Add build06 cluster-install and refactor some manifests

clusters/_cluster-install/build02.yaml

@@ -7,18 +7,39 @@ onboard:
   unmanaged: false
   useTokenFileInKubeconfig: true
   quayioPullThroughCache:
-    mirrorURI: quayio-pull-through-cache-gcs-ci.apps.ci.l2s4.p1.openshiftapps.com
+    patches:
+    - type: json-patch
+      matches:
+      - kind: ImageContentSourcePolicy
+      inline: [{"op": "add", "path": "/spec/repositoryDigestMirrors/0/mirrors", "value": ["quayio-pull-through-cache-gcs-ci.apps.ci.l2s4.p1.openshiftapps.com"]}]
   certificate:
-    clusterIssuer:
-      apps-tls: cert-issuer-ci-build-farm
-      apiserver-tls: cert-issuer-ci-build-farm
-    projectLabel:
-      apiserver-tls:
-        key: gcp-project
-        value: openshift-ci-build-farm
-      apps-tls:
-        key: gcp-project
-        value: openshift-ci-build-farm
+    patches:
+    - type: json-patch
+      matches:
+      - kind: Certificate
+        name: apps-tls
+      inline: [{"op": "add", "path": "/spec/issuerRef/name", "value": "cert-issuer-ci-build-farm"}]
+    - type: json-patch
+      matches:
+      - kind: Certificate
+        name: apps-tls
+      inline: [
+        {"op": "remove", "path": "/metadata/labels/aws-project"},
+        {"op": "add", "path": "/metadata/labels/gcp-project", "value": "openshift-ci-build-farm"}
+      ]
+    - type: json-patch
+      matches:
+      - kind: Certificate
+        name: apiserver-tls
+      inline: [{"op": "add", "path": "/spec/issuerRef/name", "value": "cert-issuer-ci-build-farm"}]
+    - type: json-patch
+      matches:
+      - kind: Certificate
+        name: apiserver-tls
+      inline: [
+        {"op": "remove", "path": "/metadata/labels/aws-project"},
+        {"op": "add", "path": "/metadata/labels/gcp-project", "value": "openshift-ci-build-farm"}
+      ]
   ciSchedulingWebhook:
     skip: true
   multiarchBuilderController:

clusters/_cluster-install/build04.yaml

@@ -9,7 +9,11 @@ onboard:
   ciSchedulingWebhook:
     skip: true
   quayioPullThroughCache:
-    mirrorURI: quayio-pull-through-cache-gcs-ci.apps.ci.l2s4.p1.openshiftapps.com
+    patches:
+    - type: json-patch
+      matches:
+      - kind: ImageContentSourcePolicy
+      inline: [{"op": "add", "path": "/spec/repositoryDigestMirrors/0/mirrors", "value": ["quayio-pull-through-cache-gcs-ci.apps.ci.l2s4.p1.openshiftapps.com"]}]
   multiarchBuilderController:
     skip: true
   machineSet:

clusters/_cluster-install/build06.yaml

@@ -0,0 +1,105 @@
+clusterName: build06
+onboard:
+  osd: false
+  hosted: false
+  unmanaged: false
+  useTokenFileInKubeconfig: true
+  multiarch: true
+  certificate:
+    imageRegistryPublicHost: registry.build06.ci.openshift.org
+  multiarchBuilderController:
+    skip: true
+  openshiftMonitoring:
+    patches:
+    - matches:
+      - kind: ConfigMap
+        name: cluster-monitoring-config
+        namespace: openshift-monitoring
+      inline:
+        data:
+          config.yaml: |
+            alertmanagerMain:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute
+            prometheusK8s:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute
+              volumeClaimTemplate:
+                spec:
+                  resources:
+                    requests:
+                      storage: 250Gi
+            prometheusOperator:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute
+            metricsServer:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute
+            kubeStateMetrics:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute
+            telemeterClient:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute
+            openshiftStateMetrics:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute
+            thanosQuerier:
+              nodeSelector:
+                node-role.kubernetes.io/infra: ""
+              tolerations:
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoSchedule
+              - key: node-role.kubernetes.io/infra
+                value: reserved
+                effect: NoExecute

clusters/app.ci/dex/manifests.yaml

@@ -12,10 +12,6 @@ metadata:
   namespace: dex
 spec:
   ingressClassName: openshift-default
-  tls:
-    - secretName: dex-tls
-      hosts:
-        - idp.ci.openshift.org
   rules:
   - host: idp.ci.openshift.org
     http:
@@ -26,6 +22,10 @@ spec:
             port:
               number: 80
         pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - idp.ci.openshift.org
+    secretName: dex-tls
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -430,12 +430,18 @@ kind: ClusterRole
 metadata:
   name: dex
 rules:
-- apiGroups: ["dex.coreos.com"] # API group created by dex
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["create"] # To manage its own resources, dex must be able to create customresourcedefinitions
+- apiGroups:
+  - dex.coreos.com
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

clusters/build-clusters/build03/assets/quayio-pull-through-cache-icsp.yaml

@@ -0,0 +1,9 @@
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: quayio-pull-through-cache-icsp
+spec:
+  repositoryDigestMirrors:
+  - mirrors:
+    - quayio-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com
+    source: quay.io

clusters/build-clusters/build04/assets/quayio-pull-through-cache-icsp.yaml

@@ -0,0 +1,9 @@
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: quayio-pull-through-cache-icsp
+spec:
+  repositoryDigestMirrors:
+  - mirrors:
+    - quayio-pull-through-cache-gcs-ci.apps.ci.l2s4.p1.openshiftapps.com
+    source: quay.io

clusters/build-clusters/build05/assets/quayio-pull-through-cache-icsp.yaml

@@ -0,0 +1,9 @@
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: quayio-pull-through-cache-icsp
+spec:
+  repositoryDigestMirrors:
+  - mirrors:
+    - quayio-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com
+    source: quay.io

clusters/build-clusters/build06/openshift-monitoring/cluster-monitoring-config.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  config.yaml: |-
+  config.yaml: |
     alertmanagerMain:
       nodeSelector:
         node-role.kubernetes.io/infra: ""

clusters/build-clusters/build09/assets/quayio-pull-through-cache-icsp.yaml

@@ -0,0 +1,9 @@
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: quayio-pull-through-cache-icsp
+spec:
+  repositoryDigestMirrors:
+  - mirrors:
+    - quayio-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com
+    source: quay.io

clusters/build-clusters/build10/assets/quayio-pull-through-cache-icsp.yaml

@@ -0,0 +1,9 @@
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageContentSourcePolicy
+metadata:
+  name: quayio-pull-through-cache-icsp
+spec:
+  repositoryDigestMirrors:
+  - mirrors:
+    - quayio-pull-through-cache-us-east-1-ci.apps.ci.l2s4.p1.openshiftapps.com
+    source: quay.io