Update kustomizations to add webhook deployment

Modify webhook deployments manifests to make it work with csv generation. Update generate CSVs Signed-off-by: Nikhil Thomas <[email protected]>
tektoncd · Jul 2, 2021 · a622fc2 · a622fc2
1 parent fcc07bd
commit a622fc2
Show file tree

Hide file tree

Showing 12 changed files with 209 additions and 36 deletions.
diff --git a/config/base/webhook.yaml b/config/base/webhook.yaml
@@ -19,32 +19,4 @@ metadata:
   labels:
     version: "devel"
     operator.tekton.dev/release: "devel"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: tekton-operator-webhook
-  template:
-    metadata:
-      labels:
-        name: tekton-operator-webhook
-        app: tekton-operator
-    spec:
-      serviceAccountName: tekton-operator
-      containers:
-      - name: webhook
-        image: "ko://github.com/tektoncd/operator/cmd/kubernetes/webhook"
-        env:
-        - name: SYSTEM_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: CONFIG_LOGGING_NAME
-          value: config-logging
-        - name: WEBHOOK_SERVICE_NAME
-          value: tekton-operator-webhook
-        - name: WEBHOOK_SECRET_NAME
-          value: tekton-operator-webhook-certs
-        ports:
-        - name: https-webhook
-          containerPort: 8443
+spec: {}
diff --git a/config/kubernetes/kustomization.yaml b/config/kubernetes/kustomization.yaml
@@ -18,6 +18,10 @@ patches:
   target:
     kind: Deployment
     name: tekton-operator
+- path: webhook.yaml
+  target:
+    kind: Deployment
+    name: tekton-operator-webhook
 
 configMapGenerator:
 - name: tekton-config-defaults

diff --git a/config/kubernetes/webhook.yaml b/config/kubernetes/webhook.yaml
@@ -0,0 +1,50 @@
+# Copyright 2021 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tekton-operator-webhook
+  labels:
+    version: "devel"
+    operator.tekton.dev/release: "devel"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: tekton-operator-webhook
+  template:
+    metadata:
+      labels:
+        name: tekton-operator-webhook
+        app: tekton-operator
+    spec:
+      serviceAccountName: tekton-operator
+      containers:
+      - name: tekton-operator-webhook
+        image: ko://github.com/tektoncd/operator/cmd/kubernetes/webhook
+        env:
+        - name: SYSTEM_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CONFIG_LOGGING_NAME
+          value: config-logging
+        - name: WEBHOOK_SERVICE_NAME
+          value: tekton-operator-webhook
+        - name: WEBHOOK_SECRET_NAME
+          value: tekton-operator-webhook-certs
+        ports:
+        - name: https-webhook
+          containerPort: 8443
diff --git a/config/openshift/kustomization.yaml b/config/openshift/kustomization.yaml
@@ -25,6 +25,10 @@ patches:
   target:
     kind: Deployment
     name: tekton-operator
+- path: webhook.yaml
+  target:
+    kind: Deployment
+    name: tekton-operator-webhook
 - path: role.yaml
   target:
     kind: ClusterRole
@@ -38,8 +42,6 @@ patches:
     kind: Deployment
     name: tekton-operator-webhook
 
-patchesStrategicMerge:
-  - 500-webhooks.yaml
 resources:
 - ../base/
 - ../base/300-operator_v1alpha1_addon_crd.yaml

diff --git a/config/openshift/operator.yaml b/config/openshift/operator.yaml
@@ -44,7 +44,7 @@ spec:
         - name: OPERATOR_NAME
           value: redhat-openshift-pipelines-operator
         - name: IMAGE_PIPELINES_PROXY
-            value: ko://github.com/tektoncd/operator/cmd/openshift/proxy-webhook
+          value: ko://github.com/tektoncd/operator/cmd/openshift/proxy-webhook
         - name: IMAGE_JOB_PRUNER_TKN
           value: gcr.io/tekton-releases/dogfooding/tkn@sha256:f69a02ef099d8915e9e4ea1b74e43b7a9309fc97cf23cb457ebf191e73491677
 #          - name: IMAGE_ADDONS_PARAM_TKN_IMAGE

diff --git a/config/openshift/webhook.yaml b/config/openshift/webhook.yaml
@@ -16,9 +16,35 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: tekton-operator-webhook
+  labels:
+    version: "devel"
+    operator.tekton.dev/release: "devel"
 spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: tekton-operator-webhook
   template:
+    metadata:
+      labels:
+        name: tekton-operator-webhook
+        app: tekton-operator
     spec:
+      serviceAccountName: tekton-operator
       containers:
-        - name: webhook
-          image: ko://github.com/tektoncd/operator/cmd/openshift/webhook
+      - name: tekton-operator-webhook
+        image: ko://github.com/tektoncd/operator/cmd/openshift/webhook
+        env:
+        - name: SYSTEM_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CONFIG_LOGGING_NAME
+          value: config-logging
+        - name: WEBHOOK_SERVICE_NAME
+          value: tekton-operator-webhook
+        - name: WEBHOOK_SECRET_NAME
+          value: tekton-operator-webhook-certs
+        ports:
+        - name: https-webhook
+          containerPort: 8443
diff --git a/operatorhub/kubernetes/config.yaml b/operatorhub/kubernetes/config.yaml
@@ -20,6 +20,11 @@ image-substitutions:
       containerName: tekton-operator
       envKeys:
       - IMAGE_JOB_PRUNER_TKN
+- image: ko://github.com/tektoncd/operator/cmd/kubernetes/webhook
+  replaceLocations:
+    containerTargets:
+    - deploymentName: tekton-operator-webhook
+      containerName: tekton-operator-webhook
 
 # add thrid party images which are not replaced by operator
 # but pulled directly by tasks here

diff --git a/operatorhub/openshift/config.yaml b/operatorhub/openshift/config.yaml
@@ -141,7 +141,11 @@ image-substitutions:
       envKeys:
       - IMAGE_JOB_PRUNER_TKN
       - IMAGE_ADDONS_PARAM_TKN_IMAGE
-
+- image: ko://github.com/tektoncd/operator/cmd/openshift/webhook
+  replaceLocations:
+    containerTargets:
+    - deploymentName: tekton-operator-webhook
+      containerName: tekton-operator-webhook
 
         # add thrid party images which are not replaced by operator
 # but pulled directly by tasks here

diff --git a/...ase-artifacts/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml b/...ase-artifacts/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml
@@ -665,6 +665,57 @@ spec:
                 name: openshift-pipelines-operator
                 resources: {}
               serviceAccountName: openshift-pipelines-operator
+      - name: tekton-operator-webhook
+        spec:
+          replicas: 1
+          selector:
+            matchLabels:
+              name: tekton-operator-webhook
+          strategy: {}
+          template:
+            metadata:
+              labels:
+                app: tekton-operator
+                name: tekton-operator-webhook
+            spec:
+              containers:
+              - env:
+                - name: SYSTEM_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
+                - name: CONFIG_LOGGING_NAME
+                  value: config-logging
+                - name: WEBHOOK_SERVICE_NAME
+                  value: tekton-operator-webhook
+                - name: WEBHOOK_SECRET_NAME
+                  value: tekton-operator-webhook-certs
+                image: ko://github.com/tektoncd/operator/cmd/openshift/webhook123
+                name: tekton-operator-webhook
+                ports:
+                - containerPort: 8443
+                  name: https-webhook
+                resources: {}
+              - env:
+                - name: SYSTEM_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
+                - name: OPERATOR_NAME
+                  value: redhat-openshift-pipelines-operator
+                - name: IMAGE_PIPELINES_PROXY
+                  value: ko://github.com/tektoncd/operator/cmd/openshift/proxy-webhook
+                - name: IMAGE_JOB_PRUNER_TKN
+                  value: gcr.io/tekton-releases/dogfooding/tkn@sha256:f69a02ef099d8915e9e4ea1b74e43b7a9309fc97cf23cb457ebf191e73491677
+                image: ko://github.com/tektoncd/operator/cmd/openshift/operator
+                imagePullPolicy: Always
+                name: openshift-pipelines-operator
+                resources: {}
+              serviceAccountName: tekton-operator
     strategy: deployment
   installModes:
   - supported: false
@@ -736,5 +787,38 @@ spec:
     name: IMAGE_JOB_PRUNER_TKN
   - image: registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@
     name: IMAGE_ADDONS_PARAM_TKN_IMAGE
+  - image: ko://github.com/tektoncd/operator/cmd/openshift/webhook123
+    name: TEKTON_OPERATOR_WEBHOOK
   replaces: 1.5.0
   version: 1.6.0
+  webhookdefinitions:
+  - admissionReviewVersions:
+    - v1beta1
+    - v1
+    containerPort: 443
+    deploymentName: tekton-operator-webhook
+    failurePolicy: Fail
+    generateName: config.webhook.operator.tekton.dev
+    sideEffects: None
+    targetPort: 8443
+    type: ValidatingAdmissionWebhook
+  - admissionReviewVersions:
+    - v1beta1
+    - v1
+    containerPort: 443
+    deploymentName: tekton-operator-webhook
+    failurePolicy: Fail
+    generateName: validation.webhook.operator.tekton.dev
+    sideEffects: None
+    targetPort: 8443
+    type: ValidatingAdmissionWebhook
+  - admissionReviewVersions:
+    - v1beta1
+    - v1
+    containerPort: 443
+    deploymentName: tekton-operator-webhook
+    failurePolicy: Fail
+    generateName: webhook.operator.tekton.dev
+    sideEffects: None
+    targetPort: 8443
+    type: MutatingAdmissionWebhook
diff --git a/...orhub/openshift/release-artifacts/bundle/manifests/operator.tekton.dev_tektonconfigs.yaml b/...orhub/openshift/release-artifacts/bundle/manifests/operator.tekton.dev_tektonconfigs.yaml
@@ -67,7 +67,6 @@ spec:
                 description: this enables to prune pipelinerun/taskrun
                 properties:
                   keep:
-                    default: 1
                     description: number of resources to keep
                     type: integer
                   resources:

diff --git a/...openshift/release-artifacts/bundle/manifests/tekton-operator-webhook-certs_v1_secret.yaml b/...openshift/release-artifacts/bundle/manifests/tekton-operator-webhook-certs_v1_secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    app: tekton-operator
+    name: tekton-operator-webhook
+  name: tekton-operator-webhook-certs
diff --git a/...rhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook_v1_service.yaml b/...rhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook_v1_service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    app: tekton-operator
+    name: tekton-operator-webhook
+    operator.tekton.dev/release: devel
+    version: devel
+  name: tekton-operator-webhook
+spec:
+  ports:
+  - name: https-webhook
+    port: 443
+    targetPort: 8443
+  selector:
+    app: tekton-operator
+    name: tekton-operator-webhook
+status:
+  loadBalancer: {}