Reorganize manifests for cert-manager overlay

This allows the use of alternate certificate managers. Signed-off-by: Tayler Geiger <tayler@redhat.com>
operator-framework · May 6, 2024 · b298977 · b298977
1 parent 3791977
commit b298977
Show file tree

Hide file tree

Showing 25 changed files with 31 additions and 11 deletions.
diff --git a/...talogd.operatorframework.io_catalogs.yaml → ...talogd.operatorframework.io_catalogs.yaml b/...talogd.operatorframework.io_catalogs.yaml → ...talogd.operatorframework.io_catalogs.yaml
diff --git a/config/crd/kustomization.yaml → config/base/crd/kustomization.yaml b/config/crd/kustomization.yaml → config/base/crd/kustomization.yaml
diff --git a/config/crd/patches/catalog_validation.yaml → .../base/crd/patches/catalog_validation.yaml b/config/crd/patches/catalog_validation.yaml → .../base/crd/patches/catalog_validation.yaml
diff --git a/config/default/kustomization.yaml → config/base/default/kustomization.yaml b/config/default/kustomization.yaml → config/base/default/kustomization.yaml
@@ -14,5 +14,4 @@ kind: Kustomization
 resources:
 - ../crd
 - ../rbac
-- ../certmanager
 - ../manager
diff --git a/config/manager/catalogserver_service.yaml → ...g/base/manager/catalogserver_service.yaml b/config/manager/catalogserver_service.yaml → ...g/base/manager/catalogserver_service.yaml
@@ -10,7 +10,7 @@ spec:
   selector:
     control-plane: controller-manager
   ports:
-  - name: https
+  - name: http
     protocol: TCP
-    port: 443
+    port: 80
     targetPort: 8083
diff --git a/config/manager/kustomization.yaml → config/base/manager/kustomization.yaml b/config/manager/kustomization.yaml → config/base/manager/kustomization.yaml
diff --git a/config/manager/manager.yaml → config/base/manager/manager.yaml b/config/manager/manager.yaml → config/base/manager/manager.yaml
@@ -76,14 +76,12 @@ spec:
         args:
         - --leader-elect
         - --metrics-bind-address=127.0.0.1:8080
-        - --https-external-address=https://catalogd-catalogserver.catalogd-system.svc
+        - --external-address=catalogd-catalogserver.catalogd-system.svc
         image: controller:latest
         name: manager
         volumeMounts:
             - name: cache
               mountPath: /var/cache/
-            - name: catalogserver-certs
-              mountPath: /var/certs/
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
@@ -112,6 +110,3 @@ spec:
       volumes:
         - name: cache
           emptyDir: {}
-        - name: catalogserver-certs
-          secret:
-            secretName: catalogd-catalogserver-cert
diff --git a/config/nginx-ingress/kustomization.yaml → config/base/nginx-ingress/kustomization.yaml b/config/nginx-ingress/kustomization.yaml → config/base/nginx-ingress/kustomization.yaml
diff --git a/...ginx-ingress/resources/nginx_ingress.yaml → ...ginx-ingress/resources/nginx_ingress.yaml b/...ginx-ingress/resources/nginx_ingress.yaml → ...ginx-ingress/resources/nginx_ingress.yaml
diff --git a/...g/rbac/auth_proxy_client_clusterrole.yaml → ...e/rbac/auth_proxy_client_clusterrole.yaml b/...g/rbac/auth_proxy_client_clusterrole.yaml → ...e/rbac/auth_proxy_client_clusterrole.yaml
diff --git a/config/rbac/auth_proxy_role.yaml → config/base/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml → config/base/rbac/auth_proxy_role.yaml
diff --git a/config/rbac/auth_proxy_role_binding.yaml → ...ig/base/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml → ...ig/base/rbac/auth_proxy_role_binding.yaml
diff --git a/config/rbac/auth_proxy_service.yaml → config/base/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml → config/base/rbac/auth_proxy_service.yaml
diff --git a/config/rbac/kustomization.yaml → config/base/rbac/kustomization.yaml b/config/rbac/kustomization.yaml → config/base/rbac/kustomization.yaml
diff --git a/config/rbac/leader_election_role.yaml → config/base/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml → config/base/rbac/leader_election_role.yaml
diff --git a/...ig/rbac/leader_election_role_binding.yaml → ...se/rbac/leader_election_role_binding.yaml b/...ig/rbac/leader_election_role_binding.yaml → ...se/rbac/leader_election_role_binding.yaml
diff --git a/config/rbac/role.yaml → config/base/rbac/role.yaml b/config/rbac/role.yaml → config/base/rbac/role.yaml
diff --git a/config/rbac/role_binding.yaml → config/base/rbac/role_binding.yaml b/config/rbac/role_binding.yaml → config/base/rbac/role_binding.yaml
diff --git a/config/rbac/service_account.yaml → config/base/rbac/service_account.yaml b/config/rbac/service_account.yaml → config/base/rbac/service_account.yaml
diff --git a/config/overlays/cert-manager/kustomization.yaml b/config/overlays/cert-manager/kustomization.yaml
@@ -0,0 +1,13 @@
+resources:
+- ../../base/default
+- resources
+
+patches:
+- target:
+    kind: Service
+    name: catalogserver
+  path: patches/catalogserver_service_port.yaml
+- target:
+    kind: Deployment
+    name: controller-manager
+  path: patches/manager_deployment_certs.yaml
diff --git a/config/overlays/cert-manager/patches/catalogserver_service_port.yaml b/config/overlays/cert-manager/patches/catalogserver_service_port.yaml
@@ -0,0 +1,6 @@
+- op: replace
+  path: /spec/ports/0/port
+  value: 443
+- op: replace
+  path: /spec/ports/0/name
+  value: https
diff --git a/config/overlays/cert-manager/patches/manager_deployment_certs.yaml b/config/overlays/cert-manager/patches/manager_deployment_certs.yaml
@@ -0,0 +1,7 @@
+- op: add
+  path: /spec/template/spec/volumes/-
+  value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-catalogserver-cert"}}
+- op: add
+  path: /spec/template/spec/containers/1/volumeMounts/-
+  value: {"name":"catalogserver-certs", "mountPath":"/var/certs"}
+
diff --git a/config/certmanager/certificate.yaml → ...s/cert-manager/resources/certificate.yaml b/config/certmanager/certificate.yaml → ...s/cert-manager/resources/certificate.yaml
@@ -14,6 +14,6 @@ spec:
   dnsNames:
     - catalogd-catalogserver.catalogd-system.svc
   issuerRef:
-    name: catalogd-catalogserver-selfsigned-issuer
+    name: catalogserver-selfsigned-issuer
     kind: Issuer
 
diff --git a/config/certmanager/issuer.yaml → ...erlays/cert-manager/resources/issuer.yaml b/config/certmanager/issuer.yaml → ...erlays/cert-manager/resources/issuer.yaml
diff --git a/config/certmanager/kustomization.yaml → ...cert-manager/resources/kustomization.yaml b/config/certmanager/kustomization.yaml → ...cert-manager/resources/kustomization.yaml
@@ -1,3 +1,3 @@
 resources:
-- issuer.yaml
 - certificate.yaml
+- issuer.yaml