Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update: cert-manager #265

Merged
merged 3 commits into from
Dec 12, 2023
Merged

update: cert-manager #265

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5175879
update: cert-manager
codekow Nov 12, 2023
ffff42d
cleanup
codekow Nov 12, 2023
e65815e
update: operator group
codekow Dec 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cert-manager-operator
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
openshift-cert-manager-operator
15 changes: 0 additions & 15 deletions cert-manager-operator/README.md
View file
Open in desktop

This file was deleted.

8 changes: 0 additions & 8 deletions cert-manager-operator/operator/base/namespace.yaml
View file
Open in desktop

This file was deleted.

4 changes: 4 additions & 0 deletions openshift-cert-manager-operator/INFO.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# openshift-cert-manager-operator

The cert-manager Operator for Red Hat OpenShift provides seamless support for cert-manager, which automates certificate management.
For more information, see the [cert-manager Operator for Red Hat OpenShift documentation](https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html).
35 changes: 35 additions & 0 deletions openshift-cert-manager-operator/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# cert-manager Operator for Red Hat OpenShift

Install cert-manager Operator for Red Hat OpenShift.

Do not use the `base` directory directly, as you will need to patch the `channel` based on the version of OpenShift you are using, or the version of the operator you want to use.

The current *overlays* available are for the following channels:

* [stable-v1](operator/overlays/stable-v1)
* [stable-v1.10](operator/overlays/stable-v1.10)
* [stable-v1.11](operator/overlays/stable-v1.11)
* [tech-preview](operator/overlays/tech-preview)

## Usage

If you have cloned the `gitops-catalog` repository, you can install cert-manager Operator for Red Hat OpenShift based on the overlay of your choice by running from the root (`gitops-catalog`) directory.

```
oc apply -k openshift-cert-manager-operator/operator/overlays/<channel>
```

Or, without cloning:

```
oc apply -k https://github.com/redhat-cop/gitops-catalog/openshift-cert-manager-operator/operator/overlays/<channel>
```

As part of a different overlay in your own GitOps repo:

```
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/redhat-cop/gitops-catalog/openshift-cert-manager-operator/operator/overlays/<channel>?ref=main
```
0 ...xamples/acs-central-certificate/README.md → ...xamples/acs-central-certificate/README.md
View file
Open in desktop
File renamed without changes.
0 ...-certificate/acs-central-certificate.yaml → ...-certificate/acs-central-certificate.yaml
View file
Open in desktop
File renamed without changes.
1 change: 0 additions & 1 deletion ...cs-central-certificate/kustomization.yaml → ...cs-central-certificate/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

Expand Down
0 ...ples/letsencrypt-route53-issuer/README.md → ...ples/letsencrypt-route53-issuer/README.md
View file
Open in desktop
File renamed without changes.
1 change: 0 additions & 1 deletion ...encrypt-route53-issuer/kustomization.yaml → ...encrypt-route53-issuer/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

Expand Down
0 ...suer/letsencrypt-prod-cluster-issuer.yaml → ...suer/letsencrypt-prod-cluster-issuer.yaml
View file
Open in desktop
File renamed without changes.
0 ...r/letsencrypt-staging-cluster-issuer.yaml → ...r/letsencrypt-staging-cluster-issuer.yaml
View file
Open in desktop
File renamed without changes.
0 ...mples/openshift-api-certificate/README.md → ...mples/openshift-api-certificate/README.md
View file
Open in desktop
File renamed without changes.
1 change: 0 additions & 1 deletion ...nshift-api-certificate/kustomization.yaml → ...nshift-api-certificate/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1

Expand Down
0 ...ertificate/openshift-api-certificate.yaml → ...ertificate/openshift-api-certificate.yaml
View file
Open in desktop
File renamed without changes.
3 changes: 3 additions & 0 deletions ...rtificate/patch-cluster-api-cert-job.yaml → ...rtificate/patch-cluster-api-cert-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
Expand Down Expand Up @@ -57,6 +58,8 @@ spec:
- -c
- |
#!/usr/bin/env bash
# lets try to dynamically get this value ??
# API_HOST_NAME=$(oc get secret openshift-api-certificate -n openshift-config -o jsonpath='{.metadata.annotations.cert-manager\.io/common-name}')
if oc get secret openshift-api-certificate -n openshift-config; then
oc patch apiserver cluster --type=merge -p '{"spec":{"servingCerts": {"namedCertificates": [{"names": ["'$API_HOST_NAME'"], "servingCertificate": {"name": "openshift-api-certificate"}}]}}}'
else
Expand Down
0 .../openshift-wildcard-certificate/README.md → .../openshift-wildcard-certificate/README.md
View file
Open in desktop
File renamed without changes.
1 change: 0 additions & 1 deletion ...t-wildcard-certificate/kustomization.yaml → ...t-wildcard-certificate/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
kind: Kustomization
apiVersion: kustomize.config.k8s.io/v1beta1

Expand Down
0 ...icate/openshift-wildcard-certificate.yaml → ...icate/openshift-wildcard-certificate.yaml
View file
Open in desktop
File renamed without changes.
0 ...cate/patch-cluster-wildcard-cert-job.yaml → ...cate/patch-cluster-wildcard-cert-job.yaml
View file
Open in desktop
File renamed without changes.
3 changes: 0 additions & 3 deletions ...operator/operator/base/kustomization.yaml → ...operator/operator/base/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: cert-manager-operator
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally I prefer to keep the namespace in the kustomize, especially when you are dealing with multiple objects.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think most operators in the catalog use this pattern. Can we do this as a separate PR?


resources:
- namespace.yaml
- operator-group.yaml
Expand Down
8 changes: 8 additions & 0 deletions openshift-cert-manager-operator/operator/base/namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
openshift.io/display-name: "cert-manager Operator for Red Hat OpenShift"
labels:
openshift.io/cluster-monitoring: 'true'
name: cert-manager-operator
3 changes: 1 addition & 2 deletions ...perator/operator/base/operator-group.yaml → ...perator/operator/base/operator-group.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: cert-manager-operator
name: openshift-cert-manager-operator-group
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it is a requirement, but I think normally the operator groups name is the same as the namespace. I would prefer to keep it the same as whatever the GUI creates when installing through the UI so if someone installs via the UI and then later adds the catalog item into gitops, it doesn't cause a second operator group to be created.

Can you confirm what the correct operatorgroup name should be?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with aligning the name of the operator group with the packagemanifest name, that might also be the namespace name... Either way we can remove the -group because it's redundant. This should be removed globally and in the script used to generate operators. I can do that in another PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this was an exception with naming of things. We can dig into it more.

namespace: cert-manager-operator
spec:
targetNamespaces:
- cert-manager-operator
upgradeStrategy: Default
4 changes: 1 addition & 3 deletions ...-operator/operator/base/subscription.yaml → ...-operator/operator/base/subscription.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
labels:
operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator: ""
name: openshift-cert-manager-operator
namespace: cert-manager-operator
spec:
channel: stable-v1
channel: patch-me-see-overlays-dir
installPlanApproval: Automatic
name: openshift-cert-manager-operator
source: redhat-operators
Expand Down
11 changes: 11 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/stable-v1.10/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

patches:
- target:
kind: Subscription
name: openshift-cert-manager-operator
path: patch-channel.yaml
3 changes: 3 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/stable-v1.10/patch-channel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- op: replace
path: /spec/channel
value: stable-v1.10
11 changes: 11 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/stable-v1.11/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

patches:
- target:
kind: Subscription
name: openshift-cert-manager-operator
path: patch-channel.yaml
3 changes: 3 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/stable-v1.11/patch-channel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- op: replace
path: /spec/channel
value: stable-v1.11
11 changes: 11 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/stable-v1/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

patches:
- target:
kind: Subscription
name: openshift-cert-manager-operator
path: patch-channel.yaml
3 changes: 3 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/stable-v1/patch-channel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- op: replace
path: /spec/channel
value: stable-v1
11 changes: 11 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/tech-preview/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

patches:
- target:
kind: Subscription
name: openshift-cert-manager-operator
path: patch-channel.yaml
3 changes: 3 additions & 0 deletions openshift-cert-manager-operator/operator/overlays/tech-preview/patch-channel.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- op: replace
path: /spec/channel
value: tech-preview