Skip to content

Commit

Permalink
Share common CA with OLMv1 in overlays/cert-manager
Browse files Browse the repository at this point in the history
Use kustomization Components to share a common ClusterIssuer with
operator-controller.

Fixes #295

Signed-off-by: Todd Short <todd.short@me.com>
  • Loading branch information
tmshort committed Jul 3, 2024
1 parent c77b952 commit 1f4d2cf
Show file tree
Hide file tree
Showing 9 changed files with 62 additions and 64 deletions.
5 changes: 5 additions & 0 deletions config/components/ca/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
# No namespace is specified here, otherwise, it will overwrite _all_ the other namespaces!
resources:
- resources/issuers.yaml
32 changes: 32 additions & 0 deletions config/components/ca/resources/issuers.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-sign-issuer
namespace: cert-manager
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: olmv1-ca
namespace: cert-manager
spec:
isCA: true
commonName: olmv1-ca
secretName: olmv1-ca
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: self-sign-issuer
kind: Issuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: olmv1-ca
spec:
ca:
secretName: olmv1-ca
15 changes: 15 additions & 0 deletions config/components/tls/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
namespace: olmv1-system
namePrefix: catalogd-
resources:
- resources/certificate.yaml
patches:
- target:
kind: Service
name: catalogserver
path: patches/catalogserver_service_port.yaml
- target:
kind: Deployment
name: controller-manager
path: patches/manager_deployment_certs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ spec:
dnsNames:
- localhost
- catalogd-catalogserver.olmv1-system.svc
- catalogd-catalogserver.olmv1-system.svc.cluster.local
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
kind: Issuer
name: catalogd-catalogserver-ca-issuer
kind: ClusterIssuer
group: cert-manager.io
name: olmv1-ca
25 changes: 3 additions & 22 deletions config/overlays/cert-manager/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,28 +1,9 @@
# Adds namespace to all resources.
namespace: olmv1-system

# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: catalogd-

# the following config is for teaching kustomize how to do var substitution
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base/crd
- ../../base/rbac
- ../../base/manager
- resources

patches:
- target:
kind: Service
name: catalogserver
path: patches/catalogserver_service_port.yaml
- target:
kind: Deployment
name: controller-manager
path: patches/manager_deployment_certs.yaml
components:
- ../../components/tls
- ../../components/ca
37 changes: 0 additions & 37 deletions config/overlays/cert-manager/resources/issuer.yaml

This file was deleted.

3 changes: 0 additions & 3 deletions config/overlays/cert-manager/resources/kustomization.yaml

This file was deleted.

0 comments on commit 1f4d2cf

Please sign in to comment.