diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml deleted file mode 100644 index 352c7bf57..000000000 --- a/.github/workflows/helm-docs.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: Verify Helm Docs up-to-date -on: - push: - branches: - - main - -jobs: - generate: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.ref }} - - name: Run helm-docs - uses: losisin/helm-docs-github-action@v1 - with: - fail-on-diff: false - chart-search-root: charts/ - template-files: README.md.gotmpl - git-push: true - git-push-user-name: "openmfp-technical-user" - git-push-user-email: "openmfp@gmail.com" - git-commit-message: "chore: update Helm documentation" \ No newline at end of file diff --git a/.github/workflows/kind-localsetup.yaml b/.github/workflows/kind-localsetup.yaml index 003d6f270..3079a5a1e 100644 --- a/.github/workflows/kind-localsetup.yaml +++ b/.github/workflows/kind-localsetup.yaml @@ -59,7 +59,7 @@ jobs: echo "Describe all helmreleases which are not Ready yet" kubectl get helmreleases -A -o json | jq -r '.items[] | select(.status.conditions[]? | select(.type == "Ready" and .status != "True")) | "\(.metadata.namespace) \(.metadata.name)"' | while read namespace name; do kubectl describe helmrelease $name -n $namespace; done echo "Print imagePullSecret" - kubectl get secret ghcr-credentials -n openmfp-system -o yaml + kubectl get secret github -n openmfp-system -o yaml echo "Test docker login and pull" docker login ghcr.io -u ${{ github.repository_owner }} -p ${{ steps.generate-token.outputs.token }} docker pull ghcr.io/openmfp/portal:0.287.0 diff --git a/Taskfile.yaml b/Taskfile.yaml index b2a79836a..ed2844a72 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -43,10 +43,11 @@ tasks: - "for chart in $(echo {{.CHARTS}} | tr ',' ' '); do helm dependency update $chart; done" validate: cmds: - - task: lint - # - task: package - task: test - - task: vulnerability + - task: helm-docs + - task: update + - task: lint + - task: oci vulnerability: deps: - task: setup:kube-lint @@ -65,3 +66,7 @@ tasks: - task: helmpackage cmds: - "for chart in $(echo {{.PACKAGED_CHARTS}} | tr ',' ' '); do helm push $chart oci://localhost:5000/openmfp; done" + oci: + cmds: + - "rm oci/* || true" + - task: helmpackage \ No newline at end of file diff --git a/charts/account-operator-crds/README.md.gotmpl b/charts/account-operator-crds/README.md.gotmpl index 94146d84e..e69de29bb 100644 --- a/charts/account-operator-crds/README.md.gotmpl +++ b/charts/account-operator-crds/README.md.gotmpl @@ -1,33 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} - -## Additional Information - -The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts. - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesHeader" . }} - -The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels: - -1. Looks for `keyOverride` in the chart's values.yaml -2. Looks for `global.key` in the chart's or parent chart's values.yaml -3. Uses the `key` in the chart's values.yaml -4. Uses the `common.defaults.key` value from the table below. - -1 has precendence over 2 over 3 over 4 respectively. This approach allows for individual charts to have minimal configuration, while still being able to override parameters locally. - -Example -``` -1) .Values.deployment.resources.limits.memoryOveride = 4096MB -2) .Values.global.deployment.resources.limits.memory = 2048MB -3) .Values.deployment.resources.limits.memory = 1024MB -4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB -``` - -{{ template "chart.valuesTable" . }} - -{{ template "helm-docs.versionFooter" . }} diff --git a/charts/account-operator/README.md b/charts/account-operator/README.md index 29f7708bf..8804ebb8f 100644 --- a/charts/account-operator/README.md +++ b/charts/account-operator/README.md @@ -4,12 +4,6 @@ A Helm chart to deploy OpenMFP Account-Operator ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -![Version: 0.4.25](https://img.shields.io/badge/Version-0.4.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.109.0](https://img.shields.io/badge/AppVersion-0.109.0-informational?style=flat-square) - -## Additional Information - -The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts. - ## Requirements | Repository | Name | Description | Sources | diff --git a/charts/example-content/README.md b/charts/example-content/README.md index f38d7d37a..a4667f382 100644 --- a/charts/example-content/README.md +++ b/charts/example-content/README.md @@ -2,12 +2,6 @@ Helm Chart for the openmfp Portal -![Version: 0.110.9](https://img.shields.io/badge/Version-0.110.9-informational?style=flat-square) ![AppVersion: 0.126.0](https://img.shields.io/badge/AppVersion-0.126.0-informational?style=flat-square) - -## Additional Information - -The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts. - ## Requirements | Repository | Name | Description | Sources | diff --git a/charts/extension-manager-operator-crds/README.md.gotmpl b/charts/extension-manager-operator-crds/README.md.gotmpl index 94146d84e..e69de29bb 100644 --- a/charts/extension-manager-operator-crds/README.md.gotmpl +++ b/charts/extension-manager-operator-crds/README.md.gotmpl @@ -1,33 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.description" . }} - -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} - -## Additional Information - -The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts. - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesHeader" . }} - -The values in the `defaults:` section can be reused from other charts by using the lookup function "common.getKeyValue". It implements lookup on three levels: - -1. Looks for `keyOverride` in the chart's values.yaml -2. Looks for `global.key` in the chart's or parent chart's values.yaml -3. Uses the `key` in the chart's values.yaml -4. Uses the `common.defaults.key` value from the table below. - -1 has precendence over 2 over 3 over 4 respectively. This approach allows for individual charts to have minimal configuration, while still being able to override parameters locally. - -Example -``` -1) .Values.deployment.resources.limits.memoryOveride = 4096MB -2) .Values.global.deployment.resources.limits.memory = 2048MB -3) .Values.deployment.resources.limits.memory = 1024MB -4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB -``` - -{{ template "chart.valuesTable" . }} - -{{ template "helm-docs.versionFooter" . }} diff --git a/charts/extension-manager-operator/README.md b/charts/extension-manager-operator/README.md index 7d4f64802..fc68a793d 100644 --- a/charts/extension-manager-operator/README.md +++ b/charts/extension-manager-operator/README.md @@ -4,12 +4,6 @@ A Helm chart for extension-manager-operator which manages resources like Content ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -![Version: 0.22.36](https://img.shields.io/badge/Version-0.22.36-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.77.0](https://img.shields.io/badge/AppVersion-0.77.0-informational?style=flat-square) - -## Additional Information - -The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts. - ## Requirements | Repository | Name | Description | Sources | diff --git a/charts/infra/templates/cluster-role.yaml b/charts/infra/templates/cluster-role.yaml deleted file mode 100644 index ec8339334..000000000 --- a/charts/infra/templates/cluster-role.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if ((.Values.rbac).clusterRole).enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: openmfp-cluster-reader -rules: -- apiGroups: - - core.openmfp.io - resources: - - '*' - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: openmfp-cluster-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: gardener.cloud:system:read-only -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: Group - name: /portal -{{- end -}} diff --git a/charts/infra/templates/external-secret-account-operator.yaml b/charts/infra/templates/external-secret-account-operator.yaml deleted file mode 100644 index 6bb0c566f..000000000 --- a/charts/infra/templates/external-secret-account-operator.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq (include "common.hasNestedKey" (dict "Values" .Values "key" "externalSecrets.enabled")) "true" }} -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: account-operator-sa-kubeconfig - namespace: {{ .Release.Namespace }} -spec: - refreshInterval: "10m" - secretStoreRef: - name: environment-store - kind: SecretStore - target: - name: account-operator-sa-kubeconfig - creationPolicy: Owner - deletionPolicy: Retain - data: - - secretKey: kubeconfig - remoteRef: - key: {{ .Values.externalSecrets.accountOperatorSaKubeconfig }} - property: kubeconfig - conversionStrategy: Default -{{ end }} diff --git a/charts/infra/templates/gateway.yaml b/charts/infra/templates/gateway.yaml index 1fd64fc7a..1c56a15fd 100644 --- a/charts/infra/templates/gateway.yaml +++ b/charts/infra/templates/gateway.yaml @@ -1,15 +1,16 @@ -apiVersion: {{ .Values.gateway.apiVersion }} +{{- if eq (include "common.getKeyValue" (dict "Values" .Values "key" "istio.enabled")) "true" -}} +apiVersion: {{ .Values.istio.networking.apiVersion }} kind: Gateway metadata: - name: {{ .Values.gateway.name}} + name: {{ .Values.istio.gateway.name}} namespace: {{ .Release.Namespace }} -{{- if .Values.gateway.annotations }} +{{- if .Values.istio.gateway.annotations }} annotations: - {{- toYaml .Values.gateway.annotations | nindent 4 }} + {{- toYaml .Values.istio.gateway.annotations | nindent 4 }} {{- end }} spec: selector: -{{ .Values.gateway.selector | toYaml | indent 4 }} +{{ .Values.istio.gateway.selector | toYaml | indent 4 }} servers: {{ toYaml .Values.istio.gateway.servers | indent 4 }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/infra/templates/kcp-service-entry.yaml b/charts/infra/templates/kcp-service-entry.yaml deleted file mode 100644 index 4f509e5e2..000000000 --- a/charts/infra/templates/kcp-service-entry.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.kcp.enabled .Values.kcp.host -}} -apiVersion: networking.istio.io/v1beta1 -kind: ServiceEntry -metadata: - name: kcp-workspaces - namespace: {{ .Release.Namespace }} -spec: - hosts: - - {{ .Values.kcp.host }} - location: MESH_EXTERNAL - ports: - - name: https - number: 443 - protocol: TLS - resolution: DNS -{{- end -}} diff --git a/charts/infra/templates/keycloak-service-entry.yaml b/charts/infra/templates/keycloak-service-entry.yaml deleted file mode 100644 index e3b34d0e9..000000000 --- a/charts/infra/templates/keycloak-service-entry.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if (.Values.keycloak).enabled -}} -apiVersion: networking.istio.io/v1beta1 -kind: ServiceEntry -metadata: - name: auth -spec: - hosts: - {{- .Values.keycloak.hosts | toYaml | nindent 2 }} - location: MESH_EXTERNAL - ports: - - name: https - number: 443 - protocol: TLS - resolution: DNS -{{- end -}} diff --git a/charts/infra/templates/store.yaml b/charts/infra/templates/store.yaml deleted file mode 100644 index 095a2989a..000000000 --- a/charts/infra/templates/store.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if (.Values.fga).enabled }} -{{- range .Values.fga.stores }} ---- -apiVersion: core.openmfp.io/v1alpha1 -kind: Store -metadata: - name: {{ .name }} - namespace: {{ .namespace }} -spec: - coreModule: | - {{ .coreModuleName | nindent 4 }} -{{- end}} -{{- end }} \ No newline at end of file diff --git a/charts/keycloak/templates/istio-virtualservice.yaml b/charts/keycloak/templates/istio-virtualservice.yaml index b887882d2..8794b296f 100644 --- a/charts/keycloak/templates/istio-virtualservice.yaml +++ b/charts/keycloak/templates/istio-virtualservice.yaml @@ -1,4 +1,4 @@ -{{- if eq (include "common.getNestedValue" (dict "Values" .Values "key" "istio.enabled")) "true" -}} +{{- if eq (include "common.getKeyValue" (dict "Values" .Values "key" "istio.enabled")) "true" -}} apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: diff --git a/charts/openmfp-crds/charts/account-operator-crds-0.1.11.tgz b/charts/openmfp-crds/charts/account-operator-crds-0.1.11.tgz index cfc6e8622..a94f7e961 100644 Binary files a/charts/openmfp-crds/charts/account-operator-crds-0.1.11.tgz and b/charts/openmfp-crds/charts/account-operator-crds-0.1.11.tgz differ diff --git a/charts/openmfp-crds/charts/extension-manager-operator-crds-0.2.0.tgz b/charts/openmfp-crds/charts/extension-manager-operator-crds-0.2.0.tgz index fdccabc80..92eaac79a 100644 Binary files a/charts/openmfp-crds/charts/extension-manager-operator-crds-0.2.0.tgz and b/charts/openmfp-crds/charts/extension-manager-operator-crds-0.2.0.tgz differ diff --git a/charts/openmfp/Chart.yaml b/charts/openmfp/Chart.yaml index 497acb801..5b5714790 100644 --- a/charts/openmfp/Chart.yaml +++ b/charts/openmfp/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: openmfp description: The OpenMFP chart for Kubernetes type: application -version: 0.0.235 +version: 0.1.0 appVersion: "0.0.0" dependencies: diff --git a/charts/openmfp/README.md b/charts/openmfp/README.md index eb97c3b30..169cf41e1 100644 --- a/charts/openmfp/README.md +++ b/charts/openmfp/README.md @@ -16,7 +16,7 @@ The OpenMFP chart for Kubernetes ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| components.example-content.enabled | bool | `false` | enable example-content component | +| components.example-content.enabled | bool | `true` | enable example-content component | | components.extension-manager-operator.enabled | bool | `true` | enable extension-manager-operator component | | components.infra.enabled | bool | `true` | enable infra component | | components.keycloak.enabled | bool | `true` | enable keycloak component | diff --git a/charts/openmfp/tmpcharts-1369650/example-content-0.114.0.tgz b/charts/openmfp/tmpcharts-1369650/example-content-0.114.0.tgz new file mode 100644 index 000000000..1c8e6739b Binary files /dev/null and b/charts/openmfp/tmpcharts-1369650/example-content-0.114.0.tgz differ diff --git a/charts/openmfp/tmpcharts-1369650/extension-manager-operator-0.24.0.tgz b/charts/openmfp/tmpcharts-1369650/extension-manager-operator-0.24.0.tgz new file mode 100644 index 000000000..0108e8acd Binary files /dev/null and b/charts/openmfp/tmpcharts-1369650/extension-manager-operator-0.24.0.tgz differ diff --git a/charts/openmfp/tmpcharts-1369650/infra-0.61.0.tgz b/charts/openmfp/tmpcharts-1369650/infra-0.61.0.tgz new file mode 100644 index 000000000..adc76a51e Binary files /dev/null and b/charts/openmfp/tmpcharts-1369650/infra-0.61.0.tgz differ diff --git a/charts/openmfp/tmpcharts-1369650/portal-0.73.0.tgz b/charts/openmfp/tmpcharts-1369650/portal-0.73.0.tgz new file mode 100644 index 000000000..685f7827e Binary files /dev/null and b/charts/openmfp/tmpcharts-1369650/portal-0.73.0.tgz differ diff --git a/charts/openmfp/values.yaml b/charts/openmfp/values.yaml index 7743f0e67..3f980cb3a 100644 --- a/charts/openmfp/values.yaml +++ b/charts/openmfp/values.yaml @@ -1,7 +1,7 @@ components: example-content: # -- enable example-content component - enabled: false + enabled: true portal: # -- enable portal component enabled: true diff --git a/charts/portal/README.md b/charts/portal/README.md index 5f4f5efed..6a323457b 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -2,12 +2,6 @@ Helm Chart for the openmfp Portal -![Version: 0.69.150](https://img.shields.io/badge/Version-0.69.150-informational?style=flat-square) ![AppVersion: 0.227.0](https://img.shields.io/badge/AppVersion-0.227.0-informational?style=flat-square) - -## Additional Information - -The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts. - ## Requirements | Repository | Name | Description | Sources | diff --git a/local-setup/kustomize/components/openmfp-crds/repository.yaml b/local-setup/kustomize/components/openmfp-crds/repository.yaml index 8bcd300c8..527cd3601 100644 --- a/local-setup/kustomize/components/openmfp-crds/repository.yaml +++ b/local-setup/kustomize/components/openmfp-crds/repository.yaml @@ -9,5 +9,3 @@ spec: ref: # renovate: datasource=docker registryUrl=https://ghcr.io depName=ghcr.io/openmfp/helm-charts/openmfp-crds semver: 0.0.16 - secretRef: - name: ghcr-credentials diff --git a/local-setup/kustomize/components/openmfp/release.yaml b/local-setup/kustomize/components/openmfp/release.yaml index 5e18cd57d..55ed01ba8 100644 --- a/local-setup/kustomize/components/openmfp/release.yaml +++ b/local-setup/kustomize/components/openmfp/release.yaml @@ -17,118 +17,3 @@ spec: namespace: istio-system - name: crossplane namespace: crossplane-system - values: - global: - imagePullSecret: ghcr-credentials - istio: - enabled: true - gateway: - name: gateway - components: - example-content: - enabled: true - example-content: - contentConfigurations: - ui: - enabled: true - internalUrl: http://openmfp-example-content.openmfp-system.svc.cluster.local:8080/ui/assets/config.json - wc: - enabled: true - internalUrl: http://openmfp-example-content.openmfp-system.svc.cluster.local:8080/wc/assets/config.json - istio: - enabled: true - virtualService: - hosts: - - "*" - matchers: - - match: - - uri: - prefix: /ui/example-content - rewrite: - uri: / - portal: - baseDomains: - - "localhost" - cookieDomain: "localhost" - http: - protocol: http - virtualService: - hosts: - - "*" - validWebcomponentUrls: ".?" - environment: local - featureToggles: "enableSessionAutoRefresh=true" - developmentLandcsape: "true" - frontendPort: 8000 - importContent: false - trust: - openmfp: - baseDomains: "localhost" - discoveryEndpoint: "" - authDomain: http://localhost:8000/keycloak/realms/openmfp/protocol/openid-connect/auth - tokenUrl: http://openmfp-keycloak/keycloak/realms/openmfp/protocol/openid-connect/token - oidcClientSecretName: openmfp-client - loginAudience: openmfp - secretKeyRef: attribute.client_secret - infra: - crossplane: - enabled: true - istio: - enabled: true - gateway: - annotations: {} - apiVersion: networking.istio.io/v1 - name: gateway - selector: - istio: gateway - servers: - - port: - number: 8000 - name: http - protocol: HTTP - hosts: - - "*" - keycloak: - istio: - enabled: true - virtualservice: - hosts: [ "*" ] - https: - enabled: false - crossplane: - enabled: true - realm: - registrationAllowed: true - name: openmfp - displayName: OpenMFP - identityProviders: { } - - keycloak: - httpRelativePath: "/keycloak/" - logging: - level: DEBUG - auth: - adminUser: keycloak-admin - existingSecret: keycloak-admin - passwordSecretKey: secret - resourcesPreset: none - postgresql: - nameOverride: postgresql-keycloak - auth: - username: keycloak - existingSecret: "" - primary: - resourcesPreset: none - extraEnvVars: - - name: JAVA_OPTS_APPEND - value: |- - -Djgroups.dns.query=openmfp-keycloak-headless.openmfp-system.svc.cluster.local - - keycloakConfig: - url: http://openmfp-keycloak.openmfp-system.svc.cluster.local/keycloak - redirectUrls: [ "http://localhost:8000/callback*" ] - domain: - pathPrefix: "/keycloak" - service: - port: 80 - name: openmfp-keycloak diff --git a/local-setup/kustomize/components/openmfp/repository.yaml b/local-setup/kustomize/components/openmfp/repository.yaml index bca562e7e..44c1bb8f6 100644 --- a/local-setup/kustomize/components/openmfp/repository.yaml +++ b/local-setup/kustomize/components/openmfp/repository.yaml @@ -9,5 +9,3 @@ spec: ref: # renovate: datasource=docker registryUrl=https://ghcr.io depName=ghcr.io/openmfp/helm-charts/openmfp semver: 0.0.230 - secretRef: - name: ghcr-credentials diff --git a/local-setup/kustomize/overlays/oci/patch-openmfp-crds.yaml b/local-setup/kustomize/overlays/oci/patch-openmfp-crds.yaml index 9124adbf2..bd3ef0818 100644 --- a/local-setup/kustomize/overlays/oci/patch-openmfp-crds.yaml +++ b/local-setup/kustomize/overlays/oci/patch-openmfp-crds.yaml @@ -6,4 +6,4 @@ metadata: spec: url: oci://registry.default.svc.cluster.local:5000/openmfp/openmfp-crds ref: - semver: 0.0.15 \ No newline at end of file + semver: 0.0.16 \ No newline at end of file diff --git a/local-setup/kustomize/overlays/oci/patch-openmfp.yaml b/local-setup/kustomize/overlays/oci/patch-openmfp.yaml index 2f85e9889..951fc38e6 100644 --- a/local-setup/kustomize/overlays/oci/patch-openmfp.yaml +++ b/local-setup/kustomize/overlays/oci/patch-openmfp.yaml @@ -6,4 +6,4 @@ metadata: spec: url: oci://registry.default.svc.cluster.local:5000/openmfp/openmfp ref: - semver: 0.0.197 + semver: 0.1.0 diff --git a/local-setup/scripts/start.sh b/local-setup/scripts/start.sh index 13e0e7581..e6f57fd11 100755 --- a/local-setup/scripts/start.sh +++ b/local-setup/scripts/start.sh @@ -100,7 +100,7 @@ fi echo -e "${COL}[$(date '+%H:%M:%S')] Creating necessary secrets ${COL_RES}" -kubectl create secret docker-registry ghcr-credentials -n openmfp-system --docker-server=ghcr.io --docker-username=$ghUser --docker-password=$ghToken --dry-run=client -o yaml | kubectl apply -f - +kubectl create secret docker-registry github -n openmfp-system --docker-server=ghcr.io --docker-username=$ghUser --docker-password=$ghToken --dry-run=client -o yaml | kubectl apply -f - kubectl create secret generic keycloak-admin -n openmfp-system --from-literal=secret=admin --dry-run=client -o yaml | kubectl apply -f -