diff --git a/cert-manager-operator b/cert-manager-operator new file mode 120000 index 00000000..aaeb7fbc --- /dev/null +++ b/cert-manager-operator @@ -0,0 +1 @@ +openshift-cert-manager-operator \ No newline at end of file diff --git a/cert-manager-operator/README.md b/cert-manager-operator/README.md deleted file mode 100644 index 046c6aa6..00000000 --- a/cert-manager-operator/README.md +++ /dev/null @@ -1,15 +0,0 @@ -### Introduction - -This deploys the cert-manager operator. If you are not familiar with cert-manager, it provisions and manages TLS certificates for you automatically using one or more configured Issuers. It's great for providing a self-service capability around TLS certificates out of the OpenShift platform. - -Documentation on OpenShift cert-manager is available [here](https://docs.openshift.com/container-platform/4.10/security/cert_manager_operator/index.html). - -Community documentation for cert-manager is located [here](https://cert-manager.io/docs/). - -### Examples - -The examples folder contains some examples of how to use cert-manager including how to use it to provision OpenShift API and Wildcard certificates. There is a README associated with each example when you navigate to each folder. - -### TODO - -At some point I would like to make the examples directly deployable via a Helm chart. The examples are a case which would benefit from Helm templating versus patching in kustomize since many of the values can be derived from two parameters: cluster name and domain. \ No newline at end of file diff --git a/cert-manager-operator/operator/base/namespace.yaml b/cert-manager-operator/operator/base/namespace.yaml deleted file mode 100644 index 3e3e40e0..00000000 --- a/cert-manager-operator/operator/base/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - annotations: - openshift.io/display-name: Red Hat Certificate Manager Operator - labels: - openshift.io/cluster-monitoring: "true" - name: cert-manager-operator diff --git a/openshift-cert-manager-operator/INFO.md b/openshift-cert-manager-operator/INFO.md new file mode 100644 index 00000000..9f75a042 --- /dev/null +++ b/openshift-cert-manager-operator/INFO.md @@ -0,0 +1,4 @@ +# openshift-cert-manager-operator + +The cert-manager Operator for Red Hat OpenShift provides seamless support for cert-manager, which automates certificate management. +For more information, see the [cert-manager Operator for Red Hat OpenShift documentation](https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html). diff --git a/openshift-cert-manager-operator/README.md b/openshift-cert-manager-operator/README.md new file mode 100644 index 00000000..ad5d3027 --- /dev/null +++ b/openshift-cert-manager-operator/README.md @@ -0,0 +1,35 @@ +# cert-manager Operator for Red Hat OpenShift + +Install cert-manager Operator for Red Hat OpenShift. + +Do not use the `base` directory directly, as you will need to patch the `channel` based on the version of OpenShift you are using, or the version of the operator you want to use. + +The current *overlays* available are for the following channels: + +* [stable-v1](operator/overlays/stable-v1) +* [stable-v1.10](operator/overlays/stable-v1.10) +* [stable-v1.11](operator/overlays/stable-v1.11) +* [tech-preview](operator/overlays/tech-preview) + +## Usage + +If you have cloned the `gitops-catalog` repository, you can install cert-manager Operator for Red Hat OpenShift based on the overlay of your choice by running from the root (`gitops-catalog`) directory. + +``` +oc apply -k openshift-cert-manager-operator/operator/overlays/ +``` + +Or, without cloning: + +``` +oc apply -k https://github.com/redhat-cop/gitops-catalog/openshift-cert-manager-operator/operator/overlays/ +``` + +As part of a different overlay in your own GitOps repo: + +``` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://github.com/redhat-cop/gitops-catalog/openshift-cert-manager-operator/operator/overlays/?ref=main +``` diff --git a/cert-manager-operator/examples/acs-central-certificate/README.md b/openshift-cert-manager-operator/examples/acs-central-certificate/README.md similarity index 100% rename from cert-manager-operator/examples/acs-central-certificate/README.md rename to openshift-cert-manager-operator/examples/acs-central-certificate/README.md diff --git a/cert-manager-operator/examples/acs-central-certificate/acs-central-certificate.yaml b/openshift-cert-manager-operator/examples/acs-central-certificate/acs-central-certificate.yaml similarity index 100% rename from cert-manager-operator/examples/acs-central-certificate/acs-central-certificate.yaml rename to openshift-cert-manager-operator/examples/acs-central-certificate/acs-central-certificate.yaml diff --git a/cert-manager-operator/examples/acs-central-certificate/kustomization.yaml b/openshift-cert-manager-operator/examples/acs-central-certificate/kustomization.yaml similarity index 96% rename from cert-manager-operator/examples/acs-central-certificate/kustomization.yaml rename to openshift-cert-manager-operator/examples/acs-central-certificate/kustomization.yaml index 46a8e37c..265d6461 100644 --- a/cert-manager-operator/examples/acs-central-certificate/kustomization.yaml +++ b/openshift-cert-manager-operator/examples/acs-central-certificate/kustomization.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/cert-manager-operator/examples/letsencrypt-route53-issuer/README.md b/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/README.md similarity index 100% rename from cert-manager-operator/examples/letsencrypt-route53-issuer/README.md rename to openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/README.md diff --git a/cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml b/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml similarity index 98% rename from cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml rename to openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml index 34d60249..d5a0f4a8 100644 --- a/cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml +++ b/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml @@ -1,4 +1,3 @@ ---- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-prod-cluster-issuer.yaml b/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-prod-cluster-issuer.yaml similarity index 100% rename from cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-prod-cluster-issuer.yaml rename to openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-prod-cluster-issuer.yaml diff --git a/cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-staging-cluster-issuer.yaml b/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-staging-cluster-issuer.yaml similarity index 100% rename from cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-staging-cluster-issuer.yaml rename to openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-staging-cluster-issuer.yaml diff --git a/cert-manager-operator/examples/openshift-api-certificate/README.md b/openshift-cert-manager-operator/examples/openshift-api-certificate/README.md similarity index 100% rename from cert-manager-operator/examples/openshift-api-certificate/README.md rename to openshift-cert-manager-operator/examples/openshift-api-certificate/README.md diff --git a/cert-manager-operator/examples/openshift-api-certificate/kustomization.yaml b/openshift-cert-manager-operator/examples/openshift-api-certificate/kustomization.yaml similarity index 97% rename from cert-manager-operator/examples/openshift-api-certificate/kustomization.yaml rename to openshift-cert-manager-operator/examples/openshift-api-certificate/kustomization.yaml index 9b1f6663..0ad06190 100644 --- a/cert-manager-operator/examples/openshift-api-certificate/kustomization.yaml +++ b/openshift-cert-manager-operator/examples/openshift-api-certificate/kustomization.yaml @@ -1,4 +1,3 @@ ---- kind: Kustomization apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/cert-manager-operator/examples/openshift-api-certificate/openshift-api-certificate.yaml b/openshift-cert-manager-operator/examples/openshift-api-certificate/openshift-api-certificate.yaml similarity index 100% rename from cert-manager-operator/examples/openshift-api-certificate/openshift-api-certificate.yaml rename to openshift-cert-manager-operator/examples/openshift-api-certificate/openshift-api-certificate.yaml diff --git a/cert-manager-operator/examples/openshift-api-certificate/patch-cluster-api-cert-job.yaml b/openshift-cert-manager-operator/examples/openshift-api-certificate/patch-cluster-api-cert-job.yaml similarity index 89% rename from cert-manager-operator/examples/openshift-api-certificate/patch-cluster-api-cert-job.yaml rename to openshift-cert-manager-operator/examples/openshift-api-certificate/patch-cluster-api-cert-job.yaml index 9d38a7a4..e3dd7707 100644 --- a/cert-manager-operator/examples/openshift-api-certificate/patch-cluster-api-cert-job.yaml +++ b/openshift-cert-manager-operator/examples/openshift-api-certificate/patch-cluster-api-cert-job.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -57,6 +58,8 @@ spec: - -c - | #!/usr/bin/env bash + # lets try to dynamically get this value ?? + # API_HOST_NAME=$(oc get secret openshift-api-certificate -n openshift-config -o jsonpath='{.metadata.annotations.cert-manager\.io/common-name}') if oc get secret openshift-api-certificate -n openshift-config; then oc patch apiserver cluster --type=merge -p '{"spec":{"servingCerts": {"namedCertificates": [{"names": ["'$API_HOST_NAME'"], "servingCertificate": {"name": "openshift-api-certificate"}}]}}}' else diff --git a/cert-manager-operator/examples/openshift-wildcard-certificate/README.md b/openshift-cert-manager-operator/examples/openshift-wildcard-certificate/README.md similarity index 100% rename from cert-manager-operator/examples/openshift-wildcard-certificate/README.md rename to openshift-cert-manager-operator/examples/openshift-wildcard-certificate/README.md diff --git a/cert-manager-operator/examples/openshift-wildcard-certificate/kustomization.yaml b/openshift-cert-manager-operator/examples/openshift-wildcard-certificate/kustomization.yaml similarity index 97% rename from cert-manager-operator/examples/openshift-wildcard-certificate/kustomization.yaml rename to openshift-cert-manager-operator/examples/openshift-wildcard-certificate/kustomization.yaml index 45ef3b5b..2dd00477 100644 --- a/cert-manager-operator/examples/openshift-wildcard-certificate/kustomization.yaml +++ b/openshift-cert-manager-operator/examples/openshift-wildcard-certificate/kustomization.yaml @@ -1,4 +1,3 @@ ---- kind: Kustomization apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/cert-manager-operator/examples/openshift-wildcard-certificate/openshift-wildcard-certificate.yaml b/openshift-cert-manager-operator/examples/openshift-wildcard-certificate/openshift-wildcard-certificate.yaml similarity index 100% rename from cert-manager-operator/examples/openshift-wildcard-certificate/openshift-wildcard-certificate.yaml rename to openshift-cert-manager-operator/examples/openshift-wildcard-certificate/openshift-wildcard-certificate.yaml diff --git a/cert-manager-operator/examples/openshift-wildcard-certificate/patch-cluster-wildcard-cert-job.yaml b/openshift-cert-manager-operator/examples/openshift-wildcard-certificate/patch-cluster-wildcard-cert-job.yaml similarity index 100% rename from cert-manager-operator/examples/openshift-wildcard-certificate/patch-cluster-wildcard-cert-job.yaml rename to openshift-cert-manager-operator/examples/openshift-wildcard-certificate/patch-cluster-wildcard-cert-job.yaml diff --git a/cert-manager-operator/operator/base/kustomization.yaml b/openshift-cert-manager-operator/operator/base/kustomization.yaml similarity index 78% rename from cert-manager-operator/operator/base/kustomization.yaml rename to openshift-cert-manager-operator/operator/base/kustomization.yaml index 2674772d..1e66bd5f 100644 --- a/cert-manager-operator/operator/base/kustomization.yaml +++ b/openshift-cert-manager-operator/operator/base/kustomization.yaml @@ -1,9 +1,6 @@ ---- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: cert-manager-operator - resources: - namespace.yaml - operator-group.yaml diff --git a/openshift-cert-manager-operator/operator/base/namespace.yaml b/openshift-cert-manager-operator/operator/base/namespace.yaml new file mode 100644 index 00000000..02797a55 --- /dev/null +++ b/openshift-cert-manager-operator/operator/base/namespace.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + openshift.io/display-name: "cert-manager Operator for Red Hat OpenShift" + labels: + openshift.io/cluster-monitoring: 'true' + name: cert-manager-operator diff --git a/cert-manager-operator/operator/base/operator-group.yaml b/openshift-cert-manager-operator/operator/base/operator-group.yaml similarity index 73% rename from cert-manager-operator/operator/base/operator-group.yaml rename to openshift-cert-manager-operator/operator/base/operator-group.yaml index 4eefb86a..f27d8758 100644 --- a/cert-manager-operator/operator/base/operator-group.yaml +++ b/openshift-cert-manager-operator/operator/base/operator-group.yaml @@ -1,9 +1,8 @@ apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: - name: cert-manager-operator + name: openshift-cert-manager-operator namespace: cert-manager-operator spec: targetNamespaces: - cert-manager-operator - upgradeStrategy: Default diff --git a/cert-manager-operator/operator/base/subscription.yaml b/openshift-cert-manager-operator/operator/base/subscription.yaml similarity index 71% rename from cert-manager-operator/operator/base/subscription.yaml rename to openshift-cert-manager-operator/operator/base/subscription.yaml index 84545b00..eb165eab 100644 --- a/cert-manager-operator/operator/base/subscription.yaml +++ b/openshift-cert-manager-operator/operator/base/subscription.yaml @@ -1,12 +1,10 @@ apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: - labels: - operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator: "" name: openshift-cert-manager-operator namespace: cert-manager-operator spec: - channel: stable-v1 + channel: patch-me-see-overlays-dir installPlanApproval: Automatic name: openshift-cert-manager-operator source: redhat-operators diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.10/kustomization.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.10/kustomization.yaml new file mode 100644 index 00000000..1cc67843 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.10/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: openshift-cert-manager-operator + path: patch-channel.yaml diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.10/patch-channel.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.10/patch-channel.yaml new file mode 100644 index 00000000..b19e278d --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.10/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: stable-v1.10 diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.11/kustomization.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.11/kustomization.yaml new file mode 100644 index 00000000..1cc67843 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.11/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: openshift-cert-manager-operator + path: patch-channel.yaml diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.11/patch-channel.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.11/patch-channel.yaml new file mode 100644 index 00000000..6f5b1a14 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.11/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: stable-v1.11 diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1/kustomization.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1/kustomization.yaml new file mode 100644 index 00000000..1cc67843 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: openshift-cert-manager-operator + path: patch-channel.yaml diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1/patch-channel.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1/patch-channel.yaml new file mode 100644 index 00000000..b4206a11 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: stable-v1 diff --git a/openshift-cert-manager-operator/operator/overlays/tech-preview/kustomization.yaml b/openshift-cert-manager-operator/operator/overlays/tech-preview/kustomization.yaml new file mode 100644 index 00000000..1cc67843 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/tech-preview/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: openshift-cert-manager-operator + path: patch-channel.yaml diff --git a/openshift-cert-manager-operator/operator/overlays/tech-preview/patch-channel.yaml b/openshift-cert-manager-operator/operator/overlays/tech-preview/patch-channel.yaml new file mode 100644 index 00000000..876e3230 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/tech-preview/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: tech-preview