From a4af74c423eb70b9cc7b262e8cc491ad2a3a7e68 Mon Sep 17 00:00:00 2001 From: odubajDT Date: Wed, 9 Aug 2023 11:25:18 +0200 Subject: [PATCH 1/9] chore: support external cert-manager Signed-off-by: odubajDT --- docs/content/en/docs/install/cert-manager.md | 69 ++++++------------- .../templates/analysisdefinition-crd.yaml | 1 + helm/chart/templates/keptnapp-crd.yaml | 1 + .../keptnappcreationrequest-crd.yaml | 1 + helm/chart/templates/keptnappversion-crd.yaml | 1 + helm/chart/templates/keptnconfig-crd.yaml | 1 + helm/chart/templates/keptnevaluation-crd.yaml | 1 + .../keptnevaluationdefinition-crd.yaml | 1 + .../keptnevaluationprovider-crd.yaml | 1 + helm/chart/templates/keptnmetric-crd.yaml | 1 + .../templates/keptnmetricsprovider-crd.yaml | 1 + helm/chart/templates/keptntask-crd.yaml | 1 + .../templates/keptntaskdefinition-crd.yaml | 1 + helm/chart/templates/keptnworkload-crd.yaml | 1 + .../templates/keptnworkloadinstance-crd.yaml | 1 + ...ecycle-mutating-webhook-configuration.yaml | 2 +- ...ycle-validating-webhook-configuration.yaml | 2 +- ...rics-validating-webhook-configuration.yaml | 2 +- 18 files changed, 37 insertions(+), 52 deletions(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index f78913c415..0f0c6f9943 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -27,73 +27,44 @@ The steps are: * Install the cert-manager of your choice if it is not already installed. -* Modify the `Deployment` manifest of each KLT operator component. -* Add the `Certificate` CRD for the cert-manager you are using. - -## Modify the KLT manifest - -You must modify the KLT manifest for each KLT operator component -to make it aware of the cert-manager you are using. -These instructions implement -[cert-manager.io](https://cert-manager.io/); -the process is similar for other cert-managers. - -To configure KLT to use your cert-manager, -change the `Deployment` manifest of each KLT operator component -and **replace** the following `volumes` definition - - ```yaml - - emptyDir: {} - name: certs-dir - ``` - - with - - ```yaml - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert - ``` - -Each manifest must have the following special annotation: - -```yaml -cert-manager.io/inject-ca-from=klt-serving-cert/keptn-lifecycle-toolkit-system -``` - -The value of the annotation must match the -`name/namespace` of the cert-manager CRD discussed below. +* Add the `Certificate` and `Issuer` CRs for the cert-manager you are using. ## Add the CRD for your cert-manager -This is the CRD for `cert-manager.io`: +These are the CRs for `cert-manager.io` to be applied to your cluster: ```yaml apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: klt-serving-cert - namespace: keptn-lifecycle-toolkit-system + name: klt-certs + namespace: spec: dnsNames: - - lifecycle-webhook-service.keptn-lifecycle-toolkit-system.svc - - lifecycle-webhook-service.keptn-lifecycle-toolkit-system.svc.cluster.local + - lifecycle-webhook-service..svc + - lifecycle-webhook-service..svc.cluster.local + - metrics-webhook-service..svc + - metrics-webhook-service..svc.cluster.local issuerRef: kind: Issuer name: klt-selfsigned-issuer - secretName webhook-server-cert + secretName: klt-certs +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: klt-selfsigned-issuer + namespace: +spec: + selfSigned: {} ``` Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. -* The `metadata` section includes two fields. - The value of these fields must match the annotations - used in the KLT operator manifests. -* The value of the `secretName` field - must match the value of the `secretName` field used - in the `volumes` definition section of the KLT operator manifests above. +* The value of the `.spec.secretName` field as well as the `.metadata.name` of the `Certificate` CR + must needs to be `klt-certs`. +* Substitue the namespace placeholders with your namespace, where KLT is installed. See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) documentation for more details. diff --git a/helm/chart/templates/analysisdefinition-crd.yaml b/helm/chart/templates/analysisdefinition-crd.yaml index e0121622b4..79e7d6684c 100644 --- a/helm/chart/templates/analysisdefinition-crd.yaml +++ b/helm/chart/templates/analysisdefinition-crd.yaml @@ -4,6 +4,7 @@ metadata: name: analysisdefinitions.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: metrics.keptn.sh diff --git a/helm/chart/templates/keptnapp-crd.yaml b/helm/chart/templates/keptnapp-crd.yaml index e91c140173..3255971f3e 100644 --- a/helm/chart/templates/keptnapp-crd.yaml +++ b/helm/chart/templates/keptnapp-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnapps.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnappcreationrequest-crd.yaml b/helm/chart/templates/keptnappcreationrequest-crd.yaml index fdbf1442e5..85513c155e 100644 --- a/helm/chart/templates/keptnappcreationrequest-crd.yaml +++ b/helm/chart/templates/keptnappcreationrequest-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnappcreationrequests.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnappversion-crd.yaml b/helm/chart/templates/keptnappversion-crd.yaml index 87e27df853..444745d196 100644 --- a/helm/chart/templates/keptnappversion-crd.yaml +++ b/helm/chart/templates/keptnappversion-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnappversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnconfig-crd.yaml b/helm/chart/templates/keptnconfig-crd.yaml index cbf508d36e..3ecdcd8c56 100644 --- a/helm/chart/templates/keptnconfig-crd.yaml +++ b/helm/chart/templates/keptnconfig-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnconfigs.options.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnevaluation-crd.yaml b/helm/chart/templates/keptnevaluation-crd.yaml index 8a1f7ed862..117649d8bf 100644 --- a/helm/chart/templates/keptnevaluation-crd.yaml +++ b/helm/chart/templates/keptnevaluation-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnevaluations.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnevaluationdefinition-crd.yaml b/helm/chart/templates/keptnevaluationdefinition-crd.yaml index 004785f26a..38081fdd68 100644 --- a/helm/chart/templates/keptnevaluationdefinition-crd.yaml +++ b/helm/chart/templates/keptnevaluationdefinition-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnevaluationdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnevaluationprovider-crd.yaml b/helm/chart/templates/keptnevaluationprovider-crd.yaml index f56a2a1ddd..acec83bdaf 100644 --- a/helm/chart/templates/keptnevaluationprovider-crd.yaml +++ b/helm/chart/templates/keptnevaluationprovider-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnevaluationproviders.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnmetric-crd.yaml b/helm/chart/templates/keptnmetric-crd.yaml index 47495a92d7..1b81002df8 100644 --- a/helm/chart/templates/keptnmetric-crd.yaml +++ b/helm/chart/templates/keptnmetric-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnmetrics.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.0 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: metrics.keptn.sh diff --git a/helm/chart/templates/keptnmetricsprovider-crd.yaml b/helm/chart/templates/keptnmetricsprovider-crd.yaml index ee8d685f2c..6b8e0fea55 100644 --- a/helm/chart/templates/keptnmetricsprovider-crd.yaml +++ b/helm/chart/templates/keptnmetricsprovider-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnmetricsproviders.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.0 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: metrics.keptn.sh diff --git a/helm/chart/templates/keptntask-crd.yaml b/helm/chart/templates/keptntask-crd.yaml index 3357161450..3ecd20679e 100644 --- a/helm/chart/templates/keptntask-crd.yaml +++ b/helm/chart/templates/keptntask-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptntasks.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptntaskdefinition-crd.yaml b/helm/chart/templates/keptntaskdefinition-crd.yaml index 703f94e177..2bed312f6a 100644 --- a/helm/chart/templates/keptntaskdefinition-crd.yaml +++ b/helm/chart/templates/keptntaskdefinition-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptntaskdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnworkload-crd.yaml b/helm/chart/templates/keptnworkload-crd.yaml index 6de136f0c9..d74d91f4c3 100644 --- a/helm/chart/templates/keptnworkload-crd.yaml +++ b/helm/chart/templates/keptnworkload-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnworkloads.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/keptnworkloadinstance-crd.yaml b/helm/chart/templates/keptnworkloadinstance-crd.yaml index 63db74ac45..850d7e7128 100644 --- a/helm/chart/templates/keptnworkloadinstance-crd.yaml +++ b/helm/chart/templates/keptnworkloadinstance-crd.yaml @@ -4,6 +4,7 @@ metadata: name: keptnworkloadinstances.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/klt-certs labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh diff --git a/helm/chart/templates/lifecycle-mutating-webhook-configuration.yaml b/helm/chart/templates/lifecycle-mutating-webhook-configuration.yaml index 0ea3c3ad70..f37ba64cee 100644 --- a/helm/chart/templates/lifecycle-mutating-webhook-configuration.yaml +++ b/helm/chart/templates/lifecycle-mutating-webhook-configuration.yaml @@ -3,7 +3,7 @@ kind: MutatingWebhookConfiguration metadata: name: lifecycle-mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/ + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: keptn.sh/inject-cert: "true" app.kubernetes.io/part-of: "keptn-lifecycle-toolkit" diff --git a/helm/chart/templates/lifecycle-validating-webhook-configuration.yaml b/helm/chart/templates/lifecycle-validating-webhook-configuration.yaml index 30e53a24ff..2a3c22d1df 100644 --- a/helm/chart/templates/lifecycle-validating-webhook-configuration.yaml +++ b/helm/chart/templates/lifecycle-validating-webhook-configuration.yaml @@ -3,7 +3,7 @@ kind: ValidatingWebhookConfiguration metadata: name: lifecycle-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/ + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} diff --git a/helm/chart/templates/metrics-validating-webhook-configuration.yaml b/helm/chart/templates/metrics-validating-webhook-configuration.yaml index ee0485fe99..8ab24047b5 100644 --- a/helm/chart/templates/metrics-validating-webhook-configuration.yaml +++ b/helm/chart/templates/metrics-validating-webhook-configuration.yaml @@ -3,7 +3,7 @@ kind: ValidatingWebhookConfiguration metadata: name: metrics-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/ + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: keptn.sh/inject-cert: "true" {{- include "chart.labels" . | nindent 4 }} From e8a49e3cfa90c6634c7e2d741cd9632887c3aa54 Mon Sep 17 00:00:00 2001 From: odubajDT Date: Wed, 9 Aug 2023 11:28:05 +0200 Subject: [PATCH 2/9] add missing annotation into analysis CRD Signed-off-by: odubajDT --- helm/chart/templates/analysis-crd.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/chart/templates/analysis-crd.yaml b/helm/chart/templates/analysis-crd.yaml index 46ae7e6a67..6c6558106d 100644 --- a/helm/chart/templates/analysis-crd.yaml +++ b/helm/chart/templates/analysis-crd.yaml @@ -4,6 +4,7 @@ metadata: name: analyses.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: metrics.keptn.sh From ef5ddf6ef3e6a3c5be7687b76537c28cbe7d0150 Mon Sep 17 00:00:00 2001 From: odubajDT Date: Wed, 9 Aug 2023 11:39:08 +0200 Subject: [PATCH 3/9] nit Signed-off-by: odubajDT --- docs/content/en/docs/install/cert-manager.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 0f0c6f9943..207d2bffb0 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -28,6 +28,7 @@ The steps are: * Install the cert-manager of your choice if it is not already installed. * Add the `Certificate` and `Issuer` CRs for the cert-manager you are using. +* Install KLT without `cert-manager` via helm ## Add the CRD for your cert-manager From 37ebcc3813e225a60f7261801d4f82373b24f638 Mon Sep 17 00:00:00 2001 From: odubajDT Date: Wed, 9 Aug 2023 12:50:33 +0200 Subject: [PATCH 4/9] pr review Signed-off-by: odubajDT --- docs/content/en/docs/concepts/architecture/cert-manager.md | 2 +- docs/content/en/docs/install/cert-manager.md | 4 ++-- docs/content/en/docs/install/k8s.md | 2 +- helm/chart/templates/keptnworkloadinstance-crd.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index 95ccbc135c..a6edd53a46 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -39,7 +39,7 @@ It is included to simplify installation for new users and because it is much smaller than most standard certificate managers. However, KLT is compatible with most certificate managers and can be configured to use another certificate manager if you prefer. -See [Use your own cert-manager](../../install/cert-manager.md) +See [Use KLT with cert-manager.io](../../install/cert-manager.md) for instructions. ## Invalid certificate errors diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 207d2bffb0..06508ed73e 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -1,5 +1,5 @@ --- -title: Use your own cert-manager (optional) +title: Use KLT with cert-manager.io (optional) description: Replace the default KLT cert-manager weight: 30 hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html @@ -64,7 +64,7 @@ Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. * The value of the `.spec.secretName` field as well as the `.metadata.name` of the `Certificate` CR - must needs to be `klt-certs`. + must be `klt-certs`. * Substitue the namespace placeholders with your namespace, where KLT is installed. See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) diff --git a/docs/content/en/docs/install/k8s.md b/docs/content/en/docs/install/k8s.md index 1a42f76c1d..12c3a8cd2f 100644 --- a/docs/content/en/docs/install/k8s.md +++ b/docs/content/en/docs/install/k8s.md @@ -97,5 +97,5 @@ a light-weight cert-manager that, by default, is installed as part of the KLT software. If you are using another cert-manager in the cluster, you can configure KLT to instead use your cert-manager. -See [Use your own cert-manager](cert-manager.md) +See [Use KLT with cert-manager.io](cert-manager.md) for detailed instructions. diff --git a/helm/chart/templates/keptnworkloadinstance-crd.yaml b/helm/chart/templates/keptnworkloadinstance-crd.yaml index 850d7e7128..cf44039557 100644 --- a/helm/chart/templates/keptnworkloadinstance-crd.yaml +++ b/helm/chart/templates/keptnworkloadinstance-crd.yaml @@ -4,7 +4,7 @@ metadata: name: keptnworkloadinstances.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/klt-certs + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: lifecycle.keptn.sh From 8e50f5b88c62b975ad0754590752fac84980b4f4 Mon Sep 17 00:00:00 2001 From: odubajDT <93584209+odubajDT@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:59:47 +0200 Subject: [PATCH 5/9] Apply suggestions from code review Co-authored-by: Moritz Wiesinger Signed-off-by: odubajDT <93584209+odubajDT@users.noreply.github.com> --- docs/content/en/docs/install/cert-manager.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 06508ed73e..672d0e0be7 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -28,9 +28,9 @@ The steps are: * Install the cert-manager of your choice if it is not already installed. * Add the `Certificate` and `Issuer` CRs for the cert-manager you are using. -* Install KLT without `cert-manager` via helm +* Install KLT without the built-in `klt-cert-manager` via helm -## Add the CRD for your cert-manager +## Add the CR(s) for your cert-manager These are the CRs for `cert-manager.io` to be applied to your cluster: @@ -65,7 +65,7 @@ Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. * The value of the `.spec.secretName` field as well as the `.metadata.name` of the `Certificate` CR must be `klt-certs`. -* Substitue the namespace placeholders with your namespace, where KLT is installed. +* Substitute the namespace placeholders with your namespace, where KLT is installed. See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) documentation for more details. From d490bed31ecd3e6451e3ddac19ac5daaae2348b4 Mon Sep 17 00:00:00 2001 From: odubajDT <93584209+odubajDT@users.noreply.github.com> Date: Wed, 9 Aug 2023 13:19:15 +0200 Subject: [PATCH 6/9] Apply suggestions from code review Co-authored-by: Giovanni Liva Signed-off-by: odubajDT <93584209+odubajDT@users.noreply.github.com> --- .../concepts/architecture/cert-manager.md | 2 +- docs/content/en/docs/install/cert-manager.md | 22 +++++++++---------- docs/content/en/docs/install/k8s.md | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/content/en/docs/concepts/architecture/cert-manager.md b/docs/content/en/docs/concepts/architecture/cert-manager.md index a6edd53a46..aff3bde5dc 100644 --- a/docs/content/en/docs/concepts/architecture/cert-manager.md +++ b/docs/content/en/docs/concepts/architecture/cert-manager.md @@ -39,7 +39,7 @@ It is included to simplify installation for new users and because it is much smaller than most standard certificate managers. However, KLT is compatible with most certificate managers and can be configured to use another certificate manager if you prefer. -See [Use KLT with cert-manager.io](../../install/cert-manager.md) +See [Use Keptn with cert-manager.io](../../install/cert-manager.md) for instructions. ## Invalid certificate errors diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 672d0e0be7..130f8ef88b 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -1,5 +1,5 @@ --- -title: Use KLT with cert-manager.io (optional) +title: Use Keptn with cert-manager.io (optional) description: Replace the default KLT cert-manager weight: 30 hidechildren: false # this flag hides all sub-pages in the sidebar-multicard.html @@ -27,10 +27,10 @@ The steps are: * Install the cert-manager of your choice if it is not already installed. -* Add the `Certificate` and `Issuer` CRs for the cert-manager you are using. -* Install KLT without the built-in `klt-cert-manager` via helm +* Add the `Certificate` and `Issuer` CRs for `cert-manager.io`. +* (optional) Install Keptn without the built-in `klt-cert-manager` via Helm -## Add the CR(s) for your cert-manager +## Add the CR(s) for cert-manager.io These are the CRs for `cert-manager.io` to be applied to your cluster: @@ -39,13 +39,13 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: klt-certs - namespace: + namespace: spec: dnsNames: - - lifecycle-webhook-service..svc - - lifecycle-webhook-service..svc.cluster.local - - metrics-webhook-service..svc - - metrics-webhook-service..svc.cluster.local + - lifecycle-webhook-service..svc + - lifecycle-webhook-service..svc.cluster.local + - metrics-webhook-service..svc + - metrics-webhook-service..svc.cluster.local issuerRef: kind: Issuer name: klt-selfsigned-issuer @@ -55,7 +55,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: klt-selfsigned-issuer - namespace: + namespace: spec: selfSigned: {} ``` @@ -65,7 +65,7 @@ Note the following about these fields: * The `apiVersion` field refers to the API for the cert-manager. * The value of the `.spec.secretName` field as well as the `.metadata.name` of the `Certificate` CR must be `klt-certs`. -* Substitute the namespace placeholders with your namespace, where KLT is installed. +* Substitute the namespace placeholders with your namespace, where Keptn is installed. See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) documentation for more details. diff --git a/docs/content/en/docs/install/k8s.md b/docs/content/en/docs/install/k8s.md index 12c3a8cd2f..6d002c80e2 100644 --- a/docs/content/en/docs/install/k8s.md +++ b/docs/content/en/docs/install/k8s.md @@ -97,5 +97,5 @@ a light-weight cert-manager that, by default, is installed as part of the KLT software. If you are using another cert-manager in the cluster, you can configure KLT to instead use your cert-manager. -See [Use KLT with cert-manager.io](cert-manager.md) +See [Use Keptn with cert-manager.io](cert-manager.md) for detailed instructions. From 9afc6b50c93f746ede406f6724b8d7d115a1f311 Mon Sep 17 00:00:00 2001 From: odubajDT Date: Wed, 9 Aug 2023 14:19:42 +0200 Subject: [PATCH 7/9] add annotation to analysisvaluetemplate Signed-off-by: odubajDT --- helm/chart/templates/analysisvaluetemplate-crd.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/chart/templates/analysisvaluetemplate-crd.yaml b/helm/chart/templates/analysisvaluetemplate-crd.yaml index e8533962c5..df1f473e5b 100644 --- a/helm/chart/templates/analysisvaluetemplate-crd.yaml +++ b/helm/chart/templates/analysisvaluetemplate-crd.yaml @@ -5,6 +5,7 @@ metadata: name: analysisvaluetemplates.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.12.1 + cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/klt-certs' labels: app.kubernetes.io/part-of: keptn-lifecycle-toolkit crdGroup: metrics.keptn.sh From 6c8d7abd6eb88d0ac0a1d562715407d8fc7d183b Mon Sep 17 00:00:00 2001 From: odubajDT Date: Thu, 10 Aug 2023 11:38:37 +0200 Subject: [PATCH 8/9] pr review Signed-off-by: odubajDT --- docs/content/en/docs/install/cert-manager.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 130f8ef88b..03e1147a27 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -14,19 +14,18 @@ without the overhead of other cert-managers. For a description of the architecture, see [Keptn Certificate Manager](../concepts/architecture/cert-manager.md). -KLT, however, works well with standard cert-managers. -The KLT cert-manager can also coexist with another cert-manager. -If you are already using a different cert-manager, -you can continue to use that cert-manager for other components +KLT also works well with the `cert-manager.io`. +If you are already `cert-manager.io`, +you can continue to use it for other components and use the KLT cert-manager just for KLT activities -or you can configure KLT to use that cert-manager. +or you can disable the KLT cert-manager +and configure KLT to use `cert-manager.io`. -If you want KLT to use your cert-manager, +If you want KLT to use `cert-manager.io`, you must configure it *before* you install KLT. The steps are: -* Install the cert-manager of your choice - if it is not already installed. +* Install the `cert-manager.io` if it is not already installed. * Add the `Certificate` and `Issuer` CRs for `cert-manager.io`. * (optional) Install Keptn without the built-in `klt-cert-manager` via Helm From 9a1fa895ff74dea14495103637f7653837c61ad6 Mon Sep 17 00:00:00 2001 From: odubajDT <93584209+odubajDT@users.noreply.github.com> Date: Thu, 10 Aug 2023 11:50:13 +0200 Subject: [PATCH 9/9] Apply suggestions from code review Co-authored-by: Moritz Wiesinger Signed-off-by: odubajDT <93584209+odubajDT@users.noreply.github.com> --- docs/content/en/docs/install/cert-manager.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/en/docs/install/cert-manager.md b/docs/content/en/docs/install/cert-manager.md index 03e1147a27..c58c833692 100644 --- a/docs/content/en/docs/install/cert-manager.md +++ b/docs/content/en/docs/install/cert-manager.md @@ -14,8 +14,8 @@ without the overhead of other cert-managers. For a description of the architecture, see [Keptn Certificate Manager](../concepts/architecture/cert-manager.md). -KLT also works well with the `cert-manager.io`. -If you are already `cert-manager.io`, +KLT also works well with `cert-manager.io`. +If you are already using `cert-manager.io`, you can continue to use it for other components and use the KLT cert-manager just for KLT activities or you can disable the KLT cert-manager @@ -25,7 +25,7 @@ If you want KLT to use `cert-manager.io`, you must configure it *before* you install KLT. The steps are: -* Install the `cert-manager.io` if it is not already installed. +* Install `cert-manager.io` if it is not already installed. * Add the `Certificate` and `Issuer` CRs for `cert-manager.io`. * (optional) Install Keptn without the built-in `klt-cert-manager` via Helm