wip

3 years ago · f27c303dbf
10 changed files with 307 additions and 468 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# GitOps Artefacts for the MAD Roadshow France 2023
+# GitOps Artefacts for the eShopOnWeb demo

 ## Deploy OpenShift resources with OpenShift GitOps

@ -31,37 +31,3 @@ oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:opens
 cp infrastructure.yaml.sample infrastructure.yaml
 oc apply -f infrastructure.yaml -n openshift-gitops
 ```
-
-## Create the Helm repository
-
-```sh
-sudo dnf install awscli2 rclone
-aws configure
-aws s3api list-buckets --output text
-aws s3api create-bucket --bucket mad-roadshow-france-2023-helm-charts --create-bucket-configuration LocationConstraint=eu-west-3 --region eu-west-3
-aws s3api put-public-access-block --bucket "mad-roadshow-france-2023-helm-charts" --public-access-block-configuration "BlockPublicPolicy=false"
-aws s3api put-bucket-policy --bucket mad-roadshow-france-2023-helm-charts --policy '{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "PublicReadGetObject",
-            "Effect": "Allow",
-            "Principal": "*",
-            "Action": [
-                "s3:GetObject"
-            ],
-            "Resource": [
-                "arn:aws:s3:::mad-roadshow-france-2023-helm-charts/*"
-            ]
-        }
-    ]
-}'
-rclone config
-rclone ls aws:mad-roadshow-france-2023-helm-charts
-mkdir -p /tmp/mad-roadshow-france-2023-helm-charts
-helm package -d /tmp/mad-roadshow-france-2023-helm-charts fruits-chart
-helm repo index --url "https://mad-roadshow-france-2023-helm-charts.s3.eu-west-3.amazonaws.com/" "/tmp/mad-roadshow-france-2023-helm-charts"
-rclone sync --delete-after /tmp/mad-roadshow-france-2023-helm-charts aws:mad-roadshow-france-2023-helm-charts
-rclone ls aws:mad-roadshow-france-2023-helm-charts
-curl https://mad-roadshow-france-2023-helm-charts.s3.eu-west-3.amazonaws.com/index.yaml
-```
--- a/infrastructure.yaml.sample
+++ b/infrastructure.yaml.sample
@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: mad-roadshow-france-2023
+  name: eshop
  namespace: openshift-gitops
 spec:
  destination:
@ -9,7 +9,7 @@ spec:
    server: 'https://kubernetes.default.svc'
  source:
    path: infrastructure
-    repoURL: 'https://github.com/MAD-Roadshow-France-2023/gitops.git'
+    repoURL: 'https://github.com/nmasse-itix/eShopOnWeb-gitops.git'
    targetRevision: main
    helm:
      parameters:
--- a/infrastructure/templates/crunchy.yaml
+++ b/infrastructure/templates/crunchy.yaml
@ -1,14 +0,0 @@
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "10"
-  name: crunchy-postgres-operator
-  namespace: openshift-operators
-spec:
-  channel: v5
-  installPlanApproval: Automatic
-  name: crunchy-postgres-operator
-  source: certified-operators
-  sourceNamespace: openshift-marketplace
-  startingCSV: postgresoperator.v5.3.0
--- a/infrastructure/templates/eshop-dev.yaml
+++ b/infrastructure/templates/eshop-dev.yaml
@ -0,0 +1,167 @@
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+    openshift.io/description: ""
+    openshift.io/display-name: ""
+  labels:
+    kubernetes.io/metadata.name: eshop-dev
+  name: eshop-dev
+spec:
+  finalizers:
+  - kubernetes
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: cosign-hook
+  namespace: eshop-dev
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: cosign-hook
+  namespace: eshop-dev
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+- kind: ServiceAccount
+  name: cosign-hook
+  namespace: eshop-dev
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: secret-reader
+  namespace: eshop-dev
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list", "watch"]
+---
+# The stackrox hook needs to be able to read the cosign public key in order to create the sigstore policy
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: stackrox-hook
+  namespace: eshop-dev
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: secret-reader
+subjects:
+- kind: ServiceAccount
+  name: stackrox-hook
+  namespace: stackrox
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: test-can-pull
+  namespace: eshop-dev
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:image-puller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: eshop-test
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: prod-can-pull
+  namespace: eshop-dev
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:image-puller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: eshop-prod
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: cosign-hook
+  namespace: eshop-dev
+data:
+{{ (.Files.Glob "files/cosign-hook/*").AsConfig | indent 2 }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: cosign-hook
+  namespace: eshop-dev
+spec:
+  backoffLimit: 30
+  template:
+    spec:
+      containers:
+      - name: hook
+        command:
+        - /entrypoint/cosign.sh
+        args: []
+        image: registry.redhat.io/openshift4/ose-cli:v4.13
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: USER
+          value: openshift
+        - name: HOME
+          value: /tmp
+        volumeMounts:
+        - mountPath: /entrypoint
+          name: cosign-hook
+          readOnly: true
+      serviceAccountName: cosign-hook
+      serviceAccount: cosign-hook
+      restartPolicy: OnFailure
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: cosign-hook
+        configMap:
+          name: cosign-hook
+          defaultMode: 0755
+---
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: eshop-web
+  namespace: eshop-dev
+spec:
+  lookupPolicy:
+    local: false
+---
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: eshop-api
+  namespace: eshop-dev
+spec:
+  lookupPolicy:
+    local: false
--- a/infrastructure/templates/fruits-prod.yaml
+++ b/infrastructure/templates/fruits-prod.yaml
@ -6,8 +6,8 @@ metadata:
    openshift.io/description: ""
    openshift.io/display-name: ""
  labels:
-    kubernetes.io/metadata.name: fruits-prod
-  name: fruits-prod
+    kubernetes.io/metadata.name: eshop-prod
+  name: eshop-prod
 spec:
  finalizers:
  - kubernetes
@ -18,7 +18,7 @@ metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "20"
  name: tekton-is-admin
-  namespace: fruits-prod
+  namespace: eshop-prod
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -26,4 +26,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: pipeline
-  namespace: fruits-dev
+  namespace: eshop-dev
--- a/infrastructure/templates/fruits-test.yaml
+++ b/infrastructure/templates/fruits-test.yaml
@ -6,8 +6,8 @@ metadata:
    openshift.io/description: ""
    openshift.io/display-name: ""
  labels:
-    kubernetes.io/metadata.name: fruits-test
-  name: fruits-test
+    kubernetes.io/metadata.name: eshop-test
+  name: eshop-test
 spec:
  finalizers:
  - kubernetes
@ -18,7 +18,7 @@ metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "20"
  name: tekton-is-admin
-  namespace: fruits-test
+  namespace: eshop-test
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -26,4 +26,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: pipeline
-  namespace: fruits-dev
+  namespace: eshop-dev
--- a/infrastructure/templates/fruits-dev.yaml
+++ b/infrastructure/templates/fruits-dev.yaml
@ -1,350 +0,0 @@
-apiVersion: project.openshift.io/v1
-kind: Project
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "0"
-    openshift.io/description: ""
-    openshift.io/display-name: ""
-  labels:
-    kubernetes.io/metadata.name: fruits-dev
-  name: fruits-dev
-spec:
-  finalizers:
-  - kubernetes
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: cosign-hook
-  namespace: fruits-dev
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: cosign-hook
-  namespace: fruits-dev
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: edit
-subjects:
- kind: ServiceAccount
-  name: cosign-hook
-  namespace: fruits-dev
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: secret-reader
-  namespace: fruits-dev
-rules:
- apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["get", "list", "watch"]
---
-# The stackrox hook needs to be able to read the cosign public key in order to create the sigstore policy
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: stackrox-hook
-  namespace: fruits-dev
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: secret-reader
-subjects:
- kind: ServiceAccount
-  name: stackrox-hook
-  namespace: stackrox
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: test-can-pull
-  namespace: fruits-dev
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:image-puller
-subjects:
- kind: ServiceAccount
-  name: default
-  namespace: fruits-test
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: prod-can-pull
-  namespace: fruits-dev
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:image-puller
-subjects:
- kind: ServiceAccount
-  name: default
-  namespace: fruits-prod
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: cosign-hook
-  namespace: fruits-dev
-data:
-{{ (.Files.Glob "files/cosign-hook/*").AsConfig | indent 2 }}
---
-apiVersion: batch/v1
-kind: Job
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: cosign-hook
-  namespace: fruits-dev
-spec:
-  backoffLimit: 30
-  template:
-    spec:
-      containers:
-      - name: hook
-        command:
-        - /entrypoint/cosign.sh
-        args: []
-        image: registry.redhat.io/openshift4/ose-cli:v4.13
-        imagePullPolicy: IfNotPresent
-        env:
-        - name: USER
-          value: openshift
-        - name: HOME
-          value: /tmp
-        volumeMounts:
-        - mountPath: /entrypoint
-          name: cosign-hook
-          readOnly: true
-      serviceAccountName: cosign-hook
-      serviceAccount: cosign-hook
-      restartPolicy: OnFailure
-      terminationGracePeriodSeconds: 30
-      volumes:
-      - name: cosign-hook
-        configMap:
-          name: cosign-hook
-          defaultMode: 0755
---
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  name: slack-approval
-  namespace: fruits-dev
-spec:
-  params:
-  - name: slackChannel
-    type: string
-  - name: slackSecretName
-    type: string
-  - name: pipelineId
-    type: string
-  steps:
-  - name: slack-approval
-    image: quay.io/madroadshowfrance2023/tekton-pipeline-slack-bot:latest
-    env:
-    - name: SLACK_CHANNEL
-      value: "$(params.slackChannel)"
-    - name: TEKTON_PIPELINE_ID
-      value: "$(params.pipelineId)"
-    - name: SLACK_BOT_TOKEN
-      valueFrom:
-        secretKeyRef:
-          name: $(params.slackSecretName)
-          key: "bot-token"
-    - name: SLACK_APP_TOKEN
-      valueFrom:
-        secretKeyRef:
-          name: $(params.slackSecretName)
-          key: "app-token"
---
-apiVersion: tekton.dev/v1beta1
-kind: Task
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  name: cosign-sign
-  namespace: fruits-dev
-spec:
-  params:
-  - name: cosignKeyRef
-    type: string
-  - name: cosignKeyPassword
-    type: string
-  - name: image
-    type: string
-  steps:
-  - name: cosign
-    image: gcr.io/projectsigstore/cosign:v2.0.2
-    args:
-    - sign
-    - -y
-    - --tlog-upload=false
-    - --key=$(params.cosignKeyRef)
-    - $(params.image)
-    env:
-    - name: COSIGN_PASSWORD
-      value: "$(params.cosignKeyPassword)"
---
-apiVersion: v1
-kind: Secret
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: tekton-tokens
-  namespace: fruits-dev
-type: Opaque
-data:
-  bot-token: {{ .Values.slackBotToken | b64enc | quote }}
-  app-token: {{ .Values.slackAppToken | b64enc | quote }}
---
-apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  labels:
-    app.kubernetes.io/instance: fruits
-    app.kubernetes.io/name: fruits
-    operator.tekton.dev/operand-name: openshift-pipelines-addons
-    pipeline.openshift.io/runtime: java
-    pipeline.openshift.io/runtime-version: openjdk-17-ubi8
-    pipeline.openshift.io/type: kubernetes
-  name: fruits
-  namespace: fruits-dev
-spec:
-  params:
-    - default: fruits
-      name: APP_NAME
-      type: string
-    - default: 'https://github.com/MAD-Roadshow-France-2023/devspaces'
-      name: GIT_REPO
-      type: string
-    - default: main
-      name: GIT_REVISION
-      type: string
-    - default: >-
-        image-registry.openshift-image-registry.svc:5000/fruits-dev/fruits:latest
-      name: IMAGE_NAME
-      type: string
-    - default: .
-      name: PATH_CONTEXT
-      type: string
-    - default: openjdk-17-ubi8
-      name: VERSION
-      type: string
-  tasks:
-    - name: fetch-repository
-      params:
-        - name: url
-          value: $(params.GIT_REPO)
-        - name: revision
-          value: $(params.GIT_REVISION)
-        - name: subdirectory
-          value: ''
-        - name: deleteExisting
-          value: 'true'
-      taskRef:
-        kind: ClusterTask
-        name: git-clone
-      workspaces:
-        - name: output
-          workspace: workspace
-    - name: build
-      params:
-        - name: IMAGE
-          value: $(params.IMAGE_NAME)
-        - name: TLSVERIFY
-          value: 'false'
-        - name: PATH_CONTEXT
-          value: $(params.PATH_CONTEXT)
-        - name: VERSION
-          value: $(params.VERSION)
-      runAfter:
-        - fetch-repository
-      taskRef:
-        kind: ClusterTask
-        name: s2i-java
-      workspaces:
-        - name: source
-          workspace: workspace
-    - name: cosign-sign
-      params:
-      - name: cosignKeyRef
-        value: k8s://fruits-dev/code-signature
-      - name: cosignKeyPassword
-        value: dummy
-      - name: image
-        value: $(params.IMAGE_NAME)
-      runAfter:
-        - build
-      taskRef:
-        kind: Task
-        name: cosign-sign
-    - name: deploy-in-test
-      params:
-        - name: SCRIPT
-          value: oc delete pods -l deployment=$(params.APP_NAME) -n fruits-test
-      runAfter:
-        - cosign-sign
-      taskRef:
-        kind: ClusterTask
-        name: openshift-client
-    - name: slack-approval
-      params:
-      - name: slackChannel
-        value: "#mad-roadshow-france-2023"
-      - name: slackSecretName
-        value: "tekton-tokens"
-      - name: pipelineId
-        value: "$(context.pipelineRun.name)"
-      runAfter:
-      - deploy-in-test
-      taskRef:
-        name: slack-approval
-    - name: deploy-in-prod
-      params:
-        - name: SCRIPT
-          value: oc delete pods -l deployment=$(params.APP_NAME) -n fruits-prod
-      runAfter:
-        - slack-approval
-      taskRef:
-        kind: ClusterTask
-        name: openshift-client
-
-  workspaces:
-    - name: workspace
---
-apiVersion: image.openshift.io/v1
-kind: ImageStream
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: fruits
-  namespace: fruits-dev
-spec:
-  lookupPolicy:
-    local: false
--- a/infrastructure/templates/helmchartrepository.yaml
+++ b/infrastructure/templates/helmchartrepository.yaml
@ -1,10 +1,135 @@
+apiVersion: project.openshift.io/v1
+kind: Project
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+    openshift.io/description: ""
+    openshift.io/display-name: ""
+  labels:
+    kubernetes.io/metadata.name: eshop-infra
+  name: eshop-infra
+spec:
+  finalizers:
+  - kubernetes
+---
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: helm-repository
+  namespace: eshop-infra
+spec:
+  lookupPolicy:
+    local: false
+---
+kind: BuildConfig
+apiVersion: build.openshift.io/v1
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+    app.openshift.io/vcs-uri: 'https://github.com/nmasse-itix/eShopOnWeb-gitops.git'
+  name: helm-repository
+  namespace: eshop-infra
+  labels:
+    app: helm-repository
+    app.kubernetes.io/component: helm-repository
+    app.kubernetes.io/instance: helm-repository
+    app.kubernetes.io/name: helm-repository
+    app.kubernetes.io/part-of: helm-repository
+spec:
+  nodeSelector: null
+  output:
+    to:
+      kind: ImageStreamTag
+      name: 'helm-repository:latest'
+  resources: {}
+  successfulBuildsHistoryLimit: 1
+  failedBuildsHistoryLimit: 1
+  strategy:
+    type: Docker
+    dockerStrategy:
+      dockerfilePath: Containerfile
+  source:
+    type: Git
+    git:
+      uri: 'https://github.com/nmasse-itix/eShopOnWeb-gitops.git'
+    contextDir: /charts
+  triggers:
+    - type: ConfigChange
+    - type: ImageChange
+  runPolicy: Serial
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  labels:
+    app: helm-repository
+  name: helm-repository
+  namespace: eshop-infra
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: helm-repository
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "30"
+    image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"helm-repository"},"fieldPath":"spec.template.spec.containers[?(@.name==\"nginx\")].image", "paused": false}]'
+  labels:
+    app: helm-repository
+  name: helm-repository
+  namespace: eshop-infra
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: helm-repository
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: helm-repository
+    spec:
+      containers:
+      - image: image-registry.openshift-image-registry.svc:5000/eshop-infra/helm-repository:latest
+        imagePullPolicy: Always
+        name: nginx
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+---
 apiVersion: helm.openshift.io/v1beta1
 kind: HelmChartRepository
 metadata:
  annotations:
-    argocd.argoproj.io/sync-wave: "20"
-  name: fruits-charts
+    argocd.argoproj.io/sync-wave: "35"
+  name: eshop-charts
 spec:
-  name: fruits-charts
+  name: eshop-charts
  connectionConfig:
-    url: https://mad-roadshow-france-2023-helm-charts.s3.eu-west-3.amazonaws.com
+    url: http://helm-repository.eshop-infra.svc:8080
--- a/infrastructure/templates/kubevirt.yaml
+++ b/infrastructure/templates/kubevirt.yaml
@ -1,41 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "0"
-  name: openshift-cnv
---
-apiVersion: operators.coreos.com/v1
-kind: OperatorGroup
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "5"
-  name: kubevirt-hyperconverged-group
-  namespace: openshift-cnv
-spec:
-  targetNamespaces:
-    - openshift-cnv
---
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "10"
-  name: hco-operatorhub
-  namespace: openshift-cnv
-spec:
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  name: kubevirt-hyperconverged
-  startingCSV: kubevirt-hyperconverged-operator.v4.13.0
-  channel: "stable" 
---
-apiVersion: hco.kubevirt.io/v1beta1
-kind: HyperConverged
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "15"
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  name: kubevirt-hyperconverged
-  namespace: openshift-cnv
-spec: {}
--- a/infrastructure/templates/servicebinding.yaml
+++ b/infrastructure/templates/servicebinding.yaml
@ -1,14 +0,0 @@
-apiVersion: operators.coreos.com/v1alpha1
-kind: Subscription
-metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "10"
-  name: rh-service-binding-operator
-  namespace: openshift-operators
-spec:
-  channel: stable
-  installPlanApproval: Automatic
-  name: rh-service-binding-operator
-  source: redhat-operators
-  sourceNamespace: openshift-marketplace
-  startingCSV: service-binding-operator.v1.3.3