Bump cert-manager to v1.8.0

dependencies.yaml

@@ -52,7 +52,7 @@ dependencies:
       match: OLM_VERSION
 
   - name: cert-manager
-    version: 1.7.2
+    version: 1.8.0
     refPaths:
     - path: test/e2e_test.go
       match: jetstack/cert-manager

hack/ci/e2e-olm.sh

@@ -23,74 +23,74 @@ BUNDLE_IMG=${REPO}/security-profiles-operator-bundle:v${GITHUB_SHA}
 CATALOG_IMG=${REPO}/security-profiles-operator-catalog:v${GITHUB_SHA}
 
 function build_and_push_spo() {
-        make image IMAGE=${IMG}
-        podman push --tls-verify=false ${IMG}
+    make image IMAGE=${IMG}
+    podman push --tls-verify=false ${IMG}
 }
 
 function build_and_push_packages() {
-        OPERATOR_MANIFEST=deploy/operator-ci.yaml
-
-        # Create a manifest with local image
-        pushd deploy/base
-        kustomize edit set image security-profiles-operator=$IMG
-        popd
-        kustomize build --reorder=none deploy/overlays/cluster -o ${OPERATOR_MANIFEST}
-
-        # this is a kludge, we need to make sure kustomize can be overwritten
-        rm -f build/kustomize
-
-        # create bundle, bundle image, push bundle using our manifest created earlier
-        make bundle BUNDLE_OPERATOR_MANIFEST=${OPERATOR_MANIFEST}
-        # GH CI workers have pretty limited CPU and won't be able to run SPO, OLM and cert-manager at the same time
-        sed -i '/cpu\:/d' bundle/manifests/security-profiles-operator.clusterserviceversion.yaml
-        make bundle-build BUNDLE_IMG=${BUNDLE_IMG}
-        podman push --tls-verify=false ${BUNDLE_IMG}
-
-        # create catalog image, push catalog
-        make catalog-build OPM_EXTRA_ARGS=" --skip-tls" BUNDLE_IMGS=${BUNDLE_IMG} CATALOG_IMG=${CATALOG_IMG}
-        podman push --tls-verify=false ${CATALOG_IMG}
+    OPERATOR_MANIFEST=deploy/operator-ci.yaml
+
+    # Create a manifest with local image
+    pushd deploy/base
+    kustomize edit set image security-profiles-operator=$IMG
+    popd
+    kustomize build --reorder=none deploy/overlays/cluster -o ${OPERATOR_MANIFEST}
+
+    # this is a kludge, we need to make sure kustomize can be overwritten
+    rm -f build/kustomize
+
+    # create bundle, bundle image, push bundle using our manifest created earlier
+    make bundle BUNDLE_OPERATOR_MANIFEST=${OPERATOR_MANIFEST}
+    # GH CI workers have pretty limited CPU and won't be able to run SPO, OLM and cert-manager at the same time
+    sed -i '/cpu\:/d' bundle/manifests/security-profiles-operator.clusterserviceversion.yaml
+    make bundle-build BUNDLE_IMG=${BUNDLE_IMG}
+    podman push --tls-verify=false ${BUNDLE_IMG}
+
+    # create catalog image, push catalog
+    make catalog-build OPM_EXTRA_ARGS=" --skip-tls" BUNDLE_IMGS=${BUNDLE_IMG} CATALOG_IMG=${CATALOG_IMG}
+    podman push --tls-verify=false ${CATALOG_IMG}
 }
 
 function deploy_olm() {
-        operator-sdk olm install --version ${OLM_VERSION} --timeout 6m
+    operator-sdk olm install --version ${OLM_VERSION} --timeout 6m
 }
 
 function deploy_spo() {
-        # cert-manager first. This should be done using dependencies in the
-        # future
-        kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml
-        kubectl -ncert-manager wait --for condition=ready pod -l app.kubernetes.io/instance=cert-manager
-
-        # let's roll..
-        sed -i "s#quay.io/security-profiles-operator/security-profiles-operator-catalog:latest#${CATALOG_IMG}#g" examples/olm/install-resources.yaml
-        kubectl create -f examples/olm/install-resources.yaml
+    # cert-manager first. This should be done using dependencies in the
+    # future
+    kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.8.0/cert-manager.yaml
+    kubectl -ncert-manager wait --for condition=ready pod -l app.kubernetes.io/instance=cert-manager
+
+    # let's roll..
+    sed -i "s#quay.io/security-profiles-operator/security-profiles-operator-catalog:latest#${CATALOG_IMG}#g" examples/olm/install-resources.yaml
+    kubectl create -f examples/olm/install-resources.yaml
 }
 
 function check_spo_is_running() {
-        # Useful in case the CatalogSource is fubar. We retry several times
-        # because on transient errors (which are for some reason common even
-        # if the catalog is local) the pod gets restarted
-        for i in $(seq 1 5); do
-            kubectl -nolm wait --for=condition=ready pods -lolm.catalogSource=security-profiles-operator
-            catalog_logs=$(kubectl -nolm logs $(kubectl -nolm get pods --no-headers -lolm.catalogSource=security-profiles-operator | awk '{print $1}') 2>/dev/null)
-            if [[ -n "$catalog_logs" ]]; then
-                echo $catalog_logs
-                break
-            fi
-        done
-
-        # wait a bit for CSV to appear
-        # (jhrozek): I didn't find a useful condition or status to wait for..
-        # ..if only there was a way to check if ANY installedCSV is set..
-        sleep 30
-        CSV=$(kubectl -nsecurity-profiles-operator get sub security-profiles-operator-sub -ojsonpath='{.status.installedCSV}')
-        # wait for the CSV to be actually installed
-        kubectl -nsecurity-profiles-operator wait --for=jsonpath='{.status.phase}'=Succeeded csv $CSV
-
-        # wait for the operator to be ready
-        kubectl -nsecurity-profiles-operator wait --for=condition=ready pod -lname=security-profiles-operator
-        kubectl -nsecurity-profiles-operator wait --for=condition=ready pod -lname=security-profiles-operator-webhook
-        kubectl -nsecurity-profiles-operator wait --for=condition=ready pod -lname=spod
+    # Useful in case the CatalogSource is fubar. We retry several times
+    # because on transient errors (which are for some reason common even
+    # if the catalog is local) the pod gets restarted
+    for i in $(seq 1 5); do
+        kubectl -nolm wait --for=condition=ready pods -lolm.catalogSource=security-profiles-operator
+        catalog_logs=$(kubectl -nolm logs $(kubectl -nolm get pods --no-headers -lolm.catalogSource=security-profiles-operator | awk '{print $1}') 2>/dev/null)
+        if [[ -n "$catalog_logs" ]]; then
+            echo $catalog_logs
+            break
+        fi
+    done
+
+    # wait a bit for CSV to appear
+    # (jhrozek): I didn't find a useful condition or status to wait for..
+    # ..if only there was a way to check if ANY installedCSV is set..
+    sleep 30
+    CSV=$(kubectl -nsecurity-profiles-operator get sub security-profiles-operator-sub -ojsonpath='{.status.installedCSV}')
+    # wait for the CSV to be actually installed
+    kubectl -nsecurity-profiles-operator wait --for=jsonpath='{.status.phase}'=Succeeded csv $CSV
+
+    # wait for the operator to be ready
+    kubectl -nsecurity-profiles-operator wait --for=condition=ready pod -lname=security-profiles-operator
+    kubectl -nsecurity-profiles-operator wait --for=condition=ready pod -lname=security-profiles-operator-webhook
+    kubectl -nsecurity-profiles-operator wait --for=condition=ready pod -lname=spod
 }
 
 # The actual script begins here

installation-usage.md

@@ -1,6 +1,7 @@
 # Installation and Usage
 
 <!-- toc -->
+
 - [Features](#features)
 - [Tutorials and Demos](#tutorials-and-demos)
 - [Install operator](#install-operator)
@@ -51,7 +52,7 @@ cert-manager via `kubectl`, if you're **not** running on
 [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift):
 
 ```sh
-$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml
+$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.8.0/cert-manager.yaml
 $ kubectl --namespace cert-manager wait --for condition=ready pod -l app.kubernetes.io/instance=cert-manager
 ```
 
@@ -82,7 +83,7 @@ I1111 15:13:16.942837       1 main.go:182]  "msg"="Set logging verbosity to 1"
 
 ## Configure the SELinux type
 
-The operator uses by default the `spc_t` SELinux type in the security context of the daemon pod. This can be easily 
+The operator uses by default the `spc_t` SELinux type in the security context of the daemon pod. This can be easily
 changed to a different SELinux type by patching the spod config as follows:
 
 ```

test/e2e_test.go

@@ -32,7 +32,7 @@ import (
 )
 
 const (
-	certmanager       = "https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml"
+	certmanager       = "https://github.com/jetstack/cert-manager/releases/download/v1.8.0/cert-manager.yaml"
 	manifest          = "deploy/operator.yaml"
 	namespaceManifest = "deploy/namespace-operator.yaml"
 	testNamespace     = "test-ns"