Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated controller-runtime #373

Merged
merged 5 commits into from
Oct 13, 2023
Merged

updated controller-runtime #373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ac24f07
updated controller-runtime
bitscuit Oct 5, 2023
7d099f3
removed removeAPIService because unlikely to eixst
bitscuit Oct 5, 2023
3ee95d6
changed removeOldSecret to be more robust
bitscuit Oct 5, 2023
5a8832a
removed APIService from cache
bitscuit Oct 5, 2023
b69df38
removed unused secretshare-operator code
bitscuit Oct 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,20 @@
# See the License for the specific language governing permissions and
# limitations under the License.

KUSTOMIZE_VERSION=v4.5.6

ARCH := $(shell uname -m)
LOCAL_ARCH := "amd64"
ifeq ($(ARCH),x86_64)
LOCAL_ARCH="amd64"
else ifeq ($(ARCH),ppc64le)
LOCAL_ARCH="ppc64le"
else ifeq ($(ARCH),s390x)
LOCAL_ARCH="s390x"
else
$(error "This system's ARCH $(ARCH) isn't recognized/supported")
endif

# This repo is build locally for dev/test by default;
# Override this variable in CI env.
BUILD_LOCALLY ?= 1
Expand Down
2 changes: 1 addition & 1 deletion bundle.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=ibm-cert-manager-operator
LABEL operators.operatorframework.io.bundle.channels.v1=alpha
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.31.0
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3

Expand Down
10 changes: 5 additions & 5 deletions bundle/manifests/ibm-cert-manager-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,13 @@ metadata:
categories: Security
certified: "false"
containerImage: icr.io/cpopen/ibm-cert-manager-operator:latest
createdAt: "2023-04-25T19:31:21Z"
createdAt: "2023-10-05T20:07:25Z"
description: Operator for managing deployment of cert-manager service.
olm.skipRange: <4.2.1
operatorframework.io/suggested-namespace: ibm-cert-manager
operators.operatorframework.io/builder: operator-sdk-v1.28.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
operators.openshift.io/infrastructure-features: '["disconnected"]'
operators.operatorframework.io/builder: operator-sdk-v1.31.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
support: IBM
labels:
operatorframework.io/arch.amd64: supported
Expand Down Expand Up @@ -541,7 +541,7 @@ spec:
- name: ICP_CERT_MANAGER_ACMESOLVER_IMAGE
value: icr.io/cpopen/cpfs/icp-cert-manager-acmesolver:1.11.0-jetstack.1.10.1
image: icr.io/cpopen/ibm-cert-manager-operator:latest
imagePullPolicy: IfNotPresent
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
Expand All @@ -561,8 +561,8 @@ spec:
memory: 300Mi
requests:
cpu: 10m
memory: 50Mi
ephemeral-storage: 256Mi
memory: 50Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
Expand Down
134 changes: 119 additions & 15 deletions bundle/manifests/operator.ibm.com_certmanagerconfigs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,35 @@ spec:
description: CertManagerConfigSpec defines the desired state of CertManager
properties:
certManagerCAInjector:
description: CertManagerCAInjector includes spec for cert-manager-cainjector
description: CertManagerCAInjector describes spec for cert-manager-cainjector
workload
properties:
resources:
description: ResourceRequirements describes the compute resource
requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
Expand All @@ -65,18 +87,41 @@ spec:
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
type: object
certManagerController:
description: CertManagerController includes spec for cert-manager-controller
description: CertManagerController describes spec for cert-manager-controller
workload
properties:
resources:
description: ResourceRequirements describes the compute resource
requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
Expand All @@ -97,18 +142,41 @@ spec:
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
type: object
certManagerWebhook:
description: CertManagerWebhook includes spec for cert-manager-webhook
description: CertManagerWebhook describes spec for cert-manager-webhook
workload
properties:
resources:
description: ResourceRequirements describes the compute resource
requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
Expand All @@ -129,18 +197,40 @@ spec:
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
type: object
configMapWatcher:
description: ConfigMapWatcher includes spec for icp-configmap-watcher
workload
description: ConfigMapWatcher is not used
properties:
resources:
description: ResourceRequirements describes the compute resource
requirements.
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
Expand All @@ -161,21 +251,28 @@ spec:
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
type: object
disableHostNetwork:
description: DisableHostNetwork disables
type: boolean
enableCertRefresh:
description: EnableCertRefresh is a flag that can be set to enable
the refresh of leaf certificates based on a root CA
description: EnableCertRefresh enables the refresh of leaf certificates
based on a CA certificate
type: boolean
enableWebhook:
description: Webhook enables the cert-manager-webhook operand
type: boolean
imagePostFix:
description: ImagePostFix describes a string that will be appended
to the end of the fully qualified image, e.g. imageRegistry/imageName:imageTagAndPostFix
type: string
imageRegistry:
description: ImageRegistry describes the image registry for the operands,
e.g. cert-manager-controller
type: string
license:
description: LicenseAcceptance defines the license specification in
Expand All @@ -197,9 +294,11 @@ spec:
type: object
refreshCertsBasedOnCA:
description: RefreshCertsBasedOnCA is a list of CA certificate names.
Leaf certificates created from the CA will be refreshed when the
CA is refreshed.
Leaf certificates created from any of the listed CA will be refreshed
when the CA is refreshed
items:
description: CACertificate describes a CA Certfiicate's name and
namespace
properties:
certName:
type: string
Expand All @@ -211,17 +310,22 @@ spec:
type: object
type: array
resourceNamespace:
description: ResourceNS describes the cluster-resource-namespace flag
for cert-manager-controller operand, which is used to configure
the namespace the operand will use for ClusterIssuer secretReferences
type: string
version:
description: Version descibes the version of cert-manager-operator.
Changing the value does not change the cert-manager-operator version
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
status:
description: CertManagerConfigStatus defines the observed state of CertManagerConfig
properties:
certManagerConfigStatus:
description: 'It will be as "OK when all objects are created successfully
TODO: convert these markers for spec descriptor'
description: OverallStatus describes whether cert-manager operands
have been successfully deployed or not.
type: string
required:
- certManagerConfigStatus
Expand Down
2 changes: 1 addition & 1 deletion bundle/metadata/annotations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ annotations:
operators.operatorframework.io.bundle.metadata.v1: metadata/
operators.operatorframework.io.bundle.package.v1: ibm-cert-manager-operator
operators.operatorframework.io.bundle.channels.v1: alpha
operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0
operators.operatorframework.io.metrics.builder: operator-sdk-v1.31.0
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3

Expand Down
Loading