From 388f1cc8e5c822f4e079d83eb155a2b75ed04f75 Mon Sep 17 00:00:00 2001
From: jamesflukeworkshoporg <jamesfluke@workshop.cb-sa.io>
Date: Fri, 8 Mar 2024 16:19:16 +0000
Subject: [PATCH] adding controller.yaml for provisioning lab

---
 bundle/bundle.yaml |  6 ++++
 controller.yaml    | 74 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 bundle/bundle.yaml
 create mode 100644 controller.yaml

diff --git a/bundle/bundle.yaml b/bundle/bundle.yaml
new file mode 100644
index 0000000..db93c12
--- /dev/null
+++ b/bundle/bundle.yaml
@@ -0,0 +1,6 @@
+apiVersion: "1"
+version: "1"
+id: "jamesflukeworkshoporg-dev-controller"
+description: "CloudBees CI configuration bundle for the jamesflukeworkshoporg dev-controller Controller"
+availabilityPattern: "cloudbees-ci-casc-workshop/jamesflukeworkshoporg/dev-controller"
+parent: "base"
diff --git a/controller.yaml b/controller.yaml
new file mode 100644
index 0000000..e3240c9
--- /dev/null
+++ b/controller.yaml
@@ -0,0 +1,74 @@
+removeStrategy:
+  rbac: SYNC
+  items: NONE
+items:
+- kind: folder
+  name: jamesflukeworkshoporg
+  groups:
+  - members:
+      users:
+      - jamesfluke
+      - jamesfluke-admin
+    roles:
+    - name: browse
+      grantedAt: current
+    - name: workshop-admin
+      grantedAt: child
+    name: Team Administrators
+  filteredRoles:
+  - workshop-admin
+  - browse
+  items:
+  - kind: managedController
+    name: dev-controller
+    properties:
+    - healthReporting:
+        enabled: true
+    - configurationAsCode:
+        bundle: jamesflukeworkshoporg-dev-controller
+    - optOutProperty:
+        securityEnforcerOptOutMode:
+          authorizationOptOutMode: {
+            }
+    configuration:
+      kubernetes:
+        memory: 4000
+        cpus: 1.0
+        clusterEndpointId: default
+        disk: 10
+        storageClassName: premium-rwo
+        domain: jamesflukeworkshoporg-dev-controller
+        namespace: controllers
+        yaml: |
+          kind: "StatefulSet"
+          spec:
+            template:
+              metadata:
+                labels:
+                  networking/allow-internet-access: "true"
+              spec:
+                containers:
+                - name: "jenkins"
+                  env:
+                  - name: "SECRETS"
+                    value: "/var/jenkins_home/jcasc_secrets"
+                  - name: "GITHUB_ORGANIZATION"
+                    value: "jamesflukeworkshoporg"
+                  - name: "GITHUB_USER"
+                    value: "jamesfluke"
+                  - name: "GITHUB_APP"
+                    value: "cloudbees-ci-casc-workshop"
+                  - name: "CONTROLLER_SUBDOMAIN"
+                    value: "jamesflukeworkshoporg-dev-controller"
+                  - name: "CASC_BUNDLE_ID"
+                    value: "jamesflukeworkshoporg-dev-controller"
+                  volumeMounts:
+                  - name: "jcasc-secrets"
+                    mountPath: "/var/jenkins_home/jcasc_secrets"
+                volumes:
+                - name: "jcasc-secrets"
+                  csi:
+                    driver: secrets-store.csi.k8s.io
+                    readOnly: true
+                    volumeAttributes:
+                      secretProviderClass: "cbci-mc-secret-provider"