add openshift-service-serving-cert-signer-operator

openshift · Sep 25, 2018 · 3036794 · 3036794
1 parent dc56d78
commit 3036794
Show file tree

Hide file tree

Showing 4 changed files with 109 additions and 0 deletions.
diff --git a/config.tf b/config.tf
@@ -65,6 +65,7 @@ variable "tectonic_container_images" {
     hyperkube                            = "openshift/origin-node:latest"
     kube_core_renderer                   = "quay.io/coreos/kube-core-renderer-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
     kube_core_operator                   = "quay.io/coreos/kube-core-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
+    openshift_service_ca_operator        = "openshift/origin-service-serving-cert-signer:latest"
     tectonic_channel_operator            = "quay.io/coreos/tectonic-channel-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
     kube_addon_operator                  = "quay.io/coreos/kube-addon-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
     tectonic_alm_operator                = "quay.io/coreos/tectonic-alm-operator:v0.3.1"

diff --git a/modules/tectonic/manifests.tf b/modules/tectonic/manifests.tf
@@ -29,6 +29,7 @@ variable "manifest_names" {
     "updater/operators/tectonic-channel-operator.yaml",
     "updater/operators/tectonic-ingress-controller-operator.yaml",
     "updater/operators/tectonic-utility-operator.yaml",
+    "updater/operators/openshift-service-serving-cert-signer.yaml",
     "updater/tectonic-channel-operator-config.yaml",
     "updater/tectonic-channel-operator-kind.yaml",
   ]
@@ -47,6 +48,7 @@ data "template_file" "manifest_file_list" {
     tectonic_alm_operator_image                = "${var.container_images["tectonic_alm_operator"]}"
     tectonic_ingress_controller_operator_image = "${var.container_images["tectonic_ingress_controller_operator"]}"
     tectonic_utility_operator_image            = "${var.container_images["tectonic_utility_operator"]}"
+    openshift_service_ca_operator_image        = "${var.container_images["openshift_service_ca_operator"]}"
 
     config_reload_base_image      = "${var.container_base_images["config_reload"]}"
     addon_resizer_base_image      = "${var.container_base_images["addon_resizer"]}"

diff --git a/...tectonic/resources/manifests/updater/operators/openshift-service-serving-cert-signer.yaml b/...tectonic/resources/manifests/updater/operators/openshift-service-serving-cert-signer.yaml
@@ -0,0 +1,105 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    openshift.io/run-level: "1"
+  name: openshift-core-operators
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: servicecertsigneroperatorconfigs.servicecertsigner.config.openshift.io
+spec:
+  scope: Cluster
+  group: servicecertsigner.config.openshift.io
+  version: v1alpha1
+  names:
+    kind: ServiceCertSignerOperatorConfig
+    plural: servicecertsigneroperatorconfigs
+    singular: servicecertsigneroperatorconfig
+  subresources:
+    status: {}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator-config
+data:
+  operator-config.yaml: |
+    apiVersion: operator.openshift.io/v1alpha1
+    kind: GenericOperatorConfig
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:openshift:operator:service-cert-signer
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator
+  labels:
+    app: openshift-service-cert-signer-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: openshift-service-cert-signer-operator
+  template:
+    metadata:
+      name: openshift-service-cert-signer-operator
+      labels:
+        app: openshift-service-cert-signer-operator
+    spec:
+      serviceAccountName: openshift-service-cert-signer-operator
+      containers:
+      - name: operator
+        image: ${openshift_service_ca_operator_image}
+        imagePullPolicy: IfNotPresent
+        command: ["service-serving-cert-signer", "operator"]
+        args:
+        - "--config=/var/run/configmaps/config/operator-config.yaml"
+        - "-v=4"
+        volumeMounts:
+        - mountPath: /var/run/configmaps/config
+          name: config
+      volumes:
+      - name: serving-cert
+        secret:
+          defaultMode: 400
+          secretName: openshift-service-cert-signer-operator-serving-cert
+          optional: true
+      - name: config
+        configMap:
+          defaultMode: 440
+          name: openshift-service-cert-signer-operator-config
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator
+  labels:
+    app: openshift-service-cert-signer-operator
+---
+apiVersion: servicecertsigner.config.openshift.io/v1alpha1
+kind: ServiceCertSignerOperatorConfig
+metadata:
+  name: instance
+spec:
+  managementState: Managed
+  imagePullSpec: openshift/origin-service-serving-cert-signer:latest
+  version: 3.10.0
+  logging:
+    level: 4
+  replicas: 1
diff --git a/modules/tectonic/resources/tectonic.sh b/modules/tectonic/resources/tectonic.sh
@@ -92,6 +92,7 @@ kubectl create --filename updater/operators/kube-addon-operator.yaml
 kubectl create --filename updater/operators/tectonic-alm-operator.yaml
 kubectl create --filename updater/operators/tectonic-utility-operator.yaml
 kubectl create --filename updater/operators/tectonic-ingress-controller-operator.yaml
+kubectl create --filename updater/operators/openshift-service-serving-cert-signer.yaml
 
 kubectl --namespace=tectonic-system get customresourcedefinition appversions.tco.coreos.com
 kubectl create --filename updater/app_versions/app-version-tectonic-cluster.yaml