From 643e22552320c4e4ed631fb18bf828c0be100313 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Thu, 27 Nov 2025 08:29:57 +0100 Subject: [PATCH 01/20] Use newer url --- values-group-one.yaml | 2 +- values-hub.yaml | 2 +- values-standalone.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/values-group-one.yaml b/values-group-one.yaml index cd163243f..fd053aa29 100644 --- a/values-group-one.yaml +++ b/values-group-one.yaml @@ -35,7 +35,7 @@ clusterGroup: # Total timeout of all jobs is 1h: imperative.activeDeadlineSeconds # imagePullPolicy is set to always: imperative.imagePullPolicy # For additional overrides that apply to the jobs, please refer to - # https://hybrid-cloud-patterns.io/imperative-actions/#additional-job-customizations + # https://validatedpatterns.io/patterns/multicloud-gitops/mcg-imperative-actions/ jobs: - name: hello-world # ansible playbook to be run diff --git a/values-hub.yaml b/values-hub.yaml index 5df42e5dc..0fa403716 100644 --- a/values-hub.yaml +++ b/values-hub.yaml @@ -74,7 +74,7 @@ clusterGroup: # Total timeout of all jobs is 1h: imperative.activeDeadlineSeconds # imagePullPolicy is set to always: imperative.imagePullPolicy # For additional overrides that apply to the jobs, please refer to - # https://hybrid-cloud-patterns.io/imperative-actions/#additional-job-customizations + # https://validatedpatterns.io/patterns/multicloud-gitops/mcg-imperative-actions/ jobs: - name: hello-world # ansible playbook to be run diff --git a/values-standalone.yaml b/values-standalone.yaml index 41744ed6f..57d74f9f1 100644 --- a/values-standalone.yaml +++ b/values-standalone.yaml @@ -51,7 +51,7 @@ clusterGroup: # Total timeout of all jobs is 1h: imperative.activeDeadlineSeconds # imagePullPolicy is set to always: imperative.imagePullPolicy # For additional overrides that apply to the jobs, please refer to - # https://hybrid-cloud-patterns.io/imperative-actions/#additional-job-customizations + # https://validatedpatterns.io/patterns/multicloud-gitops/mcg-imperative-actions/ jobs: - name: hello-world # ansible playbook to be run From 496c9fc51a63c391bbcec49304e6ccf3fec8b5c4 Mon Sep 17 00:00:00 2001 From: day0hero Date: Thu, 27 Nov 2025 22:37:31 +0000 Subject: [PATCH 02/20] domain update --- overrides/values-AWS.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overrides/values-AWS.yaml b/overrides/values-AWS.yaml index 03fa07758..2de4abcf9 100644 --- a/overrides/values-AWS.yaml +++ b/overrides/values-AWS.yaml @@ -2,7 +2,7 @@ # to enable letsencrypt certificates on API endpoint and default # ingress of the cluster # It is currently very experimental and unsupported. -# PLEASE read https://github.com/hybrid-cloud-patterns/common/tree/main/letsencrypt#readme +# PLEASE read https://github.com/validatedpatterns/common/tree/main/letsencrypt#readme # for all the limitations around it From 319cae25e4fa659c1d249a1643eaf8def1eed77c Mon Sep 17 00:00:00 2001 From: Mark LaBonte Date: Tue, 9 Dec 2025 13:44:57 -0500 Subject: [PATCH 03/20] Add missing project in app check --- tests/interop/test_validate_edge_site_components.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/interop/test_validate_edge_site_components.py b/tests/interop/test_validate_edge_site_components.py index 3f4c91eff..4722ea2b2 100644 --- a/tests/interop/test_validate_edge_site_components.py +++ b/tests/interop/test_validate_edge_site_components.py @@ -60,7 +60,7 @@ def test_check_pod_status(openshift_dyn_client): @pytest.mark.validate_argocd_applications_health_edge_site def test_validate_argocd_applications_health_edge_site(openshift_dyn_client): logger.info("Get all applications deployed by argocd on edge site") - projects = ["openshift-gitops"] + projects = ["openshift-gitops", "multicloud-gitops-group-one"] unhealthy_apps = application.get_argocd_application_status( openshift_dyn_client, projects ) From 11cfcba8db6104d957d9494721ea871fbdcba367 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:27:00 -0500 Subject: [PATCH 04/20] fix(tests): add error handling & env var validation to create_ci_badge.py - Use os.environ.get() for HOME to avoid KeyError at module load - Handle all exception types in get_openshift_version() (KeyError, JSONDecodeError, etc.) - Check subprocess return code before processing output - Validate versions tuple is not None before indexing - Validate WORKSPACE exists and is a directory before os.listdir() - Validate PATTERN_SHORTNAME and INFRA_PROVIDER before string concatenation - Exit with error code on failures instead of crashing --- tests/interop/create_ci_badge.py | 57 +++++++++++++++++++++++++++----- 1 file changed, 48 insertions(+), 9 deletions(-) diff --git a/tests/interop/create_ci_badge.py b/tests/interop/create_ci_badge.py index 8ed179a40..cb4bb862d 100644 --- a/tests/interop/create_ci_badge.py +++ b/tests/interop/create_ci_badge.py @@ -1,11 +1,14 @@ import json import os import subprocess +import sys from datetime import datetime from junitparser import JUnitXml -oc = os.environ["HOME"] + "/oc_client/oc" +# Use os.environ.get() with fallback to avoid KeyError +home_dir = os.environ.get("HOME", "/tmp") +oc = os.path.join(home_dir, "oc_client", "oc") ci_badge = { "schemaVersion": 1, @@ -24,19 +27,36 @@ def get_openshift_version(): + """Get OpenShift version from cluster. + + Returns: + tuple: (full_version, major_minor) on success + None: on any error + """ try: - version_ret = subprocess.run([oc, "version", "-o", "json"], capture_output=True) + version_ret = subprocess.run( + [oc, "version", "-o", "json"], + capture_output=True, + check=False + ) + if version_ret.returncode != 0: + print(f"Error running oc version: {version_ret.stderr.decode('utf-8')}") + return None version_out = version_ret.stdout.decode("utf-8") openshift_version = json.loads(version_out)["openshiftVersion"] major_minor = ".".join(openshift_version.split(".")[:-1]) return openshift_version, major_minor - except KeyError as e: - print("KeyError:" + str(e)) + except (KeyError, json.JSONDecodeError, UnicodeDecodeError, OSError) as e: + print(f"Error getting OpenShift version: {type(e).__name__}: {e}") return None if __name__ == "__main__": versions = get_openshift_version() + if versions is None: + print("Failed to get OpenShift version, exiting") + sys.exit(1) + ci_badge["openshiftVersion"] = versions[0] pattern_repo = subprocess.run( @@ -51,12 +71,20 @@ def get_openshift_version(): # Check each xml file for failures results_dir = os.environ.get("WORKSPACE") + if results_dir is None: + print("WORKSPACE environment variable is not set, exiting") + sys.exit(1) + + if not os.path.isdir(results_dir): + print(f"WORKSPACE directory does not exist: {results_dir}") + sys.exit(1) + failures = 0 for file in os.listdir(results_dir): if file.startswith("test_") and file.endswith(".xml"): - with open(os.path.join(results_dir, file), "r") as result_file: # type: ignore - xml = JUnitXml.fromfile(result_file) # type: ignore + with open(os.path.join(results_dir, file), "r") as result_file: + xml = JUnitXml.fromfile(result_file) for suite in xml: for case in suite: if case.result: @@ -69,15 +97,26 @@ def get_openshift_version(): # For now we assume `message` is the same as patternBranch ci_badge["message"] = ci_badge["patternBranch"] + # Validate required environment variables for filename + pattern_shortname = os.environ.get("PATTERN_SHORTNAME") + infra_provider = os.environ.get("INFRA_PROVIDER") + + if not pattern_shortname: + print("PATTERN_SHORTNAME environment variable is not set, exiting") + sys.exit(1) + if not infra_provider: + print("INFRA_PROVIDER environment variable is not set, exiting") + sys.exit(1) + ci_badge_json_basename = ( - os.environ.get("PATTERN_SHORTNAME") # type: ignore + pattern_shortname + "-" - + os.environ.get("INFRA_PROVIDER") + + infra_provider + "-" + versions[1] + "-stable-badge.json" ) - ci_badge_json_filename = os.path.join(results_dir, ci_badge_json_basename) # type: ignore + ci_badge_json_filename = os.path.join(results_dir, ci_badge_json_basename) print(f"Creating CI badge file at: {ci_badge_json_filename}") with open(ci_badge_json_filename, "w") as ci_badge_file: From 5de515a7910e40865edb57d028e171b75154c004 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:30:22 -0500 Subject: [PATCH 05/20] fix(tests): fix variable scope and subprocess handling in test_modify_web_content.py - Initialize route variable before loop to avoid UnboundLocalError - Add explicit check for route being None after loop - Check subprocess return codes for git add, commit, and push - Log errors when git commands fail - Make timeout and poll interval configurable via environment variables - Initialize new_content before while loop to avoid UnboundLocalError --- tests/interop/test_modify_web_content.py | 49 ++++++++++++++++++------ 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/tests/interop/test_modify_web_content.py b/tests/interop/test_modify_web_content.py index 44cf045c3..f45e43009 100644 --- a/tests/interop/test_modify_web_content.py +++ b/tests/interop/test_modify_web_content.py @@ -14,10 +14,15 @@ logger = logging.getLogger(__loggername__) +# Configurable timeout settings (can be overridden via environment) +CONTENT_UPDATE_TIMEOUT_MINUTES = int(os.environ.get("CONTENT_UPDATE_TIMEOUT_MINUTES", "10")) +CONTENT_UPDATE_POLL_SECONDS = int(os.environ.get("CONTENT_UPDATE_POLL_SECONDS", "30")) + @pytest.mark.modify_web_content def test_modify_web_content(openshift_dyn_client): logger.info("Find the url for the hello-world route") + route = None try: for route in Route.get( dyn_client=openshift_dyn_client, @@ -30,6 +35,11 @@ def test_modify_web_content(openshift_dyn_client): logger.error(f"FAIL: {err_msg}") assert False, err_msg + if route is None: + err_msg = "No route found for hello-world in hello-world namespace" + logger.error(f"FAIL: {err_msg}") + assert False, err_msg + url = "http://" + route.instance.spec.host response = requests.get(url) logger.info(f"Current page content: {response.content}") @@ -53,35 +63,50 @@ def test_modify_web_content(openshift_dyn_client): logger.info("Merge the change") patterns_repo = f"{os.environ['HOME']}/validated_patterns/multicloud-gitops" if os.getenv("EXTERNAL_TEST") != "true": - subprocess.run(["git", "add", chart], cwd=f"{patterns_repo}") - subprocess.run( - ["git", "commit", "-m", "Updating 'hello-world'"], cwd=f"{patterns_repo}" + git_add = subprocess.run(["git", "add", chart], cwd=patterns_repo, capture_output=True, text=True) + if git_add.returncode != 0: + logger.error(f"git add failed: {git_add.stderr}") + + git_commit = subprocess.run( + ["git", "commit", "-m", "Updating 'hello-world'"], cwd=patterns_repo, capture_output=True, text=True ) + if git_commit.returncode != 0: + logger.warning(f"git commit returned non-zero: {git_commit.stderr}") + push = subprocess.run( - ["git", "push"], cwd=f"{patterns_repo}", capture_output=True, text=True + ["git", "push"], cwd=patterns_repo, capture_output=True, text=True ) else: - subprocess.run(["git", "add", chart]) - subprocess.run(["git", "commit", "-m", "Updating 'hello-world'"]) + git_add = subprocess.run(["git", "add", chart], capture_output=True, text=True) + if git_add.returncode != 0: + logger.error(f"git add failed: {git_add.stderr}") + + git_commit = subprocess.run(["git", "commit", "-m", "Updating 'hello-world'"], capture_output=True, text=True) + if git_commit.returncode != 0: + logger.warning(f"git commit returned non-zero: {git_commit.stderr}") + push = subprocess.run(["git", "push"], capture_output=True, text=True) + + if push.returncode != 0: + logger.error(f"git push failed with return code {push.returncode}") logger.info(push.stdout) logger.info(push.stderr) logger.info("Checking for updated page content") - timeout = time.time() + 60 * 10 + timeout = time.time() + 60 * CONTENT_UPDATE_TIMEOUT_MINUTES + new_content = None while time.time() < timeout: - time.sleep(30) + time.sleep(CONTENT_UPDATE_POLL_SECONDS) response = requests.get(url) logger.info(response.content) new_content = re.search(new_heading, str(response.content)) logger.info(new_content) - if (new_content is None) or (new_content.group() != new_heading): - continue - break + if new_content is not None and new_content.group() == new_heading: + break - if (new_content is None) or (new_content.group() != new_heading): + if new_content is None or new_content.group() != new_heading: err_msg = "Did not find updated page content" logger.error(f"FAIL: {err_msg}") assert False, err_msg From 3670678647698c5bf3efb900f40bccd94c8de2a1 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:55:30 -0500 Subject: [PATCH 06/20] fix(tests): make repository path configurable via PATTERNS_REPO_PATH - Add PATTERNS_REPO_PATH environment variable with sensible default - Use os.path.join for proper path construction - Removes hardcoded path that assumed specific directory structure --- tests/interop/test_modify_web_content.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/tests/interop/test_modify_web_content.py b/tests/interop/test_modify_web_content.py index f45e43009..947f51392 100644 --- a/tests/interop/test_modify_web_content.py +++ b/tests/interop/test_modify_web_content.py @@ -18,6 +18,12 @@ CONTENT_UPDATE_TIMEOUT_MINUTES = int(os.environ.get("CONTENT_UPDATE_TIMEOUT_MINUTES", "10")) CONTENT_UPDATE_POLL_SECONDS = int(os.environ.get("CONTENT_UPDATE_POLL_SECONDS", "30")) +# Configurable repository path (can be overridden via environment) +PATTERNS_REPO_PATH = os.environ.get( + "PATTERNS_REPO_PATH", + os.path.join(os.environ.get("HOME", ""), "validated_patterns/multicloud-gitops") +) + @pytest.mark.modify_web_content def test_modify_web_content(openshift_dyn_client): @@ -45,10 +51,9 @@ def test_modify_web_content(openshift_dyn_client): logger.info(f"Current page content: {response.content}") if os.getenv("EXTERNAL_TEST") != "true": - chart = ( - f"{os.environ['HOME']}" - + "/validated_patterns/multicloud-gitops/charts/" - + "all/hello-world/templates/hello-world-cm.yaml" + chart = os.path.join( + PATTERNS_REPO_PATH, + "charts/all/hello-world/templates/hello-world-cm.yaml" ) else: chart = "../../charts/all/hello-world/templates/hello-world-cm.yaml" @@ -61,7 +66,7 @@ def test_modify_web_content(openshift_dyn_client): ) logger.info("Merge the change") - patterns_repo = f"{os.environ['HOME']}/validated_patterns/multicloud-gitops" + patterns_repo = PATTERNS_REPO_PATH if os.getenv("EXTERNAL_TEST") != "true": git_add = subprocess.run(["git", "add", chart], cwd=patterns_repo, capture_output=True, text=True) if git_add.returncode != 0: From 41bf166a79bb315b8c5fe72cf1d2fd4148267ff0 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:33:52 -0500 Subject: [PATCH 07/20] fix(shell): add error handling and proper quoting to pattern.sh - Add set -euo pipefail for strict error handling - Quote $1 in command -v to prevent word splitting - Quote $@ to preserve argument boundaries - Fix regex pattern: use ${HOME} with proper quoting - Quote $REMOTE_PODMAN in arithmetic comparison - Add fallback for REMOTE_PODMAN if command fails - Use ${VAR:-} syntax for unset variable checks with set -u - Add error handling for podman --version command - Convert PODMAN_ARGS, PKI_HOST_MOUNT_ARGS, EXTRA_ARGS to arrays for shellcheck compliance --- pattern.sh | 54 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/pattern.sh b/pattern.sh index d6daa15e7..e7f16e5c2 100755 --- a/pattern.sh +++ b/pattern.sh @@ -1,19 +1,20 @@ #!/bin/bash +set -euo pipefail function is_available { - command -v $1 >/dev/null 2>&1 || { echo >&2 "$1 is required but it's not installed. Aborting."; exit 1; } + command -v "$1" >/dev/null 2>&1 || { echo >&2 "$1 is required but it's not installed. Aborting."; exit 1; } } function version { - echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }' + echo "$1" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }' } -if [ -z "$PATTERN_UTILITY_CONTAINER" ]; then +if [ -z "${PATTERN_UTILITY_CONTAINER:-}" ]; then PATTERN_UTILITY_CONTAINER="quay.io/validatedpatterns/utility-container" fi # If PATTERN_DISCONNECTED_HOME is set it will be used to populate both PATTERN_UTILITY_CONTAINER # and PATTERN_INSTALL_CHART automatically -if [ -n "${PATTERN_DISCONNECTED_HOME}" ]; then +if [ -n "${PATTERN_DISCONNECTED_HOME:-}" ]; then PATTERN_UTILITY_CONTAINER="${PATTERN_DISCONNECTED_HOME}/utility-container" PATTERN_INSTALL_CHART="oci://${PATTERN_DISCONNECTED_HOME}/pattern-install" echo "PATTERN_DISCONNECTED_HOME is set to ${PATTERN_DISCONNECTED_HOME}" @@ -23,10 +24,10 @@ if [ -n "${PATTERN_DISCONNECTED_HOME}" ]; then fi readonly commands=(podman) -for cmd in ${commands[@]}; do is_available "$cmd"; done +for cmd in "${commands[@]}"; do is_available "$cmd"; done UNSUPPORTED_PODMAN_VERSIONS="1.6 1.5" -PODMAN_VERSION_STR=$(podman --version) +PODMAN_VERSION_STR=$(podman --version) || { echo "Failed to get podman version"; exit 1; } for i in ${UNSUPPORTED_PODMAN_VERSIONS}; do # We add a space if echo "${PODMAN_VERSION_STR}" | grep -q -E "\b${i}"; then @@ -41,19 +42,20 @@ done PODMAN_VERSION=$(echo "${PODMAN_VERSION_STR}" | awk '{ print $NF }') # podman < 4.3.0 do not support keep-id:uid=... -if [ $(version "${PODMAN_VERSION}") -lt $(version "4.3.0") ]; then - PODMAN_ARGS="-v ${HOME}:/root" +PODMAN_ARGS=() +if [ "$(version "${PODMAN_VERSION}")" -lt "$(version "4.3.0")" ]; then + PODMAN_ARGS=(-v "${HOME}:/root") else # We do not rely on bash's $UID and $GID because on MacOSX $GID is not set MYNAME=$(id -n -u) MYUID=$(id -u) MYGID=$(id -g) - PODMAN_ARGS="--passwd-entry ${MYNAME}:x:${MYUID}:${MYGID}::/pattern-home:/bin/bash --user ${MYUID}:${MYGID} --userns keep-id:uid=${MYUID},gid=${MYGID}" - + PODMAN_ARGS=(--passwd-entry "${MYNAME}:x:${MYUID}:${MYGID}::/pattern-home:/bin/bash" --user "${MYUID}:${MYGID}" --userns "keep-id:uid=${MYUID},gid=${MYGID}") fi -if [ -n "$KUBECONFIG" ]; then - if [[ ! "${KUBECONFIG}" =~ ^$HOME* ]]; then +if [ -n "${KUBECONFIG:-}" ]; then + # Check if KUBECONFIG path starts with HOME directory + if [[ ! "${KUBECONFIG}" =~ ^"${HOME}" ]]; then echo "${KUBECONFIG} is pointing outside of the HOME folder, this will make it unavailable from the container." echo "Please move it somewhere inside your $HOME folder, as that is what gets bind-mounted inside the container" exit 1 @@ -62,20 +64,26 @@ fi # Detect if we use podman machine. If we do not then we bind mount local host ssl folders # if we are using podman machine then we do not bind mount anything (for now!) -REMOTE_PODMAN=$(podman system connection list | tail -n +2 | wc -l) -if [ $REMOTE_PODMAN -eq 0 ]; then # If we are not using podman machine we check the hosts folders +REMOTE_PODMAN=$(podman system connection list | tail -n +2 | wc -l) || REMOTE_PODMAN=0 +PKI_HOST_MOUNT_ARGS=() +if [ "${REMOTE_PODMAN}" -eq 0 ]; then # If we are not using podman machine we check the hosts folders # We check /etc/pki/tls because on ubuntu /etc/pki/fwupd sometimes # exists but not /etc/pki/tls and we do not want to bind mount in such a case # as it would find no certificates at all. if [ -d /etc/pki/tls ]; then - PKI_HOST_MOUNT_ARGS="-v /etc/pki:/etc/pki:ro" + PKI_HOST_MOUNT_ARGS=(-v /etc/pki:/etc/pki:ro) elif [ -d /etc/ssl ]; then - PKI_HOST_MOUNT_ARGS="-v /etc/ssl:/etc/ssl:ro" + PKI_HOST_MOUNT_ARGS=(-v /etc/ssl:/etc/ssl:ro) else - PKI_HOST_MOUNT_ARGS="-v /usr/share/ca-certificates:/usr/share/ca-certificates:ro" + PKI_HOST_MOUNT_ARGS=(-v /usr/share/ca-certificates:/usr/share/ca-certificates:ro) fi -else - PKI_HOST_MOUNT_ARGS="" +fi + +# Parse EXTRA_ARGS into an array if set +EXTRA_ARGS_ARRAY=() +if [ -n "${EXTRA_ARGS:-}" ]; then + # shellcheck disable=SC2206 + EXTRA_ARGS_ARRAY=(${EXTRA_ARGS}) fi # Copy Kubeconfig from current environment. The utilities will pick up ~/.kube/config if set so it's not mandatory @@ -106,12 +114,12 @@ podman run -it --rm --pull=newer \ -e TOKEN_SECRET \ -e UUID_FILE \ -e VALUES_SECRET \ - ${PKI_HOST_MOUNT_ARGS} \ + "${PKI_HOST_MOUNT_ARGS[@]}" \ -v "$(pwd -P)":"$(pwd -P)" \ -v "${HOME}":"${HOME}" \ -v "${HOME}":/pattern-home \ - ${PODMAN_ARGS} \ - ${EXTRA_ARGS} \ + "${PODMAN_ARGS[@]}" \ + "${EXTRA_ARGS_ARRAY[@]}" \ -w "$(pwd -P)" \ "$PATTERN_UTILITY_CONTAINER" \ - $@ + "$@" From 806c7ee297a68f92bc19a004b21e2dab3f949b27 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:37:45 -0500 Subject: [PATCH 08/20] fix(shell): add error handling and proper quoting to run_tests.sh - Add set -euo pipefail for strict error handling - Quote all variable references ($KUBECONFIG, $KUBECONFIG_EDGE, $WORKSPACE) - Use ${VAR:-} syntax for unset variable checks with set -u - Use mktemp -d instead of /tmp for secure temporary directory - Tests will now fail fast on any error instead of continuing --- tests/interop/run_tests.sh | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/tests/interop/run_tests.sh b/tests/interop/run_tests.sh index a1af3b4be..7a35517f4 100755 --- a/tests/interop/run_tests.sh +++ b/tests/interop/run_tests.sh @@ -1,36 +1,39 @@ #!/usr/bin/bash +set -euo pipefail export EXTERNAL_TEST="true" export PATTERN_NAME="MultiCloudGitops" export PATTERN_SHORTNAME="mcgitops" -if [ -z "${KUBECONFIG}" ]; then +if [ -z "${KUBECONFIG:-}" ]; then echo "No kubeconfig file set for hub cluster" exit 1 fi -if [ -z "${KUBECONFIG_EDGE}" ]; then +if [ -z "${KUBECONFIG_EDGE:-}" ]; then echo "No kubeconfig file set for edge cluster" exit 1 fi -if [ -z "${INFRA_PROVIDER}" ]; then +if [ -z "${INFRA_PROVIDER:-}" ]; then echo "INFRA_PROVIDER is not defined" exit 1 fi -if [ -z "${WORKSPACE}" ]; then - export WORKSPACE=/tmp +if [ -z "${WORKSPACE:-}" ]; then + WORKSPACE=$(mktemp -d) + export WORKSPACE + echo "WORKSPACE not set, using temporary directory: ${WORKSPACE}" fi -pytest -lv --disable-warnings test_subscription_status_hub.py --kubeconfig $KUBECONFIG --junit-xml $WORKSPACE/test_subscription_status_hub.xml +pytest -lv --disable-warnings test_subscription_status_hub.py --kubeconfig "$KUBECONFIG" --junit-xml "$WORKSPACE/test_subscription_status_hub.xml" -pytest -lv --disable-warnings test_subscription_status_edge.py --kubeconfig $KUBECONFIG_EDGE --junit-xml $WORKSPACE/test_subscription_status_edge.xml +pytest -lv --disable-warnings test_subscription_status_edge.py --kubeconfig "$KUBECONFIG_EDGE" --junit-xml "$WORKSPACE/test_subscription_status_edge.xml" -pytest -lv --disable-warnings test_validate_hub_site_components.py --kubeconfig $KUBECONFIG --junit-xml $WORKSPACE/test_validate_hub_site_components.xml +pytest -lv --disable-warnings test_validate_hub_site_components.py --kubeconfig "$KUBECONFIG" --junit-xml "$WORKSPACE/test_validate_hub_site_components.xml" -pytest -lv --disable-warnings test_validate_edge_site_components.py --kubeconfig $KUBECONFIG_EDGE --junit-xml $WORKSPACE/test_validate_edge_site_components.xml +pytest -lv --disable-warnings test_validate_edge_site_components.py --kubeconfig "$KUBECONFIG_EDGE" --junit-xml "$WORKSPACE/test_validate_edge_site_components.xml" -pytest -lv --disable-warnings test_modify_web_content.py --kubeconfig $KUBECONFIG --junit-xml $WORKSPACE/test_modify_web_content.xml +pytest -lv --disable-warnings test_modify_web_content.py --kubeconfig "$KUBECONFIG" --junit-xml "$WORKSPACE/test_modify_web_content.xml" python3 create_ci_badge.py From df56462267fb7d2b5c8b04cdde5a371249037fb3 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:38:06 -0500 Subject: [PATCH 09/20] fix(helm): rename localCluster to localClusterDomain in hello-world values The template hello-world-cm.yaml references .Values.global.localClusterDomain but the values file had the key named localCluster, causing the template to render with an empty value. --- charts/all/hello-world/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/all/hello-world/values.yaml b/charts/all/hello-world/values.yaml index 55083f741..8b8d1398d 100644 --- a/charts/all/hello-world/values.yaml +++ b/charts/all/hello-world/values.yaml @@ -1,4 +1,4 @@ --- global: hubClusterDomain: hub.example.com - localCluster: local.example.com + localClusterDomain: local.example.com From a29bf2296ae62a4c5157e0267020397f01d8439b Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:38:26 -0500 Subject: [PATCH 10/20] fix(helm): change insecureEdgeTerminationPolicy from Allow to Redirect Setting insecureEdgeTerminationPolicy to Allow permits unencrypted HTTP traffic to the routes. Changing to Redirect forces all HTTP requests to be redirected to HTTPS, improving security. Affected routes: - hello-world - config-demo --- charts/all/config-demo/templates/config-demo-route.yaml | 2 +- charts/all/hello-world/templates/hello-world-route.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/all/config-demo/templates/config-demo-route.yaml b/charts/all/config-demo/templates/config-demo-route.yaml index 4a2677287..280447e50 100644 --- a/charts/all/config-demo/templates/config-demo-route.yaml +++ b/charts/all/config-demo/templates/config-demo-route.yaml @@ -13,5 +13,5 @@ spec: weight: 100 wildcardPolicy: None tls: - insecureEdgeTerminationPolicy: Allow + insecureEdgeTerminationPolicy: Redirect termination: edge diff --git a/charts/all/hello-world/templates/hello-world-route.yaml b/charts/all/hello-world/templates/hello-world-route.yaml index 4b1243656..8653c7de3 100644 --- a/charts/all/hello-world/templates/hello-world-route.yaml +++ b/charts/all/hello-world/templates/hello-world-route.yaml @@ -13,5 +13,5 @@ spec: weight: 100 wildcardPolicy: None tls: - insecureEdgeTerminationPolicy: Allow + insecureEdgeTerminationPolicy: Redirect termination: edge From 6d18b333988c2ef0701cd487252b10b73c39f5c5 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:38:45 -0500 Subject: [PATCH 11/20] fix(helm): set readOnlyRootFilesystem to true in config-demo deployment The container already has emptyDir volumes mounted for all writable paths: - /tmp - /var/cache/httpd - /var/run/httpd - /var/www/html (via configMap) With these mounts in place, the root filesystem can safely be read-only, improving container security posture. --- charts/all/config-demo/templates/config-demo-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/all/config-demo/templates/config-demo-deployment.yaml b/charts/all/config-demo/templates/config-demo-deployment.yaml index 64db6c4b7..befa91871 100644 --- a/charts/all/config-demo/templates/config-demo-deployment.yaml +++ b/charts/all/config-demo/templates/config-demo-deployment.yaml @@ -51,7 +51,7 @@ spec: memory: 256Mi securityContext: allowPrivilegeEscalation: false - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true runAsNonRoot: true capabilities: drop: From 68a30e9d26247d82338bf89084c6867df5f81fef Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:56:59 -0500 Subject: [PATCH 12/20] fix(helm): template container images from values.yaml - Add image.repository, image.tag, image.pullPolicy to both chart values - Update deployments to use templated image values - Remove commented imagePullPolicy, now explicit in values - Allows image overrides without modifying templates Affected charts: - hello-world - config-demo --- charts/all/config-demo/templates/config-demo-deployment.yaml | 4 ++-- charts/all/config-demo/values.yaml | 5 +++++ charts/all/hello-world/templates/hello-world-deployment.yaml | 4 ++-- charts/all/hello-world/values.yaml | 5 +++++ 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/charts/all/config-demo/templates/config-demo-deployment.yaml b/charts/all/config-demo/templates/config-demo-deployment.yaml index befa91871..0bd905468 100644 --- a/charts/all/config-demo/templates/config-demo-deployment.yaml +++ b/charts/all/config-demo/templates/config-demo-deployment.yaml @@ -24,8 +24,8 @@ spec: type: RuntimeDefault containers: - name: apache - image: registry.access.redhat.com/ubi10/httpd-24:10.0-1755779646 - #imagePullPolicy: Always + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 8080 name: http diff --git a/charts/all/config-demo/values.yaml b/charts/all/config-demo/values.yaml index 6d27c371d..e8aeee0bd 100644 --- a/charts/all/config-demo/values.yaml +++ b/charts/all/config-demo/values.yaml @@ -13,3 +13,8 @@ global: clusterGroup: isHubCluster: true + +image: + repository: registry.access.redhat.com/ubi10/httpd-24 + tag: "10.0-1755779646" + pullPolicy: IfNotPresent diff --git a/charts/all/hello-world/templates/hello-world-deployment.yaml b/charts/all/hello-world/templates/hello-world-deployment.yaml index e065d4bf1..f5473537f 100644 --- a/charts/all/hello-world/templates/hello-world-deployment.yaml +++ b/charts/all/hello-world/templates/hello-world-deployment.yaml @@ -23,8 +23,8 @@ spec: type: RuntimeDefault containers: - name: apache - image: registry.access.redhat.com/ubi10/httpd-24:10.0-1755779646 - #imagePullPolicy: Always + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 8080 name: http diff --git a/charts/all/hello-world/values.yaml b/charts/all/hello-world/values.yaml index 8b8d1398d..cff2bfd48 100644 --- a/charts/all/hello-world/values.yaml +++ b/charts/all/hello-world/values.yaml @@ -2,3 +2,8 @@ global: hubClusterDomain: hub.example.com localClusterDomain: local.example.com + +image: + repository: registry.access.redhat.com/ubi10/httpd-24 + tag: "10.0-1755779646" + pullPolicy: IfNotPresent From e3d224e73faed220e700fb60fe13b078c7df1f2f Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:58:07 -0500 Subject: [PATCH 13/20] fix(helm): remove unnecessary creationTimestamp: null from pod template Kubernetes auto-populates creationTimestamp. Explicitly setting it to null in templates is unnecessary and may cause validation warnings. --- charts/all/config-demo/templates/config-demo-deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/all/config-demo/templates/config-demo-deployment.yaml b/charts/all/config-demo/templates/config-demo-deployment.yaml index 0bd905468..31974a927 100644 --- a/charts/all/config-demo/templates/config-demo-deployment.yaml +++ b/charts/all/config-demo/templates/config-demo-deployment.yaml @@ -12,7 +12,6 @@ spec: deploymentconfig: config-demo template: metadata: - creationTimestamp: null labels: app: config-demo deploymentconfig: config-demo From c7fb1bdc1d7b462e18e774fd0366b83331cce43b Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:58:34 -0500 Subject: [PATCH 14/20] fix(config): standardize to argoProject key name in values-standalone.yaml The validated patterns operator expects 'argoProject' not 'project'. Also rename 'projects' to 'argoProjects' for consistency with values-hub.yaml. --- values-standalone.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/values-standalone.yaml b/values-standalone.yaml index 57d74f9f1..b70e32b41 100644 --- a/values-standalone.yaml +++ b/values-standalone.yaml @@ -7,7 +7,7 @@ clusterGroup: - config-demo - hello-world subscriptions: {} - projects: + argoProjects: - hub - config-demo - hello-world @@ -26,24 +26,24 @@ clusterGroup: vault: name: vault namespace: vault - project: hub + argoProject: hub chart: hashicorp-vault chartVersion: 0.1.* golang-external-secrets: name: golang-external-secrets namespace: golang-external-secrets - project: hub + argoProject: hub chart: golang-external-secrets chartVersion: 0.1.* config-demo: name: config-demo namespace: config-demo - project: config-demo + argoProject: config-demo path: charts/all/config-demo hello-world: name: hello-world namespace: hello-world - project: hello-world + argoProject: hello-world path: charts/all/hello-world imperative: # NOTE: We *must* use lists and not hashes. As hashes lose ordering once parsed by helm From f436d12f3e94b7f735565a10119948ef64f10f63 Mon Sep 17 00:00:00 2001 From: Brian 'redbeard' Harrington Date: Tue, 13 Jan 2026 17:39:13 -0500 Subject: [PATCH 15/20] fix(ansible): add error handling and explicit configuration site.yaml: - Add task to verify pattern.sh exists before execution - Use playbook_dir instead of PWD lookup for reliable path resolution - Add failed_when condition to properly handle command failures - Print stdout_lines instead of full output object - Conditionally print stderr if present ansible.cfg: - Add interpreter_python=auto_silent to suppress interpreter warnings - Add timeout=30 to prevent hanging on slow systems - Add comment documenting why retry_files_enabled is False --- ansible.cfg | 3 +++ ansible/site.yaml | 22 +++++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 516f8b840..cea5c9d17 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,9 @@ [defaults] localhost_warning=False retry_files_enabled=False +# Retry files disabled to avoid cluttering CI/CD environments +interpreter_python=auto_silent +timeout=30 library=~/.ansible/plugins/modules:./ansible/plugins/modules:./common/ansible/plugins/modules:/usr/share/ansible/plugins/modules roles_path=~/.ansible/roles:./ansible/roles:./common/ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles filter_plugins=~/.ansible/plugins/filter:./ansible/plugins/filter:./common/ansible/plugins/filter:/usr/share/ansible/plugins/filter diff --git a/ansible/site.yaml b/ansible/site.yaml index f0b7c28d2..665738414 100644 --- a/ansible/site.yaml +++ b/ansible/site.yaml @@ -3,15 +3,31 @@ hosts: localhost connection: local tasks: + - name: Verify pattern.sh exists + ansible.builtin.stat: + path: "{{ playbook_dir }}/../pattern.sh" + register: pattern_script + + - name: Fail if pattern.sh does not exist + ansible.builtin.fail: + msg: "pattern.sh not found at {{ playbook_dir }}/../pattern.sh" + when: not pattern_script.stat.exists + # We cannot use .package or .dnf modules because python3 that is used comes # from a virtualenv - name: Launch the installation ansible.builtin.command: ./pattern.sh make install args: - chdir: "{{ lookup('env', 'PWD') }}" + chdir: "{{ playbook_dir }}/.." register: output - changed_when: false + changed_when: output.rc == 0 + failed_when: output.rc != 0 - name: Print output of installation ansible.builtin.debug: - msg: "{{ output }}" + msg: "{{ output.stdout_lines }}" + + - name: Print errors if any + ansible.builtin.debug: + msg: "{{ output.stderr_lines }}" + when: output.stderr_lines | length > 0 From 4b9bd49c261c0d2d48d0e659aaa0e82001c38f6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 04:42:52 +0000 Subject: [PATCH 16/20] Bump ansible/ansible-lint from 25.11.0 to 26.1.1 Bumps [ansible/ansible-lint](https://github.com/ansible/ansible-lint) from 25.11.0 to 26.1.1. - [Release notes](https://github.com/ansible/ansible-lint/releases) - [Commits](https://github.com/ansible/ansible-lint/compare/43e758bad47344f1ce7b699c0020299f486a8026...7f6abc5ef97d0fb043a0f3d416dfbc74399fbda0) --- updated-dependencies: - dependency-name: ansible/ansible-lint dependency-version: 26.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 236a22750..2503ea8e2 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -15,4 +15,4 @@ jobs: persist-credentials: false - name: Lint Ansible Playbook - uses: ansible/ansible-lint@43e758bad47344f1ce7b699c0020299f486a8026 + uses: ansible/ansible-lint@7f6abc5ef97d0fb043a0f3d416dfbc74399fbda0 From 43dd19d82970f52b0b204942adc0aa54eb8d4411 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 19 Jan 2026 12:45:29 +0100 Subject: [PATCH 17/20] Fix black formatting --- tests/interop/create_ci_badge.py | 4 +--- tests/interop/test_modify_web_content.py | 24 +++++++++++++++++------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/tests/interop/create_ci_badge.py b/tests/interop/create_ci_badge.py index cb4bb862d..717b47d1e 100644 --- a/tests/interop/create_ci_badge.py +++ b/tests/interop/create_ci_badge.py @@ -35,9 +35,7 @@ def get_openshift_version(): """ try: version_ret = subprocess.run( - [oc, "version", "-o", "json"], - capture_output=True, - check=False + [oc, "version", "-o", "json"], capture_output=True, check=False ) if version_ret.returncode != 0: print(f"Error running oc version: {version_ret.stderr.decode('utf-8')}") diff --git a/tests/interop/test_modify_web_content.py b/tests/interop/test_modify_web_content.py index 947f51392..3250c02ce 100644 --- a/tests/interop/test_modify_web_content.py +++ b/tests/interop/test_modify_web_content.py @@ -15,13 +15,15 @@ logger = logging.getLogger(__loggername__) # Configurable timeout settings (can be overridden via environment) -CONTENT_UPDATE_TIMEOUT_MINUTES = int(os.environ.get("CONTENT_UPDATE_TIMEOUT_MINUTES", "10")) +CONTENT_UPDATE_TIMEOUT_MINUTES = int( + os.environ.get("CONTENT_UPDATE_TIMEOUT_MINUTES", "10") +) CONTENT_UPDATE_POLL_SECONDS = int(os.environ.get("CONTENT_UPDATE_POLL_SECONDS", "30")) # Configurable repository path (can be overridden via environment) PATTERNS_REPO_PATH = os.environ.get( "PATTERNS_REPO_PATH", - os.path.join(os.environ.get("HOME", ""), "validated_patterns/multicloud-gitops") + os.path.join(os.environ.get("HOME", ""), "validated_patterns/multicloud-gitops"), ) @@ -52,8 +54,7 @@ def test_modify_web_content(openshift_dyn_client): if os.getenv("EXTERNAL_TEST") != "true": chart = os.path.join( - PATTERNS_REPO_PATH, - "charts/all/hello-world/templates/hello-world-cm.yaml" + PATTERNS_REPO_PATH, "charts/all/hello-world/templates/hello-world-cm.yaml" ) else: chart = "../../charts/all/hello-world/templates/hello-world-cm.yaml" @@ -68,12 +69,17 @@ def test_modify_web_content(openshift_dyn_client): logger.info("Merge the change") patterns_repo = PATTERNS_REPO_PATH if os.getenv("EXTERNAL_TEST") != "true": - git_add = subprocess.run(["git", "add", chart], cwd=patterns_repo, capture_output=True, text=True) + git_add = subprocess.run( + ["git", "add", chart], cwd=patterns_repo, capture_output=True, text=True + ) if git_add.returncode != 0: logger.error(f"git add failed: {git_add.stderr}") git_commit = subprocess.run( - ["git", "commit", "-m", "Updating 'hello-world'"], cwd=patterns_repo, capture_output=True, text=True + ["git", "commit", "-m", "Updating 'hello-world'"], + cwd=patterns_repo, + capture_output=True, + text=True, ) if git_commit.returncode != 0: logger.warning(f"git commit returned non-zero: {git_commit.stderr}") @@ -86,7 +92,11 @@ def test_modify_web_content(openshift_dyn_client): if git_add.returncode != 0: logger.error(f"git add failed: {git_add.stderr}") - git_commit = subprocess.run(["git", "commit", "-m", "Updating 'hello-world'"], capture_output=True, text=True) + git_commit = subprocess.run( + ["git", "commit", "-m", "Updating 'hello-world'"], + capture_output=True, + text=True, + ) if git_commit.returncode != 0: logger.warning(f"git commit returned non-zero: {git_commit.stderr}") From d081cfdbafe64f1aa524a4eb7f70badfbaecc27a Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Wed, 19 Nov 2025 17:23:02 +0100 Subject: [PATCH 18/20] Stop using ishubcluster explicitely All charts (clustergroup, acm, golang-external-secrets, openshift-external-secrets) currently support autodetecting if we're on the hub without needing an explicit override. The override is still supported, but it is not needed any longer --- values-group-one.yaml | 5 ++--- values-hub.yaml | 11 +++++------ values-standalone.yaml | 1 - 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/values-group-one.yaml b/values-group-one.yaml index fd053aa29..c06b58133 100644 --- a/values-group-one.yaml +++ b/values-group-one.yaml @@ -1,6 +1,5 @@ clusterGroup: name: group-one - isHubCluster: false # Namespace is a dictionary for easier overriding (lists are supported as well) namespaces: config-demo: @@ -94,8 +93,8 @@ clusterGroup: # targetRevision: main # path: applications/factory # helmOverrides: -# - name: site.isHubCluster -# value: false +# - name: foo +# value: bar # clusterSelector: # matchExpressions: # - key: vendor diff --git a/values-hub.yaml b/values-hub.yaml index 0fa403716..e75db8d55 100644 --- a/values-hub.yaml +++ b/values-hub.yaml @@ -1,6 +1,5 @@ clusterGroup: name: hub - isHubCluster: true # Namespace is a dictionary for easier overriding (lists are supported as well) namespaces: open-cluster-management: @@ -88,9 +87,9 @@ clusterGroup: acmlabels: - name: clusterGroup value: group-one - helmOverrides: - - name: clusterGroup.isHubCluster - value: false + # helmOverrides: + # - name: foo + # value: bar # Before enabling cluster provisioning, ensure AWS and/or Azure # credentials and OCP pull secrets are defined in Vault. # See values-secret.yaml.template @@ -158,8 +157,8 @@ clusterGroup: # targetRevision: main # path: applications/factory # helmOverrides: -# - name: site.isHubCluster -# value: false +# - name: foo +# value: bar # clusterSelector: # matchExpressions: # - key: vendor diff --git a/values-standalone.yaml b/values-standalone.yaml index b70e32b41..d12c8b18d 100644 --- a/values-standalone.yaml +++ b/values-standalone.yaml @@ -1,6 +1,5 @@ clusterGroup: name: standalone - isHubCluster: false namespaces: - vault - golang-external-secrets From 179cfc84d183c9c8b53f32f783a130859d31c668 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 19 Jan 2026 17:54:07 +0100 Subject: [PATCH 19/20] Revert "fix(helm): set readOnlyRootFilesystem to true in config-demo deployment" This reverts commit 6d18b333988c2ef0701cd487252b10b73c39f5c5. Otherwise the container fails with: sed: couldn't open temporary file /etc/httpd/conf/sedErH32D: Read-only file system --- charts/all/config-demo/templates/config-demo-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/all/config-demo/templates/config-demo-deployment.yaml b/charts/all/config-demo/templates/config-demo-deployment.yaml index 31974a927..a83940b8a 100644 --- a/charts/all/config-demo/templates/config-demo-deployment.yaml +++ b/charts/all/config-demo/templates/config-demo-deployment.yaml @@ -50,7 +50,7 @@ spec: memory: 256Mi securityContext: allowPrivilegeEscalation: false - readOnlyRootFilesystem: true + readOnlyRootFilesystem: false runAsNonRoot: true capabilities: drop: From 877339c6af454f3b4128e88f084e6a58b68dba0c Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Wed, 21 Jan 2026 20:21:18 +0100 Subject: [PATCH 20/20] Revert "fix(helm): change insecureEdgeTerminationPolicy from Allow to Redirect" This reverts commit a29bf2296ae62a4c5157e0267020397f01d8439b. --- charts/all/config-demo/templates/config-demo-route.yaml | 2 +- charts/all/hello-world/templates/hello-world-route.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/all/config-demo/templates/config-demo-route.yaml b/charts/all/config-demo/templates/config-demo-route.yaml index 280447e50..4a2677287 100644 --- a/charts/all/config-demo/templates/config-demo-route.yaml +++ b/charts/all/config-demo/templates/config-demo-route.yaml @@ -13,5 +13,5 @@ spec: weight: 100 wildcardPolicy: None tls: - insecureEdgeTerminationPolicy: Redirect + insecureEdgeTerminationPolicy: Allow termination: edge diff --git a/charts/all/hello-world/templates/hello-world-route.yaml b/charts/all/hello-world/templates/hello-world-route.yaml index 8653c7de3..4b1243656 100644 --- a/charts/all/hello-world/templates/hello-world-route.yaml +++ b/charts/all/hello-world/templates/hello-world-route.yaml @@ -13,5 +13,5 @@ spec: weight: 100 wildcardPolicy: None tls: - insecureEdgeTerminationPolicy: Redirect + insecureEdgeTerminationPolicy: Allow termination: edge