Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add v1beta1 API with Conversion Webhook and Cert-Manager #140

Merged
merged 1 commit into from
Sep 25, 2023
Merged

Add v1beta1 API with Conversion Webhook and Cert-Manager #140

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion README.md
View file
Open in desktop
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to update the README to also recommend Tekton and Cert-Manager be installed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

README updated

Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ Once OLM has been deployed, use the following command to install the latest oper
$ kubectl apply -f https://operatorhub.io/install/shipwright-operator.yaml
```

## OLM Dependencies
When installed via OLM using the provided SHipwright Operator Bundle, the Shipwright operator has two dependencies to:
- The Tekton operator needed by the Shipright Build Controller
- The Cert-Manager operator needed in case you delegate to the Shipwright operator the ssl certificates management of the Shipwright Conversion webhook
The two operators are then installed automatically by OLM.
Comment on lines +16 to +20
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit to clean up some of the grammar:

Suggested change
## OLM Dependencies
When installed via OLM using the provided SHipwright Operator Bundle, the Shipwright operator has two dependencies to:
- The Tekton operator needed by the Shipright Build Controller
- The Cert-Manager operator needed in case you delegate to the Shipwright operator the ssl certificates management of the Shipwright Conversion webhook
The two operators are then installed automatically by OLM.
## OLM Dependencies
When installed via OLM using the provided Shipwright Operator Bundle, the Shipwright operator will ask OLM to deploy the following operators:
- The [Tekton operator](https://tekton.dev/docs/operator/) to deploy and manage Tekton Pipelines.
- The [Cert-Manager operator](https://cert-manager.io/docs/installation/operator-lifecycle-manager/) to provision certificates for admission/conversion webhooks.
For this to work, the Shipwright operator must be included in a catalog that includes these other operators.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed


## Usage

To deploy and manage [Shipwright Builds](https://github.com/shipwright-io/build) in your cluster,
Expand All @@ -36,11 +42,15 @@ Refer to the [ShipwrightBuild documentation](docs/shipwrightbuild.md) for more i

The operator handles differents environment variables to customize Shiprwright controller installation:
- KO_DATA_PATH : defines the shipwright controller manifest to install
- USE_MANAGED_WEBHOOK_CERTS: defines wether the webook ssl certificate is installed by the operator. It requires cert-manager to be installed in the cluster.
- IMAGE_SHIPWRIGHT_SHIPWRIGHT_BUILD : defines the Shipwright Build Controller Image to use
- IMAGE_SHIPWRIGHT_GIT_CONTAINER_IMAGE: defines the Shipwright Git Container Image to use
- IMAGE_SHIPWRIGHT_MUTATE_IMAGE_CONTAINER_IMAGE: defines the Shipwright Mutate Image to use
- IMAGE_SHIPWRIGHT_IMAGE_PROCESSING_CONTAINER_IMAGE: defines the Shipwright Processing Image to use
- IMAGE_SHIPWRIGHT_BUNDLE_CONTAINER_IMAGE: defines the Shipwright Bundle Image to use
- IMAGE_SHIPWRIGHT_WAITER_CONTAINER_IMAGE: defines the Shipwright Waiter Image to use
- IMAGE_SHIPWRIGHT_SHIPWRIGHT_BUILD_WEBHOOK: defines the Shipwright Build Webhook Image to use

For more information about the function of these images, please consider the Shipwright Build doc https://github.com/shipwright-io/build/blob/main/docs/configuration.md

## Contributing

Expand Down
174 changes: 174 additions & 0 deletions bundle/manifests/shipwright-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ spec:
- kind: TektonConfig
name: tektonconfigs.operator.tekton.dev
version: v1alpha1
- kind: Certificate
name: certificates.cert-manager.io
version: v1
Comment on lines +43 to +45
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Does this mean that a cluster admin also needs to install cert-manager?
  2. Does OLM do this automatically, or will an admin need to do this separately? See https://olm.operatorframework.io/docs/concepts/olm-architecture/dependency-resolution/#declaring-dependencies

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Via the bundle we provide, OLM installs automatically the dependencies, tekton and cert-manager

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should release the operator to provide the olm bundle in the operatorhubio

description: |
Shipwright is a framework for building container images on Kubernetes.

Expand Down Expand Up @@ -380,6 +383,30 @@ spec:
- events
verbs:
- create
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io/v1beta1
resources:
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
Expand Down Expand Up @@ -421,6 +448,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- apps
resourceNames:
- shipwright-build-webhook
resources:
- deployments
verbs:
- delete
- patch
- update
- apiGroups:
- apps
resourceNames:
Expand All @@ -429,6 +466,52 @@ spec:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resourceNames:
- shipwright-build-webhook
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- get
- list
- watch
- apiGroups:
- cert-manager.io
resourceNames:
- shipwright-build-webhook-cert
resources:
- certificates
verbs:
- delete
- patch
- update
- apiGroups:
- cert-manager.io
resources:
- issuers
verbs:
- create
- get
- list
- watch
- apiGroups:
- cert-manager.io
resourceNames:
- selfsigned-issuer
resources:
- issuers
verbs:
- delete
- patch
- update
- apiGroups:
- ""
resources:
Expand All @@ -441,6 +524,25 @@ spec:
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- shipwright-build-webhook-cert
resources:
- secrets
verbs:
- delete
- patch
- update
- apiGroups:
- ""
resources:
Expand All @@ -460,6 +562,35 @@ spec:
- delete
- patch
- update
- apiGroups:
- ""
resourceNames:
- shipwright-build-webhook
resources:
- serviceaccounts
verbs:
- delete
- patch
- update
- apiGroups:
- ""
resources:
- services
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- shipwright-build-controller
resources:
- services
verbs:
- delete
- patch
- update
- apiGroups:
- operator.shipwright.io
resources:
Expand Down Expand Up @@ -511,6 +642,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- clusterrolebindings
verbs:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand Down Expand Up @@ -550,6 +691,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- clusterroles
verbs:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand All @@ -569,6 +720,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- rolebindings
verbs:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand All @@ -588,6 +749,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- roles
verbs:
- delete
- patch
- update
- apiGroups:
- authentication.k8s.io
resources:
Expand Down Expand Up @@ -639,6 +810,9 @@ spec:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
env:
- name: USE_MANAGED_WEBHOOK_CERTS
value: "true"
image: ko://github.com/shipwright-io/operator
livenessProbe:
httpGet:
Expand Down
3 changes: 3 additions & 0 deletions config/manager/manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ spec:
containers:
- args:
- --leader-elect
env:
- name: USE_MANAGED_WEBHOOK_CERTS
value: "true"
image: ko://github.com/shipwright-io/operator
name: operator
securityContext:
Expand Down
3 changes: 3 additions & 0 deletions config/manifests/bases/shipwright-operator.clusterserviceversion.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ spec:
- kind: TektonConfig
name: tektonconfigs.operator.tekton.dev
version: v1alpha1
- kind: Certificate
name: certificates.cert-manager.io
version: v1
description: |
Shipwright is a framework for building container images on Kubernetes.

Expand Down
Loading
Loading