Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scipts to package cert-manager as OLM bundles on OperatorHub #26

Merged
merged 15 commits into from
Jun 29, 2021
Merged

Scipts to package cert-manager as OLM bundles on OperatorHub #26

merged 15 commits into from
Jun 29, 2021

Conversation

wallrj
Copy link
Member

@wallrj wallrj commented Jun 21, 2021
edited
Loading

Fixes: #25, #24, #21, #23

It's taken a while to figure out all the tools, but here is a Makefile which wraps the operator-sdk CLI to generate bundle files for multiple versions of cert-manager.

There a couple of other Python scripts to first reduce the size of CRDs so that the bundle is small enough to be extracted to a configmap by OLM.

This is a work around for operator-framework/operator-lifecycle-manager#1523
Adapted from https://raw.githubusercontent.com/kubevirt/hyperconverged-cluster-operator/c6b425961feb0f350655ccfa7401336b30de66ab/hack/strip_old_descriptions.py in kubevirt/hyperconverged-cluster-operator#1396

There is another script which automates the process of filling in various fields in the clusterserviceversion (CSV) file, such as encoding a logo and adding various meta information.

Finally, the Makefile includes some targets to help with testing the bundles in a local Kind cluster, as described in https://github.com/operator-framework/community-operators/blob/master/docs/testing-operators.md

TODO:

wallrj added 6 commits June 20, 2021 20:18
@wallrj
Makefile
0cefb7c 
Signed-off-by: Richard Wall <[email protected]>
@wallrj
Move global settings into a yaml file
515a311 
Signed-off-by: Richard Wall <[email protected]>
@wallrj
Generate 1.4.0 bundle
33c4e80 
Signed-off-by: Richard Wall <[email protected]>
@wallrj
Generate 1.3.1 bundle
0ccb4a8 
Signed-off-by: Richard Wall <[email protected]>
@wallrj
Documentation
92f1eca 
Signed-off-by: Richard Wall <[email protected]>
@wallrj
Documentation
44a48da 
Signed-off-by: Richard Wall <[email protected]>
@jetstack-bot jetstack-bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Jun 21, 2021
@wallrj wallrj requested a review from jakexks June 21, 2021 11:47
@wallrj wallrj mentioned this pull request Jun 21, 2021
Closed
This was linked to issues Jun 21, 2021
Release on OperatorHub #21
Closed
Document the release procedure #24
Closed
@wallrj wallrj mentioned this pull request Jun 21, 2021
Merged
27 tasks
wallrj
wallrj commented Jun 22, 2021
View reviewed changes
README.md

* Add the new version of cert-manager to the `CERT_MANAGER_VERSIONS` list at the top of the `Makefile`
* Run `make catalog-build` to generate / update all the bundle files in `./github.com/operator-framework/community-operators/`
* [Preview the generated clusterserviceversion file on OperatorHub ](https://operatorhub.io/preview)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

@wallrj wallrj mentioned this pull request Jun 22, 2021
Closed
wallrj
wallrj commented Jun 23, 2021
View reviewed changes
hack/fixup-csv
"--tls-cert-file=/tmp/k8s-webhook-server/serving-certs/tls.crt",
"--tls-private-key-file=/tmp/k8s-webhook-server/serving-certs/tls.key",
])
container["args"] = args
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two issues addressed here:

  • OpenShift / OLM creates its own webhook certificates and injects them into the webhook config and mounts them into the webhook pod. So here I configure the webhook server with the paths to the OLM mounted key pair files.
  • It also overrides the webhook service name with a -service suffix, which is why I changed the --dynamic-serving-dns-names argument, but actually that argument can probably be removed altogether.

This may fix cert-manager/cert-manager#4055.

@wallrj wallrj mentioned this pull request Jun 23, 2021
Merged
SgtCoDFish
SgtCoDFish requested changes Jun 23, 2021
View reviewed changes
Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't reviewed the whole thing - I don't have time left in the day - but I've added one suggestion which I spotted.

wallrj and others added 2 commits June 29, 2021 09:16
@wallrj wallrj merged commit d0fbd76 into cert-manager:master Jun 29, 2021
@wallrj wallrj deleted the operator-hub branch June 29, 2021 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SgtCoDFish SgtCoDFish SgtCoDFish requested changes

@jakexks jakexks Awaiting requested review from jakexks

Assignees
No one assigned
Labels
size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update to cert-manager 1.4 Document the release procedure Release on OperatorHub
4 participants
@wallrj @jakexks @SgtCoDFish @jetstack-bot