From 3036794c415295d89c048bd73a124eaaac483cea Mon Sep 17 00:00:00 2001
From: juanvallejo <jvallejo@redhat.com>
Date: Fri, 21 Sep 2018 14:33:23 -0400
Subject: [PATCH] add openshift-service-serving-cert-signer-operator

---
 config.tf                                     |   1 +
 modules/tectonic/manifests.tf                 |   2 +
 ...openshift-service-serving-cert-signer.yaml | 105 ++++++++++++++++++
 modules/tectonic/resources/tectonic.sh        |   1 +
 4 files changed, 109 insertions(+)
 create mode 100644 modules/tectonic/resources/manifests/updater/operators/openshift-service-serving-cert-signer.yaml

diff --git a/config.tf b/config.tf
index a70992438f3..d46f946eb74 100644
--- a/config.tf
+++ b/config.tf
@@ -65,6 +65,7 @@ variable "tectonic_container_images" {
     hyperkube                            = "openshift/origin-node:latest"
     kube_core_renderer                   = "quay.io/coreos/kube-core-renderer-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
     kube_core_operator                   = "quay.io/coreos/kube-core-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
+    openshift_service_ca_operator        = "openshift/origin-service-serving-cert-signer:latest"
     tectonic_channel_operator            = "quay.io/coreos/tectonic-channel-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
     kube_addon_operator                  = "quay.io/coreos/kube-addon-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85"
     tectonic_alm_operator                = "quay.io/coreos/tectonic-alm-operator:v0.3.1"
diff --git a/modules/tectonic/manifests.tf b/modules/tectonic/manifests.tf
index 6a9a27f0394..9434602c33a 100644
--- a/modules/tectonic/manifests.tf
+++ b/modules/tectonic/manifests.tf
@@ -29,6 +29,7 @@ variable "manifest_names" {
     "updater/operators/tectonic-channel-operator.yaml",
     "updater/operators/tectonic-ingress-controller-operator.yaml",
     "updater/operators/tectonic-utility-operator.yaml",
+    "updater/operators/openshift-service-serving-cert-signer.yaml",
     "updater/tectonic-channel-operator-config.yaml",
     "updater/tectonic-channel-operator-kind.yaml",
   ]
@@ -47,6 +48,7 @@ data "template_file" "manifest_file_list" {
     tectonic_alm_operator_image                = "${var.container_images["tectonic_alm_operator"]}"
     tectonic_ingress_controller_operator_image = "${var.container_images["tectonic_ingress_controller_operator"]}"
     tectonic_utility_operator_image            = "${var.container_images["tectonic_utility_operator"]}"
+    openshift_service_ca_operator_image        = "${var.container_images["openshift_service_ca_operator"]}"
 
     config_reload_base_image      = "${var.container_base_images["config_reload"]}"
     addon_resizer_base_image      = "${var.container_base_images["addon_resizer"]}"
diff --git a/modules/tectonic/resources/manifests/updater/operators/openshift-service-serving-cert-signer.yaml b/modules/tectonic/resources/manifests/updater/operators/openshift-service-serving-cert-signer.yaml
new file mode 100644
index 00000000000..2d86f9e9f79
--- /dev/null
+++ b/modules/tectonic/resources/manifests/updater/operators/openshift-service-serving-cert-signer.yaml
@@ -0,0 +1,105 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    openshift.io/run-level: "1"
+  name: openshift-core-operators
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: servicecertsigneroperatorconfigs.servicecertsigner.config.openshift.io
+spec:
+  scope: Cluster
+  group: servicecertsigner.config.openshift.io
+  version: v1alpha1
+  names:
+    kind: ServiceCertSignerOperatorConfig
+    plural: servicecertsigneroperatorconfigs
+    singular: servicecertsigneroperatorconfig
+  subresources:
+    status: {}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator-config
+data:
+  operator-config.yaml: |
+    apiVersion: operator.openshift.io/v1alpha1
+    kind: GenericOperatorConfig
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:openshift:operator:service-cert-signer
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator
+  labels:
+    app: openshift-service-cert-signer-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: openshift-service-cert-signer-operator
+  template:
+    metadata:
+      name: openshift-service-cert-signer-operator
+      labels:
+        app: openshift-service-cert-signer-operator
+    spec:
+      serviceAccountName: openshift-service-cert-signer-operator
+      containers:
+      - name: operator
+        image: ${openshift_service_ca_operator_image}
+        imagePullPolicy: IfNotPresent
+        command: ["service-serving-cert-signer", "operator"]
+        args:
+        - "--config=/var/run/configmaps/config/operator-config.yaml"
+        - "-v=4"
+        volumeMounts:
+        - mountPath: /var/run/configmaps/config
+          name: config
+      volumes:
+      - name: serving-cert
+        secret:
+          defaultMode: 400
+          secretName: openshift-service-cert-signer-operator-serving-cert
+          optional: true
+      - name: config
+        configMap:
+          defaultMode: 440
+          name: openshift-service-cert-signer-operator-config
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: openshift-core-operators
+  name: openshift-service-cert-signer-operator
+  labels:
+    app: openshift-service-cert-signer-operator
+---
+apiVersion: servicecertsigner.config.openshift.io/v1alpha1
+kind: ServiceCertSignerOperatorConfig
+metadata:
+  name: instance
+spec:
+  managementState: Managed
+  imagePullSpec: openshift/origin-service-serving-cert-signer:latest
+  version: 3.10.0
+  logging:
+    level: 4
+  replicas: 1
diff --git a/modules/tectonic/resources/tectonic.sh b/modules/tectonic/resources/tectonic.sh
index db6dc3ec7f1..038695df346 100755
--- a/modules/tectonic/resources/tectonic.sh
+++ b/modules/tectonic/resources/tectonic.sh
@@ -92,6 +92,7 @@ kubectl create --filename updater/operators/kube-addon-operator.yaml
 kubectl create --filename updater/operators/tectonic-alm-operator.yaml
 kubectl create --filename updater/operators/tectonic-utility-operator.yaml
 kubectl create --filename updater/operators/tectonic-ingress-controller-operator.yaml
+kubectl create --filename updater/operators/openshift-service-serving-cert-signer.yaml
 
 kubectl --namespace=tectonic-system get customresourcedefinition appversions.tco.coreos.com
 kubectl create --filename updater/app_versions/app-version-tectonic-cluster.yaml