deleting..." + set +e + oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=300s --wait=true + DELETE_RC=$? + set -e + + if [[ $DELETE_RC -ne 0 ]]; then + echo "Warning: Delete command returned non-zero exit code: $DELETE_RC" + echo "Attempting to remove finalizers..." + + # Try to patch out finalizers if delete failed + set +e + oc patch ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} \ + --type json \ + -p='[{"op": "remove", "path": "/metadata/finalizers"}]' 2>&1 + PATCH_RC=$? + set -e + + if [[ $PATCH_RC -eq 0 ]]; then + echo "Successfully removed finalizers, retrying deletion..." + set +e + oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=60s --wait=true 2>&1 + set -e + fi + fi + + # Verify deletion + echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." + sleep 3 + RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) + + if [[ ! -z "$RESOURCE_LOOKUP" ]]; then + echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" + return 1 + fi + + echo "Successfully deleted ${RESOURCE_TYPE}/${RESOURCE_NAME}" + return 0 + } + + # Delete the GenericAddon CR using the addon type from environment + echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" + delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" + + echo "" + echo "================================================================" + echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" + echo "" + echo "NOTE: Shared RBAC resources (ServiceAccount, Role, RoleBinding, NetworkPolicy)" + echo "are managed by the ibm-mas-suite chart and will be cleaned up separately." + + # Self-delete this job after successful completion + echo "" + echo "================================================================" + echo "Deleting cleanup job itself: {{ $_job_name }}" + set +e + oc delete job {{ $_job_name }} -n mas-${INSTANCE_ID}-core --wait=false + echo "Job deletion initiated (will complete after pod terminates)" +{{- end }} \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml deleted file mode 100644 index f514227a1..000000000 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.use_postdelete_hooks }} - -{{- /* -Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. -*/}} -{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} - -{{- $_addon_type := "additional-resources" }} -{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} - -{{ $job_name := printf "postdelete-delete-cr-job-%s" $_addon_cr_name }} - -# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) -# The values below must align with the values in that file -{{ $role_name := "postdelete-delete-cr-r" }} -{{ $sa_name := "postdelete-delete-cr-sa" }} -{{ $rb_name := "postdelete-delete-cr-rb" }} -{{ $np_name := "postdelete-delete-cr-np" }} -{{ $job_label := "postdelete-delete-cr-job" }} -{{ $ns := printf "mas-%s-core" .Values.instance_id }} - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $job_name }} - namespace: {{ $ns }} - annotations: - argocd.argoproj.io/hook: PostDelete - argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ $job_label }} -{{- if .Values.custom_labels }} -{{ .Values.custom_labels | toYaml | indent 8 }} -{{- end }} - spec: - containers: - - name: run - image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - env: - - name: CR_NAMESPACE - value: {{ $ns }} - - name: CR_NAME - value: {{ $_addon_cr_name }} - - name: CR_API_VERSION - value: addons.mas.ibm.com/v1 - - name: CR_KIND - value: GenericAddon - command: - - /bin/sh - - -c - - | - set -e - function delete_oc_resource(){ - RESOURCE=$1 - NAMESPACE=$2 - echo - echo "------------------------------------------------------------------" - echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -z "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE not found, skipping" - return 0 - fi - echo "oc delete resource $RESOURCE in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) - # so, temporarily set +e - set +e - oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true - return_code=$? - set -e - echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -n "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE still present, failing job" - exit 1 - fi - echo "... verified" - return 0 - - } - delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" - restartPolicy: Never - serviceAccountName: {{ $sa_name }} - backoffLimit: 4 -{{- end }} \ No newline at end of file From 5ecd1623a3021c39023904f5960039011d2f0b51 Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 18:33:01 +0530 Subject: [PATCH 72/77] [patch] revert changes for testing --- .../templates/cleanup-addons.yaml | 179 ------------------ .../templates/postdelete-delete-cr..yaml | 109 +++++++++++ 2 files changed, 109 insertions(+), 179 deletions(-) delete mode 100644 instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml b/instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml deleted file mode 100644 index 51e915f8e..000000000 --- a/instance-applications/550-ibm-mas-addons-config/templates/cleanup-addons.yaml +++ /dev/null @@ -1,179 +0,0 @@ -{{- /* -CLI Image Digest - must be updated when CLI version changes -*/}} -{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} - -{{- if not .Values.additional_resources }} - -{{- $_addon_type := "additional-resources" }} -{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} -{{- $_namespace := printf "mas-%s-core" .Values.instance_id }} - -{{- /* -Meaningful prefix for the job resource name. Must be under 52 chars in length to leave room for the 11 chars reserved for '-' and $_job_hash. -*/}} -{{- $_job_name_prefix := "cleanup-addons" }} - -{{- /* -A dict of values that influence the behaviour of the job in some way. -Any changes to values in this dict will trigger a rerun of the job. -*/}} -{{- $_job_config_values := omit .Values "junitreporter" }} - -{{- /* -Increment this value whenever you make a change to an immutable field of the Job resource. -*/}} -{{- $_job_version := "v1" }} - -{{- /* -10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest -This ensures ArgoCD will create a new job resource instead of attempting to update an immutable field. -*/}} -{{- $_job_hash := print ($_job_config_values | toYaml) $_cli_image_digest $_job_version | adler32sum }} - -{{- $_job_name := join "-" (list $_job_name_prefix $_job_hash )}} - -{{- /* -Set as the value for the mas.ibm.com/job-cleanup-group label on the Job resource. -When the auto_delete flag is not set on the root application, a CronJob in the cluster uses this label -to identify old Job resources that should be pruned on behalf of ArgoCD. -*/}} -{{- $_job_cleanup_group := cat $_job_name_prefix .Values.instance_id | sha1sum }} - -# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) -# The values below must align with the values in that file -{{ $role_name := "postdelete-delete-cr-r" }} -{{ $sa_name := "postdelete-delete-cr-sa" }} -{{ $rb_name := "postdelete-delete-cr-rb" }} -{{ $np_name := "postdelete-delete-cr-np" }} -{{ $job_label := "cleanup-addons-job" }} - ---- -# Cleanup Job - Deletes GenericAddon CR when additional_resources is not set -# This job deletes itself after completion and ArgoCD won't track it -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $_job_name }} - namespace: mas-{{ .Values.instance_id }}-core - annotations: - argocd.argoproj.io/sync-wave: "559" - argocd.argoproj.io/compare-options: IgnoreExtraneous - argocd.argoproj.io/sync-options: Prune=false - labels: - mas.ibm.com/instanceId: {{ .Values.instance_id }} - mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} -{{- if .Values.custom_labels}} -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end}} -spec: - backoffLimit: 4 - ttlSecondsAfterFinished: 300 - template: - metadata: - labels: - app: {{ $job_label }} -{{- if .Values.custom_labels}} -{{ .Values.custom_labels | toYaml | indent 8 }} -{{- end}} - spec: - serviceAccountName: {{ $sa_name }} - restartPolicy: Never - containers: - - name: cleanup - image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - env: - - name: INSTANCE_ID - value: "{{ .Values.instance_id }}" - - name: ADDON_TYPE - value: "{{ $_addon_type }}" - command: - - /bin/bash - - -c - - | - set -e - - # Function to delete a resource with verification - function delete_resource() { - local RESOURCE_TYPE=$1 - local RESOURCE_NAME=$2 - local NAMESPACE=$3 - - echo "" - echo "================================================================" - echo "Checking for ${RESOURCE_TYPE}/${RESOURCE_NAME} in namespace ${NAMESPACE}" - - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - - if [[ -z "$RESOURCE_LOOKUP" ]]; then - echo "${RESOURCE_TYPE}/${RESOURCE_NAME} not found, nothing to clean up." - return 0 - fi - - echo "Found ${RESOURCE_TYPE}/${RESOURCE_NAME}, deleting..." - set +e - oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=300s --wait=true - DELETE_RC=$? - set -e - - if [[ $DELETE_RC -ne 0 ]]; then - echo "Warning: Delete command returned non-zero exit code: $DELETE_RC" - echo "Attempting to remove finalizers..." - - # Try to patch out finalizers if delete failed - set +e - oc patch ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} \ - --type json \ - -p='[{"op": "remove", "path": "/metadata/finalizers"}]' 2>&1 - PATCH_RC=$? - set -e - - if [[ $PATCH_RC -eq 0 ]]; then - echo "Successfully removed finalizers, retrying deletion..." - set +e - oc delete ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --timeout=60s --wait=true 2>&1 - set -e - fi - fi - - # Verify deletion - echo "Verifying ${RESOURCE_TYPE}/${RESOURCE_NAME} is deleted..." - sleep 3 - RESOURCE_LOOKUP=$(oc get ${RESOURCE_TYPE} ${RESOURCE_NAME} -n ${NAMESPACE} --ignore-not-found) - - if [[ ! -z "$RESOURCE_LOOKUP" ]]; then - echo "ERROR: ${RESOURCE_TYPE}/${RESOURCE_NAME} still present after deletion attempt" - return 1 - fi - - echo "Successfully deleted ${RESOURCE_TYPE}/${RESOURCE_NAME}" - return 0 - } - - # Delete the GenericAddon CR using the addon type from environment - echo "Cleaning up GenericAddon resource for addon type: ${ADDON_TYPE}" - delete_resource "genericaddons.addons.mas.ibm.com" "${INSTANCE_ID}-addons-${ADDON_TYPE}" "mas-${INSTANCE_ID}-core" - - echo "" - echo "================================================================" - echo "Cleanup complete - GenericAddon CR removed for ${ADDON_TYPE}" - echo "" - echo "NOTE: Shared RBAC resources (ServiceAccount, Role, RoleBinding, NetworkPolicy)" - echo "are managed by the ibm-mas-suite chart and will be cleaned up separately." - - # Self-delete this job after successful completion - echo "" - echo "================================================================" - echo "Deleting cleanup job itself: {{ $_job_name }}" - set +e - oc delete job {{ $_job_name }} -n mas-${INSTANCE_ID}-core --wait=false - echo "Job deletion initiated (will complete after pod terminates)" -{{- end }} \ No newline at end of file diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml new file mode 100644 index 000000000..f514227a1 --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml @@ -0,0 +1,109 @@ +{{- if .Values.use_postdelete_hooks }} + +{{- /* +Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. +*/}} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} + +{{- $_addon_type := "additional-resources" }} +{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} + +{{ $job_name := printf "postdelete-delete-cr-job-%s" $_addon_cr_name }} + +# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) +# The values below must align with the values in that file +{{ $role_name := "postdelete-delete-cr-r" }} +{{ $sa_name := "postdelete-delete-cr-sa" }} +{{ $rb_name := "postdelete-delete-cr-rb" }} +{{ $np_name := "postdelete-delete-cr-np" }} +{{ $job_label := "postdelete-delete-cr-job" }} +{{ $ns := printf "mas-%s-core" .Values.instance_id }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $job_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/hook: PostDelete + argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ $job_label }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} + spec: + containers: + - name: run + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + env: + - name: CR_NAMESPACE + value: {{ $ns }} + - name: CR_NAME + value: {{ $_addon_cr_name }} + - name: CR_API_VERSION + value: addons.mas.ibm.com/v1 + - name: CR_KIND + value: GenericAddon + command: + - /bin/sh + - -c + - | + set -e + function delete_oc_resource(){ + RESOURCE=$1 + NAMESPACE=$2 + echo + echo "------------------------------------------------------------------" + echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -z "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE not found, skipping" + return 0 + fi + echo "oc delete resource $RESOURCE in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) + # so, temporarily set +e + set +e + oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true + return_code=$? + set -e + echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -n "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE still present, failing job" + exit 1 + fi + echo "... verified" + return 0 + + } + delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" + restartPolicy: Never + serviceAccountName: {{ $sa_name }} + backoffLimit: 4 +{{- end }} \ No newline at end of file From 33f32e765f1e33d9dc6852eedcafdd4076b86068 Mon Sep 17 00:00:00 2001 From: Andrew Whitfield Date: Fri, 23 Jan 2026 14:08:12 +0000 Subject: [PATCH 73/77] Add finzilizers --- .../templates/550-ibm-mas-addons-config.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml index 20c35c7ed..c54b96646 100644 --- a/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml +++ b/root-applications/ibm-mas-instance-root/templates/550-ibm-mas-addons-config.yaml @@ -20,6 +20,8 @@ metadata: argocd.argoproj.io/sync-options: PruneLast=true finalizers: - resources-finalizer.argocd.argoproj.io + - post-delete-finalizer.argocd.argoproj.io + - post-delete-finalizer.argocd.argoproj.io/cleanup spec: project: "{{ .Values.argo.projects.apps }}" destination: @@ -84,4 +86,4 @@ spec: syncOptions: - CreateNamespace=true - RespectIgnoreDifferences=true -{{ end }} \ No newline at end of file +{{ end }} From 33251ab92849d0b2ac3810cd755fb7cced5cbd6d Mon Sep 17 00:00:00 2001 From: whitfiea Date: Fri, 23 Jan 2026 14:35:40 +0000 Subject: [PATCH 74/77] update file --- .../templates/postdelete-delete-cr.yaml | 109 ++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml new file mode 100644 index 000000000..c7322338e --- /dev/null +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -0,0 +1,109 @@ +{{- if .Values.use_postdelete_hooks }} + +{{- /* +Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. +*/}} +{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} + +{{- $_addon_type := "additional-resources" }} +{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} + +{{ $job_name := printf "postdelete-delete-cr-job-%s" $_addon_cr_name }} + +# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) +# The values below must align with the values in that file +{{ $role_name := "postdelete-delete-cr-r" }} +{{ $sa_name := "postdelete-delete-cr-sa" }} +{{ $rb_name := "postdelete-delete-cr-rb" }} +{{ $np_name := "postdelete-delete-cr-np" }} +{{ $job_label := "postdelete-delete-cr-job" }} +{{ $ns := printf "mas-%s-core" .Values.instance_id }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $job_name }} + namespace: {{ $ns }} + annotations: + argocd.argoproj.io/hook: PostDelete + argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ $job_label }} +{{- if .Values.custom_labels }} +{{ .Values.custom_labels | toYaml | indent 8 }} +{{- end }} + spec: + containers: + - name: run + image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + env: + - name: CR_NAMESPACE + value: {{ $ns }} + - name: CR_NAME + value: {{ $_addon_cr_name }} + - name: CR_API_VERSION + value: addons.mas.ibm.com/v1 + - name: CR_KIND + value: GenericAddon + command: + - /bin/sh + - -c + - | + set -e + function delete_oc_resource(){ + RESOURCE=$1 + NAMESPACE=$2 + echo + echo "------------------------------------------------------------------" + echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -z "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE not found, skipping" + return 0 + fi + echo "oc delete resource $RESOURCE in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) + # so, temporarily set +e + set +e + oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true + return_code=$? + set -e + echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " + # don't want a non-zero rc from oc delete to cause the job to fail + # so, temporarily set +e + set +e + RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") + set -e + if [[ -n "${RESOURCE_NAME}" ]]; then + echo "$RESOURCE still present, failing job" + exit 1 + fi + echo "... verified" + return 0 + + } + delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" + restartPolicy: Never + serviceAccountName: {{ $sa_name }} + backoffLimit: 4 +{{- end }} From 69026be00c2adbe0c900cdb9cfa9e0c2b538fe1e Mon Sep 17 00:00:00 2001 From: whitfiea Date: Fri, 23 Jan 2026 14:40:55 +0000 Subject: [PATCH 75/77] delete file --- .../templates/postdelete-delete-cr..yaml | 109 ------------------ 1 file changed, 109 deletions(-) delete mode 100644 instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml deleted file mode 100644 index f514227a1..000000000 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr..yaml +++ /dev/null @@ -1,109 +0,0 @@ -{{- if .Values.use_postdelete_hooks }} - -{{- /* -Use the build/bin/set-cli-image-digest.sh script to update this value across all charts. -*/}} -{{- $_cli_image_digest := "sha256:55b5d6dd185503f14c112836a9a4899347d28e7b6545e0b9cf21d87f9526fb40" }} - -{{- $_addon_type := "additional-resources" }} -{{- $_addon_cr_name := printf "%s-addons-%s" .Values.instance_id $_addon_type }} - -{{ $job_name := printf "postdelete-delete-cr-job-%s" $_addon_cr_name }} - -# NOTE: depends on resources created in ibm-mas-suite chart (01-postdelete-crs-resources) -# The values below must align with the values in that file -{{ $role_name := "postdelete-delete-cr-r" }} -{{ $sa_name := "postdelete-delete-cr-sa" }} -{{ $rb_name := "postdelete-delete-cr-rb" }} -{{ $np_name := "postdelete-delete-cr-np" }} -{{ $job_label := "postdelete-delete-cr-job" }} -{{ $ns := printf "mas-%s-core" .Values.instance_id }} - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $job_name }} - namespace: {{ $ns }} - annotations: - argocd.argoproj.io/hook: PostDelete - argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ $job_label }} -{{- if .Values.custom_labels }} -{{ .Values.custom_labels | toYaml | indent 8 }} -{{- end }} - spec: - containers: - - name: run - image: {{ .Values.cli_image_repo | default "quay.io/ibmmas/cli" }}@{{ $_cli_image_digest }} - imagePullPolicy: IfNotPresent - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 10m - memory: 64Mi - env: - - name: CR_NAMESPACE - value: {{ $ns }} - - name: CR_NAME - value: {{ $_addon_cr_name }} - - name: CR_API_VERSION - value: addons.mas.ibm.com/v1 - - name: CR_KIND - value: GenericAddon - command: - - /bin/sh - - -c - - | - set -e - function delete_oc_resource(){ - RESOURCE=$1 - NAMESPACE=$2 - echo - echo "------------------------------------------------------------------" - echo "Check if resource $RESOURCE is present in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -z "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE not found, skipping" - return 0 - fi - echo "oc delete resource $RESOURCE in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail (since we then want to try patching out the finalizers) - # so, temporarily set +e - set +e - oc delete $RESOURCE -n $NAMESPACE --timeout=300s --wait=true - return_code=$? - set -e - echo "Verify that resource $RESOURCE is now absent in namespace $NAMESPACE " - # don't want a non-zero rc from oc delete to cause the job to fail - # so, temporarily set +e - set +e - RESOURCE_NAME=$(oc get $RESOURCE -n $NAMESPACE -o=jsonpath="{.metadata.name}") - set -e - if [[ -n "${RESOURCE_NAME}" ]]; then - echo "$RESOURCE still present, failing job" - exit 1 - fi - echo "... verified" - return 0 - - } - delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" - restartPolicy: Never - serviceAccountName: {{ $sa_name }} - backoffLimit: 4 -{{- end }} \ No newline at end of file From 41bfcae17987a9372fdcb7ea8e910a0a8d7fdd6f Mon Sep 17 00:00:00 2001 From: whitfiea Date: Fri, 23 Jan 2026 14:43:19 +0000 Subject: [PATCH 76/77] remove hook delete --- .../templates/postdelete-delete-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml index c7322338e..1923c0684 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -27,7 +27,7 @@ metadata: namespace: {{ $ns }} annotations: argocd.argoproj.io/hook: PostDelete - argocd.argoproj.io/hook-delete-policy: HookSucceeded,BeforeHookCreation + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} From 15efb02d6c83c2c08dd12702e3c71c4e112a5b0e Mon Sep 17 00:00:00 2001 From: hita pandya Date: Fri, 23 Jan 2026 21:03:47 +0530 Subject: [PATCH 77/77] [patch] fix resouce name --- .../templates/postdelete-delete-cr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml index 1923c0684..7acbf1626 100644 --- a/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml +++ b/instance-applications/550-ibm-mas-addons-config/templates/postdelete-delete-cr.yaml @@ -102,7 +102,7 @@ spec: return 0 } - delete_oc_resource "${CR_KIND}.${CR_API_VERSION}/${CR_NAME}" "${CR_NAMESPACE}" + delete_oc_resource "${CR_KIND} ${CR_NAME}" "${CR_NAMESPACE}" restartPolicy: Never serviceAccountName: {{ $sa_name }} backoffLimit: 4