validatedpatterns
diff --git a/‎config/rbac/role.yaml‎
Lines changed: 11 additions & 0 deletions b/‎config/rbac/role.yaml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎internal/controller/argo.go‎
Lines changed: 87 additions & 2 deletions b/‎internal/controller/argo.go‎
Lines changed: 87 additions & 2 deletions
diff --git a/‎internal/controller/argo_test.go‎
Lines changed: 38 additions & 15 deletions b/‎internal/controller/argo_test.go‎
Lines changed: 38 additions & 15 deletions
diff --git a/‎internal/controller/defaults.go‎
Lines changed: 6 additions & 2 deletions b/‎internal/controller/defaults.go‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎internal/controller/pattern_controller.go‎
Lines changed: 52 additions & 9 deletions b/‎internal/controller/pattern_controller.go‎
Lines changed: 52 additions & 9 deletions
diff --git a/‎internal/controller/subscription.go‎
Lines changed: 23 additions & 7 deletions b/‎internal/controller/subscription.go‎
Lines changed: 23 additions & 7 deletions
@@ -75,6 +75,17 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - console.openshift.io
+  resources:
+  - consolelinks
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
 - apiGroups:
   - gitops.hybrid-cloud-patterns.io
   resources:
 
@@ -105,7 +105,7 @@ var _ = Describe("Argo Pattern", func() {
 		argoApp = &argoapi.Application{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      applicationName(pattern),
-				Namespace: "openshift-gitops",
+				Namespace: getClusterWideArgoNamespace(),
 				Labels: map[string]string{
 					"validatedpatterns.io/pattern": pattern.Name,
 				},
@@ -118,8 +118,13 @@ var _ = Describe("Argo Pattern", func() {
 				},
 				Project: "default",
 				SyncPolicy: &argoapi.SyncPolicy{
-					Automated:   &argoapi.SyncPolicyAutomated{},
+					Automated: &argoapi.SyncPolicyAutomated{
+						SelfHeal: true,
+					},
 					SyncOptions: []string{},
+					Retry: &argoapi.RetryStrategy{
+						Limit: 20,
+					},
 				},
 			},
 		}
@@ -450,6 +455,10 @@ var _ = Describe("Argo Pattern", func() {
 						Name:  "global.gitOpsSubNamespace",
 						Value: GitOpsDefaultSubscriptionNamespace,
 					},
+					argoapi.HelmParameter{
+						Name:  "global.vpArgoNamespace",
+						Value: getClusterWideArgoNamespace(),
+					},
 					argoapi.HelmParameter{
 						Name:        "global.multiSourceTargetRevision",
 						Value:       "0.0.*",
@@ -488,6 +497,10 @@ var _ = Describe("Argo Pattern", func() {
 						Name:  "global.gitOpsSubNamespace",
 						Value: GitOpsDefaultSubscriptionNamespace,
 					},
+					argoapi.HelmParameter{
+						Name:  "global.vpArgoNamespace",
+						Value: getClusterWideArgoNamespace(),
+					},
 					argoapi.HelmParameter{
 						Name:        "global.multiSourceTargetRevision",
 						Value:       "0.0.*",
@@ -525,6 +538,10 @@ var _ = Describe("Argo Pattern", func() {
 						Name:  "global.gitOpsSubNamespace",
 						Value: GitOpsDefaultSubscriptionNamespace,
 					},
+					argoapi.HelmParameter{
+						Name:  "global.vpArgoNamespace",
+						Value: getClusterWideArgoNamespace(),
+					},
 					argoapi.HelmParameter{
 						Name:  "global.multiSourceTargetRevision",
 						Value: "0.0.*",
@@ -625,14 +642,14 @@ var _ = Describe("Argo Pattern", func() {
 			})
 			It("should return false and log the appropriate message", func() {
 				automatedSyncPolicyChanged := automatedSyncPolicy.DeepCopy()
-				automatedSyncPolicyChanged.SelfHeal = true
+				automatedSyncPolicyChanged.SelfHeal = false
 				logBuffer := new(bytes.Buffer)
 				log.SetOutput(logBuffer)
 				defer log.SetOutput(os.Stderr)
 
 				result := compareAutomatedSyncPolicy(automatedSyncPolicy, automatedSyncPolicyChanged)
 				Expect(result).To(BeFalse())
-				Expect(logBuffer.String()).To(ContainSubstring("SyncPolicy SelfHeal changed true -> false"))
+				Expect(logBuffer.String()).To(ContainSubstring("SyncPolicy SelfHeal changed false -> true"))
 			})
 			It("compareAutomatedSyncPolicy() function with nil arg1", func() {
 				Expect(compareAutomatedSyncPolicy(automatedSyncPolicy, nil)).To(BeFalse())
@@ -1479,6 +1496,9 @@ var _ = Describe("CommonSyncPolicy", func() {
 			Expect(policy).ToNot(BeNil())
 			Expect(policy.Automated).ToNot(BeNil())
 			Expect(policy.Automated.Prune).To(BeFalse())
+			Expect(policy.Automated.SelfHeal).To(BeTrue())
+			Expect(policy.Retry).ToNot(BeNil())
+			Expect(policy.Retry.Limit).To(Equal(int64(20)))
 		})
 	})
 
@@ -1954,16 +1974,16 @@ var _ = Describe("removeApplication", func() {
 			app := &argoapi.Application{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "test-app",
-					Namespace: "openshift-gitops",
+					Namespace: getClusterWideArgoNamespace(),
 				},
 			}
 			argoClient := argoclient.NewSimpleClientset(app)
 
-			err := removeApplication(argoClient, "test-app", "openshift-gitops")
+			err := removeApplication(argoClient, "test-app", getClusterWideArgoNamespace())
 			Expect(err).ToNot(HaveOccurred())
 
 			// Verify the application is gone
-			_, err = argoClient.ArgoprojV1alpha1().Applications("openshift-gitops").Get(
+			_, err = argoClient.ArgoprojV1alpha1().Applications(getClusterWideArgoNamespace()).Get(
 				context.Background(), "test-app", metav1.GetOptions{})
 			Expect(err).To(HaveOccurred())
 			Expect(kerrors.IsNotFound(err)).To(BeTrue())
@@ -1973,7 +1993,7 @@ var _ = Describe("removeApplication", func() {
 	Context("when the application does not exist", func() {
 		It("should return an error", func() {
 			argoClient := argoclient.NewSimpleClientset()
-			err := removeApplication(argoClient, "nonexistent", "openshift-gitops")
+			err := removeApplication(argoClient, "nonexistent", getClusterWideArgoNamespace())
 			Expect(err).To(HaveOccurred())
 		})
 	})
@@ -2151,6 +2171,9 @@ var _ = Describe("commonSyncPolicy", func() {
 		Expect(policy).ToNot(BeNil())
 		Expect(policy.Automated).ToNot(BeNil())
 		Expect(policy.Automated.Prune).To(BeFalse())
+		Expect(policy.Automated.SelfHeal).To(BeTrue())
+		Expect(policy.Retry).ToNot(BeNil())
+		Expect(policy.Retry.Limit).To(Equal(int64(20)))
 	})
 
 	It("should return nil sync policy when manual sync is enabled", func() {
@@ -2188,7 +2211,7 @@ var _ = Describe("syncApplication", func() {
 			app := &argoapi.Application{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "test-app",
-					Namespace: "openshift-gitops",
+					Namespace: getClusterWideArgoNamespace(),
 				},
 			}
 			argoFakeClient := argoclient.NewSimpleClientset(app)
@@ -2205,7 +2228,7 @@ var _ = Describe("syncApplication", func() {
 			app := &argoapi.Application{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "test-app",
-					Namespace: "openshift-gitops",
+					Namespace: getClusterWideArgoNamespace(),
 				},
 			}
 			argoFakeClient := argoclient.NewSimpleClientset(app)
@@ -2222,7 +2245,7 @@ var _ = Describe("syncApplication", func() {
 			app := &argoapi.Application{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "test-app",
-					Namespace: "openshift-gitops",
+					Namespace: getClusterWideArgoNamespace(),
 				},
 				Operation: &argoapi.Operation{
 					Sync: &argoapi.SyncOperation{
@@ -2245,15 +2268,15 @@ var _ = Describe("getChildApplications", func() {
 			parentApp := &argoapi.Application{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "parent-app",
-					Namespace: "openshift-gitops",
+					Namespace: getClusterWideArgoNamespace(),
 				},
 			}
 			childApp := &argoapi.Application{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "child-app",
-					Namespace: "openshift-gitops",
+					Namespace: getClusterWideArgoNamespace(),
 					Annotations: map[string]string{
-						"argocd.argoproj.io/tracking-id": "parent-app:argoproj.io/Application:openshift-gitops/child-app",
+						"argocd.argoproj.io/tracking-id": fmt.Sprintf("parent-app:argoproj.io/Application:%s/child-app", getClusterWideArgoNamespace()),
 					},
 				},
 			}
@@ -2271,7 +2294,7 @@ var _ = Describe("getChildApplications", func() {
 			parentApp := &argoapi.Application{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "parent-app",
-					Namespace: "openshift-gitops",
+					Namespace: getClusterWideArgoNamespace(),
 				},
 			}
 			argoFakeClient := argoclient.NewSimpleClientset(parentApp)
 
@@ -33,9 +33,13 @@ const (
 	// Default Operator Config Map Name
 	OperatorConfigMap = "patterns-operator-config"
 	// Default Application Namespace
-	ApplicationNamespace = "openshift-gitops"
+	ApplicationNamespace = "vp-gitops"
 	// ClusterWide Argo Name
-	ClusterWideArgoName = "openshift-gitops"
+	ClusterWideArgoName = "vp-gitops"
+	// Legacy Application Namespace (used by the default gitops-operator instance)
+	LegacyApplicationNamespace = "openshift-gitops"
+	// Legacy ClusterWide Argo Name
+	LegacyClusterWideArgoName = "openshift-gitops"
 )
 
 // GitOps Subscription
 
@@ -99,6 +99,7 @@ type PatternReconciler struct {
 //+kubebuilder:rbac:groups=config.openshift.io,resources=ingresses,verbs=list;get
 //+kubebuilder:rbac:groups=config.openshift.io,resources=infrastructures,verbs=list;get
 //+kubebuilder:rbac:groups="",resources=namespaces,verbs=list;watch;delete;update;get;create;patch
+//+kubebuilder:rbac:groups=console.openshift.io,resources=consolelinks,verbs=get;list;create;update;patch;delete
 //+kubebuilder:rbac:groups=argoproj.io,resources=argocds,verbs=list;watch;get;create;update;patch;delete
 //+kubebuilder:rbac:groups=argoproj.io,resources=applications,verbs=list;get;create;update;patch;delete
 //+kubebuilder:rbac:groups=operators.coreos.com,resources=subscriptions,verbs=list;get;create;update;patch;delete
@@ -174,6 +175,10 @@ func (r *PatternReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		return r.actionPerformed(qualifiedInstance, "applying defaults", err)
 	}
 
+	// -- Detect ArgoCD namespace (legacy upgrade vs greenfield)
+	// Must happen before subscription creation since it controls DISABLE_DEFAULT_ARGOCD_INSTANCE.
+	detectArgoNamespace(r.dynamicClient)
+
 	if r.AnalyticsClient.SendPatternInstallationInfo(qualifiedInstance) {
 		return r.actionPerformed(qualifiedInstance, "Updated status with identity sent", nil)
 	}
@@ -183,7 +188,10 @@ func (r *PatternReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	}
 
 	// -- GitOps Subscription
-	targetSub, err := newSubscriptionFromConfigMap(r.fullClient)
+	// Only disable the default ArgoCD instance for non-legacy deployments.
+	// For legacy deployments, the gitops-operator's default instance is still in use.
+	disableDefault := !isLegacyArgoNamespace()
+	targetSub, err := newSubscriptionFromConfigMap(r.fullClient, disableDefault)
 
 	if err != nil {
 		return r.actionPerformed(qualifiedInstance, "error creating new subscription from configmap", err)
@@ -254,13 +262,16 @@ func (r *PatternReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 
 	clusterWideNS := getClusterWideArgoNamespace()
 	if !haveNamespace(r.Client, clusterWideNS) {
-		return r.actionPerformed(qualifiedInstance, "check application namespace", fmt.Errorf("waiting for creation"))
+		if isLegacyArgoNamespace() {
+			// Legacy mode: wait for the gitops-operator to create the openshift-gitops namespace
+			return r.actionPerformed(qualifiedInstance, "check application namespace", fmt.Errorf("waiting for creation"))
+		}
+		// Greenfield: create the namespace ourselves
+		if err = createNamespace(r.fullClient, clusterWideNS); err != nil {
+			return r.actionPerformed(qualifiedInstance, "error creating ArgoCD namespace", err)
+		}
+		return r.actionPerformed(qualifiedInstance, "created ArgoCD namespace", nil)
 	}
-	// Once we add support for creating the clusterwide argo in a separate NS we will uncomment this
-	// else if !haveNamespace(r.Client, clusterWideNS) && *qualifiedInstance.Spec.Experimental { // create the namespace if it does not exist
-	// 	 err = createNamespace(r.fullClient, clusterWideNS)
-	//	 return r.actionPerformed(qualifiedInstance, "created vp clusterwide namespace", err)
-	// }
 	logOnce("namespace found")
 
 	// Create the trusted-bundle configmap inside the clusterwide namespace
@@ -282,10 +293,18 @@ func (r *PatternReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 	}
 
 	// We only update the clusterwide argo instance so we can define our own 'initcontainers' section
-	err = createOrUpdateArgoCD(r.dynamicClient, r.fullClient, ClusterWideArgoName, clusterWideNS)
+	err = createOrUpdateArgoCD(r.dynamicClient, r.fullClient, getClusterWideArgoName(), clusterWideNS)
 	if err != nil {
 		return r.actionPerformed(qualifiedInstance, "created or updated clusterwide argo instance", err)
 	}
+
+	// Create/update the ConsoleLink so the ArgoCD instance appears in the OpenShift console nine-box menu
+	if !isLegacyArgoNamespace() && qualifiedInstance.Status.AppClusterDomain != "" {
+		if err = createOrUpdateConsoleLink(r.dynamicClient, getClusterWideArgoName(), clusterWideNS, qualifiedInstance.Status.AppClusterDomain); err != nil {
+			return r.actionPerformed(qualifiedInstance, "error creating ConsoleLink for ArgoCD", err)
+		}
+	}
+
 	// Copy the bootstrap secret to the namespaced argo namespace
 	if qualifiedInstance.Spec.GitConfig.TokenSecret != "" {
 		if err = r.copyAuthGitSecret(qualifiedInstance.Spec.GitConfig.TokenSecretNamespace,
@@ -691,6 +710,8 @@ func (r *PatternReconciler) finalizeObject(instance *api.Pattern) error {
 			log.Printf("\n\x1b[31;1m\tCannot cleanup the ArgoCD application of an invalid pattern: %s\x1b[0m\n", err.Error())
 			return nil
 		}
+		// Ensure detection has run for the finalize path
+		detectArgoNamespace(r.dynamicClient)
 		ns := getClusterWideArgoNamespace()
 
 		targetApp := newArgoApplication(qualifiedInstance)
@@ -793,6 +814,13 @@ func (r *PatternReconciler) finalizeObject(instance *api.Pattern) error {
 			if err := removeApplication(r.argoClient, app.Name, ns); err != nil {
 				return err
 			}
+			// Clean up the ConsoleLink if we created one
+			if !isLegacyArgoNamespace() {
+				err := removeConsoleLink(r.dynamicClient, getClusterWideArgoName())
+				if err != nil {
+					log.Printf("failed to remove the consoleLink: %v", err)
+				}
+			}
 		}
 	}
 
@@ -865,7 +893,7 @@ func (r *PatternReconciler) startArgoCDWatch() {
 
 	err := r.ctrl.Watch(source.Kind(r.mgr.GetCache(), argoCD,
 		handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, obj *unstructured.Unstructured) []reconcile.Request {
-			if obj.GetName() != ClusterWideArgoName || obj.GetNamespace() != getClusterWideArgoNamespace() {
+			if obj.GetName() != getClusterWideArgoName() || obj.GetNamespace() != getClusterWideArgoNamespace() {
 				return nil
 			}
 			var patterns api.PatternList
@@ -917,6 +945,21 @@ func (r *PatternReconciler) onReconcileErrorWithRequeue(p *api.Pattern, reason s
 	return reconcile.Result{}, err
 }
 
+// detectArgoNamespace determines whether this is a legacy upgrade or greenfield deploy
+// by checking if the legacy ArgoCD CR exists. Sets the package-level active ArgoCD
+// namespace/name accordingly.
+func detectArgoNamespace(dynamicClient dynamic.Interface) {
+	if haveArgo(dynamicClient, LegacyClusterWideArgoName, LegacyApplicationNamespace) {
+		activeArgoNamespace = LegacyApplicationNamespace
+		activeArgoName = LegacyClusterWideArgoName
+		logOnce(fmt.Sprintf("Detected legacy ArgoCD instance, using namespace: %s", LegacyApplicationNamespace))
+	} else {
+		activeArgoNamespace = ApplicationNamespace
+		activeArgoName = ClusterWideArgoName
+		logOnce(fmt.Sprintf("No legacy ArgoCD instance found, using namespace: %s", ApplicationNamespace))
+	}
+}
+
 func (r *PatternReconciler) actionPerformed(p *api.Pattern, reason string, err error) (reconcile.Result, error) {
 	if err != nil {
 		delay := time.Minute * 1
 
@@ -30,7 +30,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 )
 
-func newSubscriptionFromConfigMap(r kubernetes.Interface) (*operatorv1alpha1.Subscription, error) {
+func newSubscriptionFromConfigMap(r kubernetes.Interface, disableDefaultInstance bool) (*operatorv1alpha1.Subscription, error) {
 	var newSubscription *operatorv1alpha1.Subscription
 
 	// Check if the config map exists and read the config map values
@@ -60,12 +60,7 @@ func newSubscriptionFromConfigMap(r kubernetes.Interface) (*operatorv1alpha1.Sub
 		StartingCSV:            PatternsOperatorConfig.getValueWithDefault("gitops.csv"),
 		InstallPlanApproval:    installPlanApproval,
 		Config: &operatorv1alpha1.SubscriptionConfig{
-			Env: []corev1.EnvVar{
-				{
-					Name:  "ARGOCD_CLUSTER_CONFIG_NAMESPACES",
-					Value: "*",
-				},
-			},
+			Env: newSubscriptionEnvVars(disableDefaultInstance),
 		},
 	}
 	subscriptionName, subscriptionNamespace := DetectGitOpsSubscription()
@@ -81,6 +76,27 @@ func newSubscriptionFromConfigMap(r kubernetes.Interface) (*operatorv1alpha1.Sub
 	return newSubscription, nil
 }
 
+// newSubscriptionEnvVars returns the environment variables for the GitOps operator subscription.
+// When disableDefaultInstance is true, the DISABLE_DEFAULT_ARGOCD_INSTANCE env var is added
+// to prevent the gitops-operator from creating (and actively deleting) the default ArgoCD
+// instance in the openshift-gitops namespace. This is safe when using a non-default ArgoCD
+// name/namespace (e.g. vp-gitops) since the gitops-operator only targets "openshift-gitops".
+func newSubscriptionEnvVars(disableDefaultInstance bool) []corev1.EnvVar {
+	envVars := []corev1.EnvVar{
+		{
+			Name:  "ARGOCD_CLUSTER_CONFIG_NAMESPACES",
+			Value: "*",
+		},
+	}
+	if disableDefaultInstance {
+		envVars = append(envVars, corev1.EnvVar{
+			Name:  "DISABLE_DEFAULT_ARGOCD_INSTANCE",
+			Value: "true",
+		})
+	}
+	return envVars
+}
+
 func getSubscription(client olmclient.Interface, name, namespace string) (*operatorv1alpha1.Subscription, error) {
 	var subscription *operatorv1alpha1.Subscription
 	var err error