From d6d83c7f67a18a4b30aabe774a8fa2c93399f301 Mon Sep 17 00:00:00 2001 From: odubajDT <93584209+odubajDT@users.noreply.github.com> Date: Thu, 18 Jan 2024 07:51:28 +0100 Subject: [PATCH] feat: introduce configurable support of cert-manager.io CA injection (#2811) Signed-off-by: Geoffrey Israel Signed-off-by: sudipto baral Signed-off-by: odubajDT <93584209+odubajDT@users.noreply.github.com> Signed-off-by: odubajDT Co-authored-by: Geoffrey Israel Co-authored-by: Sudipto Baral Co-authored-by: Giovanni Liva --- .../.helm-tests/certificates-only/values.yaml | 2 +- .../scripts/.helm-tests/default/result.yaml | 39 +++++++++++-------- .../scripts/.helm-tests/default/values.yaml | 3 +- .../.helm-tests/lifecycle-only/result.yaml | 26 +++++++------ .../.helm-tests/lifecycle-only/values.yaml | 5 ++- .../lifecycle-with-certs/result.yaml | 26 +++++++------ .../lifecycle-with-certs/values.yaml | 4 +- .../result.yaml | 13 ++++--- .../values.yaml | 5 ++- .../.helm-tests/metrics-only/result.yaml | 13 ++++--- .../.helm-tests/metrics-only/values.yaml | 5 ++- .../metrics-with-certs/result.yaml | 13 ++++--- .../metrics-with-certs/values.yaml | 4 +- chart/Chart.lock | 4 +- chart/Chart.yaml | 2 +- chart/NOTES.txt | 2 +- chart/README.md | 23 +++++------ chart/values.yaml | 9 +++-- .../configuration/cert-manager.md | 37 +++++++++++++----- keptn-cert-manager/.gitignore | 2 + keptn-cert-manager/chart/README.md | 13 ++++--- keptn-cert-manager/chart/values.yaml | 4 +- lifecycle-operator/chart/README.md | 4 +- .../chart/templates/deployment.yaml | 2 + .../chart/templates/keptnapp-crd.yaml | 4 +- .../keptnappcreationrequest-crd.yaml | 6 ++- .../chart/templates/keptnappversion-crd.yaml | 4 +- .../chart/templates/keptnconfig-crd.yaml | 4 +- .../chart/templates/keptnevaluation-crd.yaml | 4 +- .../keptnevaluationdefinition-crd.yaml | 4 +- .../chart/templates/keptntask-crd.yaml | 4 +- .../templates/keptntaskdefinition-crd.yaml | 4 +- .../chart/templates/keptnworkload-crd.yaml | 4 +- .../templates/keptnworkloadversion-crd.yaml | 4 +- ...ecycle-mutating-webhook-configuration.yaml | 12 +++++- ...ycle-validating-webhook-configuration.yaml | 12 +++++- lifecycle-operator/chart/values.yaml | 7 +++- .../config/manager/manager.yaml | 2 + lifecycle-operator/go.mod | 2 +- lifecycle-operator/go.sum | 4 +- lifecycle-operator/main.go | 17 ++++++-- metrics-operator/.gitignore | 2 + metrics-operator/chart/README.md | 14 ++++--- .../chart/templates/analysis-crd.yaml | 3 ++ .../templates/analysisdefinition-crd.yaml | 4 +- .../templates/analysisvaluetemplate-crd.yaml | 4 +- .../chart/templates/deployment.yaml | 2 + .../chart/templates/keptnmetric-crd.yaml | 4 +- .../templates/keptnmetricsprovider-crd.yaml | 4 +- ...rics-validating-webhook-configuration.yaml | 12 +++++- metrics-operator/chart/values.yaml | 7 +++- metrics-operator/config/manager/manager.yaml | 2 + metrics-operator/go.mod | 2 +- metrics-operator/go.sum | 4 +- metrics-operator/main.go | 16 ++++++-- 55 files changed, 294 insertions(+), 144 deletions(-) diff --git a/.github/scripts/.helm-tests/certificates-only/values.yaml b/.github/scripts/.helm-tests/certificates-only/values.yaml index f9539c1323..d0245a41ba 100644 --- a/.github/scripts/.helm-tests/certificates-only/values.yaml +++ b/.github/scripts/.helm-tests/certificates-only/values.yaml @@ -1,5 +1,4 @@ certManager: - enabled: true image: tag: v0.0.0 lifecycleOperator: @@ -8,6 +7,7 @@ metricsOperator: enabled: false global: + certManagerEnabled: true imageRegistry: "testreg" imagePullSecrets: [] commonAnnotations: diff --git a/.github/scripts/.helm-tests/default/result.yaml b/.github/scripts/.helm-tests/default/result.yaml index 56a6a87321..96ccb7da4f 100644 --- a/.github/scripts/.helm-tests/default/result.yaml +++ b/.github/scripts/.helm-tests/default/result.yaml @@ -137,7 +137,7 @@ metadata: name: keptnapps.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -585,7 +585,7 @@ metadata: name: keptnappcreationrequests.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -684,7 +684,7 @@ metadata: name: keptnappversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -1820,7 +1820,7 @@ metadata: name: keptnconfigs.options.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -1890,7 +1890,7 @@ metadata: name: keptnevaluations.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -2419,7 +2419,7 @@ metadata: name: keptnevaluationdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -2674,7 +2674,7 @@ metadata: name: keptntasks.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -3241,7 +3241,7 @@ metadata: name: keptntaskdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -6580,7 +6580,7 @@ metadata: name: keptnworkloads.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -6977,7 +6977,7 @@ metadata: name: keptnworkloadversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -7604,6 +7604,7 @@ metadata: name: analyses.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: helmtests/keptn-certs cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' labels: app.kubernetes.io/part-of: keptn @@ -7949,7 +7950,7 @@ metadata: name: analysisdefinitions.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -8636,7 +8637,7 @@ metadata: name: analysisvaluetemplates.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -8775,7 +8776,7 @@ metadata: name: keptnmetrics.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -9292,7 +9293,7 @@ metadata: name: keptnmetricsproviders.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -10969,6 +10970,8 @@ spec: value: "false" - name: KUBERNETES_CLUSTER_DOMAIN value: cluster.local + - name: CERT_MANAGER_ENABLED + value: "true" image: ghcr.io/keptn/lifecycle-operator:v0.0.0 imagePullPolicy: Always name: lifecycle-operator @@ -11154,6 +11157,8 @@ spec: value: "0" - name: KUBERNETES_CLUSTER_DOMAIN value: cluster.local + - name: CERT_MANAGER_ENABLED + value: "true" image: ghcr.io/keptn/metrics-operator:v0.0.0 imagePullPolicy: Always name: metrics-operator @@ -11259,7 +11264,7 @@ kind: MutatingWebhookConfiguration metadata: name: lifecycle-mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/part-of: "keptn" @@ -11312,7 +11317,7 @@ kind: ValidatingWebhookConfiguration metadata: name: lifecycle-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/instance: keptn-test @@ -11348,7 +11353,7 @@ kind: ValidatingWebhookConfiguration metadata: name: metrics-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/instance: keptn-test diff --git a/.github/scripts/.helm-tests/default/values.yaml b/.github/scripts/.helm-tests/default/values.yaml index bc85b753fc..d8a7bfa39c 100644 --- a/.github/scripts/.helm-tests/default/values.yaml +++ b/.github/scripts/.helm-tests/default/values.yaml @@ -1,5 +1,4 @@ certManager: - enabled: true image: tag: v0.0.0 lifecycleOperator: @@ -18,3 +17,5 @@ metricsOperator: global: commonLabels: app.kubernetes.io/version: vmyversion + caInjectionAnnotations: + cert-manager.io/inject-ca-from: helmtests/keptn-certs diff --git a/.github/scripts/.helm-tests/lifecycle-only/result.yaml b/.github/scripts/.helm-tests/lifecycle-only/result.yaml index 4706bbd46a..61396599c1 100644 --- a/.github/scripts/.helm-tests/lifecycle-only/result.yaml +++ b/.github/scripts/.helm-tests/lifecycle-only/result.yaml @@ -83,7 +83,7 @@ metadata: name: keptnapps.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -531,7 +531,7 @@ metadata: name: keptnappcreationrequests.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -630,7 +630,7 @@ metadata: name: keptnappversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -1766,7 +1766,7 @@ metadata: name: keptnconfigs.options.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -1836,7 +1836,7 @@ metadata: name: keptnevaluations.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -2365,7 +2365,7 @@ metadata: name: keptnevaluationdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -2620,7 +2620,7 @@ metadata: name: keptntasks.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -3187,7 +3187,7 @@ metadata: name: keptntaskdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -6526,7 +6526,7 @@ metadata: name: keptnworkloads.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -6923,7 +6923,7 @@ metadata: name: keptnworkloadversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: lifecycle.keptn.sh @@ -8450,6 +8450,8 @@ spec: value: "false" - name: KUBERNETES_CLUSTER_DOMAIN value: cluster.local + - name: CERT_MANAGER_ENABLED + value: "false" image: testreg/myrep:v0.0.1 imagePullPolicy: Always name: lifecycle-operator @@ -8581,7 +8583,7 @@ kind: MutatingWebhookConfiguration metadata: name: lifecycle-mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/part-of: "keptn" @@ -8634,7 +8636,7 @@ kind: ValidatingWebhookConfiguration metadata: name: lifecycle-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/instance: keptn-test diff --git a/.github/scripts/.helm-tests/lifecycle-only/values.yaml b/.github/scripts/.helm-tests/lifecycle-only/values.yaml index fd2f55533c..62396aa88a 100644 --- a/.github/scripts/.helm-tests/lifecycle-only/values.yaml +++ b/.github/scripts/.helm-tests/lifecycle-only/values.yaml @@ -1,10 +1,11 @@ global: + certManagerEnabled: false imageRegistry: "testreg" commonLabels: app.kubernetes.io/version: vmyversion + caInjectionAnnotations: + cert-manager.io/inject-ca-from: helmtests/keptn-certs -certManager: - enabled: false lifecycleOperator: enabled: true lifecycleOperator: diff --git a/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml b/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml index 6bc08ea4ab..17cf25f0b8 100644 --- a/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml +++ b/.github/scripts/.helm-tests/lifecycle-with-certs/result.yaml @@ -107,7 +107,7 @@ metadata: name: keptnapps.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -557,7 +557,7 @@ metadata: name: keptnappcreationrequests.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -657,7 +657,7 @@ metadata: name: keptnappversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -1794,7 +1794,7 @@ metadata: name: keptnconfigs.options.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -1865,7 +1865,7 @@ metadata: name: keptnevaluations.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -2395,7 +2395,7 @@ metadata: name: keptnevaluationdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -2651,7 +2651,7 @@ metadata: name: keptntasks.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -3219,7 +3219,7 @@ metadata: name: keptntaskdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -6559,7 +6559,7 @@ metadata: name: keptnworkloads.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -6957,7 +6957,7 @@ metadata: name: keptnworkloadversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs test/jj: test labels: app.kubernetes.io/part-of: keptn @@ -8764,6 +8764,8 @@ spec: value: "false" - name: KUBERNETES_CLUSTER_DOMAIN value: cluster.local + - name: CERT_MANAGER_ENABLED + value: "true" image: ghcr.io/keptn/lifecycle-operator:v0.0.0 imagePullPolicy: Never name: lifecycle-operator @@ -8896,8 +8898,8 @@ kind: MutatingWebhookConfiguration metadata: name: lifecycle-mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' test/jj: test + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/part-of: "keptn" @@ -8950,8 +8952,8 @@ kind: ValidatingWebhookConfiguration metadata: name: lifecycle-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' test/jj: test + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/instance: keptn-test diff --git a/.github/scripts/.helm-tests/lifecycle-with-certs/values.yaml b/.github/scripts/.helm-tests/lifecycle-with-certs/values.yaml index 29e7429e06..d814a47b1c 100644 --- a/.github/scripts/.helm-tests/lifecycle-with-certs/values.yaml +++ b/.github/scripts/.helm-tests/lifecycle-with-certs/values.yaml @@ -1,5 +1,4 @@ certManager: - enabled: true image: tag: v0.0.0 lifecycleOperator: @@ -16,7 +15,10 @@ metricsOperator: enabled: false global: + certManagerEnabled: true commonLabels: app.kubernetes.io/version: vmyversion commonAnnotations: test/jj: test + caInjectionAnnotations: + cert-manager.io/inject-ca-from: helmtests/keptn-certs diff --git a/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/result.yaml b/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/result.yaml index 5b0d8e415d..98556f637f 100644 --- a/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/result.yaml +++ b/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/result.yaml @@ -45,6 +45,7 @@ metadata: name: analyses.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: helmtests/keptn-certs cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' labels: app.kubernetes.io/part-of: keptn @@ -390,7 +391,7 @@ metadata: name: analysisdefinitions.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1077,7 +1078,7 @@ metadata: name: analysisvaluetemplates.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1216,7 +1217,7 @@ metadata: name: keptnmetrics.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1733,7 +1734,7 @@ metadata: name: keptnmetricsproviders.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -2301,6 +2302,8 @@ spec: value: "0" - name: KUBERNETES_CLUSTER_DOMAIN value: cluster.local + - name: CERT_MANAGER_ENABLED + value: "false" image: ghcr.io/keptn/metrics-operator:v0.0.0 imagePullPolicy: Always name: metrics-operator @@ -2362,7 +2365,7 @@ kind: ValidatingWebhookConfiguration metadata: name: metrics-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/instance: keptn-test diff --git a/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/values.yaml b/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/values.yaml index 8ea2f879bd..4c70043b50 100644 --- a/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/values.yaml +++ b/.github/scripts/.helm-tests/metrics-only-with-apiservice-disabled/values.yaml @@ -1,5 +1,3 @@ -certManager: - enabled: false lifecycleOperator: enabled: false metricsOperator: @@ -10,5 +8,8 @@ metricsOperator: enabled: "false" global: + certManagerEnabled: false commonLabels: app.kubernetes.io/version: vmyversion + caInjectionAnnotations: + cert-manager.io/inject-ca-from: helmtests/keptn-certs diff --git a/.github/scripts/.helm-tests/metrics-only/result.yaml b/.github/scripts/.helm-tests/metrics-only/result.yaml index b10f54ab51..9b8a5ec662 100644 --- a/.github/scripts/.helm-tests/metrics-only/result.yaml +++ b/.github/scripts/.helm-tests/metrics-only/result.yaml @@ -45,6 +45,7 @@ metadata: name: analyses.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: helmtests/keptn-certs cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' labels: app.kubernetes.io/part-of: keptn @@ -390,7 +391,7 @@ metadata: name: analysisdefinitions.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1077,7 +1078,7 @@ metadata: name: analysisvaluetemplates.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1216,7 +1217,7 @@ metadata: name: keptnmetrics.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1733,7 +1734,7 @@ metadata: name: keptnmetricsproviders.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -2322,6 +2323,8 @@ spec: value: "0" - name: KUBERNETES_CLUSTER_DOMAIN value: cluster.local + - name: CERT_MANAGER_ENABLED + value: "false" image: ghcr.io/keptn/metrics-operator:v0.0.0 imagePullPolicy: Always name: metrics-operator @@ -2427,7 +2430,7 @@ kind: ValidatingWebhookConfiguration metadata: name: metrics-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/instance: keptn-test diff --git a/.github/scripts/.helm-tests/metrics-only/values.yaml b/.github/scripts/.helm-tests/metrics-only/values.yaml index bb1ff14c19..b6e3830029 100644 --- a/.github/scripts/.helm-tests/metrics-only/values.yaml +++ b/.github/scripts/.helm-tests/metrics-only/values.yaml @@ -1,5 +1,3 @@ -certManager: - enabled: false lifecycleOperator: enabled: false metricsOperator: @@ -8,5 +6,8 @@ metricsOperator: tag: v0.0.0 global: + certManagerEnabled: false commonLabels: app.kubernetes.io/version: vmyversion + caInjectionAnnotations: + cert-manager.io/inject-ca-from: helmtests/keptn-certs diff --git a/.github/scripts/.helm-tests/metrics-with-certs/result.yaml b/.github/scripts/.helm-tests/metrics-with-certs/result.yaml index b6043cdeb5..362064e06c 100644 --- a/.github/scripts/.helm-tests/metrics-with-certs/result.yaml +++ b/.github/scripts/.helm-tests/metrics-with-certs/result.yaml @@ -60,6 +60,7 @@ metadata: name: analyses.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 + cert-manager.io/inject-ca-from: helmtests/keptn-certs cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' labels: app.kubernetes.io/part-of: keptn @@ -405,7 +406,7 @@ metadata: name: analysisdefinitions.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1092,7 +1093,7 @@ metadata: name: analysisvaluetemplates.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1231,7 +1232,7 @@ metadata: name: keptnmetrics.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -1748,7 +1749,7 @@ metadata: name: keptnmetricsproviders.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: app.kubernetes.io/part-of: keptn crdGroup: metrics.keptn.sh @@ -2578,6 +2579,8 @@ spec: value: "0" - name: KUBERNETES_CLUSTER_DOMAIN value: cluster.local + - name: CERT_MANAGER_ENABLED + value: "true" image: ghcr.io/keptn/metrics-operator:v0.0.0 imagePullPolicy: Never name: metrics-operator @@ -2683,7 +2686,7 @@ kind: ValidatingWebhookConfiguration metadata: name: metrics-validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: 'helmtests/keptn-certs' + cert-manager.io/inject-ca-from: helmtests/keptn-certs labels: keptn.sh/inject-cert: "true" app.kubernetes.io/instance: keptn-test diff --git a/.github/scripts/.helm-tests/metrics-with-certs/values.yaml b/.github/scripts/.helm-tests/metrics-with-certs/values.yaml index 4ed593f0b6..152810f6f6 100644 --- a/.github/scripts/.helm-tests/metrics-with-certs/values.yaml +++ b/.github/scripts/.helm-tests/metrics-with-certs/values.yaml @@ -1,5 +1,4 @@ certManager: - enabled: true image: tag: v0.0.0 lifecycleOperator: @@ -11,5 +10,8 @@ metricsOperator: imagePullPolicy: Never global: + certManagerEnabled: true commonLabels: app.kubernetes.io/version: vmyversion + caInjectionAnnotations: + cert-manager.io/inject-ca-from: helmtests/keptn-certs diff --git a/chart/Chart.lock b/chart/Chart.lock index 7a3b5f6109..84e8402e5b 100644 --- a/chart/Chart.lock +++ b/chart/Chart.lock @@ -8,5 +8,5 @@ dependencies: - name: keptn-metrics-operator repository: file://../metrics-operator/chart version: 0.1.0 -digest: sha256:ab7d035d4105c783c6d8914d455ecb41eb6b305ec6c1907bf2a2bbfa60bc95f0 -generated: "2024-01-15T15:02:08.867692+01:00" +digest: sha256:637c41b238e53b8e68661a83ddd30c5d1cbe7b47310c7503d39510551364a7e0 +generated: "2024-01-16T09:07:28.358693+01:00" diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 8d888a12a0..4508d55d53 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -52,7 +52,7 @@ dependencies: - name: keptn-cert-manager version: 0.2.0 alias: certManager - condition: certManager.enabled + condition: global.certManagerEnabled repository: file://../keptn-cert-manager/chart - name: keptn-lifecycle-operator version: 0.1.0 diff --git a/chart/NOTES.txt b/chart/NOTES.txt index 72433f91d2..74d75f5704 100644 --- a/chart/NOTES.txt +++ b/chart/NOTES.txt @@ -6,7 +6,7 @@ KEPTN VERSION: {{ .Chart.AppVersion }} The following controllers have been deployed: - {{- if .Values.certManager.enabled }} + {{- if .Values.global.certManagerEnabled }} - keptn-cert-manager {{- end }} {{- if .Values.lifecycleOperator.enabled }} diff --git a/chart/README.md b/chart/README.md index f4d3811e0e..6b746c52fb 100644 --- a/chart/README.md +++ b/chart/README.md @@ -9,17 +9,18 @@ metrics, observability, health checks, with pre- and post-deployment evaluations ### Keptn -| Name | Description | Value | -| --------------------------- | ------------------------------------------------------ | ------ | -| `certManager.enabled` | Enable this value to install Keptn Certificate Manager | `true` | -| `lifecycleOperator.enabled` | Enable this value to install Keptn Lifecycle Operator | `true` | -| `metricsOperator.enabled` | Enable this value to install Keptn Metrics Operator | `true` | +| Name | Description | Value | +| --------------------------- | ----------------------------------------------------- | ------ | +| `lifecycleOperator.enabled` | Enable this value to install Keptn Lifecycle Operator | `true` | +| `metricsOperator.enabled` | Enable this value to install Keptn Metrics Operator | `true` | ### Global parameters -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.commonLabels` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | -| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------- | ------ | +| `global.certManagerEnabled` | Enable this value to install Keptn Certificate Manager | `true` | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.commonLabels` | Common labels to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration | `{}` | diff --git a/chart/values.yaml b/chart/values.yaml index 378d41963a..e75214c390 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,7 +1,4 @@ ## @section Keptn -certManager: - ## @param certManager.enabled Enable this value to install Keptn Certificate Manager - enabled: true lifecycleOperator: ## @param lifecycleOperator.enabled Enable this value to install Keptn Lifecycle Operator enabled: true @@ -15,6 +12,8 @@ metricsOperator: ## global: + ## @param global.certManagerEnabled Enable this value to install Keptn Certificate Manager + certManagerEnabled: true ## @param global.imageRegistry Global Docker image registry imageRegistry: "" @@ -24,7 +23,9 @@ global: ## - myRegistryKeySecretName ## imagePullSecrets: [] - ## @param global.commonLabels Common annotations to add to all Keptn resources. Evaluated as a template + ## @param global.commonLabels Common labels to add to all Keptn resources. Evaluated as a template commonLabels: {} ## @param global.commonAnnotations Common annotations to add to all Keptn resources. Evaluated as a template commonAnnotations: {} + ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration + caInjectionAnnotations: {} diff --git a/docs-new/docs/installation/configuration/cert-manager.md b/docs-new/docs/installation/configuration/cert-manager.md index 485efb7d69..68c439d6c0 100644 --- a/docs-new/docs/installation/configuration/cert-manager.md +++ b/docs-new/docs/installation/configuration/cert-manager.md @@ -22,7 +22,8 @@ The steps are: * Install `cert-manager.io` if it is not already installed. * Add the `Certificate` and `Issuer` CRs for `cert-manager.io`. -* (optional) Install Keptn without the built-in `keptn-cert-manager` via Helm +* (optional) Install Keptn without the built-in `keptn-cert-manager` +and with injected CA annotations via Helm ## Add the CR(s) for cert-manager.io @@ -33,13 +34,13 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: keptn-certs - namespace: + namespace: spec: dnsNames: - - lifecycle-webhook-service..svc - - lifecycle-webhook-service..svc.cluster.local - - metrics-webhook-service..svc - - metrics-webhook-service..svc.cluster.local + - lifecycle-webhook-service..svc + - lifecycle-webhook-service..svc.cluster.local + - metrics-webhook-service..svc + - metrics-webhook-service..svc.cluster.local issuerRef: kind: Issuer name: keptn-selfsigned-issuer @@ -49,7 +50,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: keptn-selfsigned-issuer - namespace: + namespace: spec: selfSigned: {} ``` @@ -61,5 +62,23 @@ Note the following about these fields: must be `keptn-certs`. * Substitute the namespace placeholders with your namespace, where Keptn is installed. -See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) -documentation for more details. +## Injecting CA Annotations + +`cert-manager.io` supports specific annotations for +injectable resources depending on the injection source. +To configure these annotations, modify the `global.caInjectionAnnotation` Helm value. +See the [CA Injector](https://cert-manager.io/docs/concepts/ca-injector/) documentation for more details. + +Here is an example `values.yaml` file demonstrating the configuration of CA injection +by using the `cert-manager.io/inject-ca-from` annotation: + +```yaml +global: + certManagerEnabled: false # disable Keptn Cert Manager + caInjectionAnnotations: + cert-manager.io/inject-ca-from: keptn-system/keptn-certs +``` + +Refer to the +[Customizing the configuration of components](../index.md#customizing-the-configuration-of-components) +for more details. diff --git a/keptn-cert-manager/.gitignore b/keptn-cert-manager/.gitignore index 50df7b57cb..7a89040098 100644 --- a/keptn-cert-manager/.gitignore +++ b/keptn-cert-manager/.gitignore @@ -32,3 +32,5 @@ load-report.* config/rendered/release.yaml chart/rendered.yaml + +chart/charts/*.tgz diff --git a/keptn-cert-manager/chart/README.md b/keptn-cert-manager/chart/README.md index fd7b0c381f..19c8574741 100644 --- a/keptn-cert-manager/chart/README.md +++ b/keptn-cert-manager/chart/README.md @@ -8,12 +8,13 @@ resource. ### Global parameters -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------- | ----- | -| `global.imageRegistry` | Global container image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.commonLabels` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | -| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global container image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.commonLabels` | Common labels to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration | `{}` | ### Keptn Certificate Operator common diff --git a/keptn-cert-manager/chart/values.yaml b/keptn-cert-manager/chart/values.yaml index 1617d15278..a6202853c5 100644 --- a/keptn-cert-manager/chart/values.yaml +++ b/keptn-cert-manager/chart/values.yaml @@ -13,10 +13,12 @@ global: ## - myRegistryKeySecretName ## imagePullSecrets: [] - ## @param global.commonLabels Common annotations to add to all Keptn resources. Evaluated as a template + ## @param global.commonLabels Common labels to add to all Keptn resources. Evaluated as a template commonLabels: {} ## @param global.commonAnnotations Common annotations to add to all Keptn resources. Evaluated as a template commonAnnotations: {} + ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration + caInjectionAnnotations: { } # yamllint disable rule:line-length diff --git a/lifecycle-operator/chart/README.md b/lifecycle-operator/chart/README.md index b601cb0f06..8fe37f534d 100644 --- a/lifecycle-operator/chart/README.md +++ b/lifecycle-operator/chart/README.md @@ -13,10 +13,12 @@ and application health checks | Name | Description | Value | | ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `global.certManagerEnabled` | Enable this value to install Keptn Certificate Manager | `true` | | `global.imageRegistry` | Global container image registry | `""` | | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.commonLabels` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.commonLabels` | Common labels to add to all Keptn resources. Evaluated as a template | `{}` | | `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration | `{}` | | `lifecycleOperatorConfig.health.healthProbeBindAddress` | setup on what address to start the default health handler | `:8081` | | `lifecycleOperatorConfig.leaderElection.leaderElect` | enable leader election for multiple replicas of the lifecycle operator | `true` | | `lifecycleOperatorConfig.leaderElection.resourceName` | define LeaderElectionID | `6b866dd9.keptn.sh` | diff --git a/lifecycle-operator/chart/templates/deployment.yaml b/lifecycle-operator/chart/templates/deployment.yaml index e8f42fe96c..81b5be0a37 100644 --- a/lifecycle-operator/chart/templates/deployment.yaml +++ b/lifecycle-operator/chart/templates/deployment.yaml @@ -104,6 +104,8 @@ spec: }} - name: KUBERNETES_CLUSTER_DOMAIN value: {{ .Values.kubernetesClusterDomain }} + - name: CERT_MANAGER_ENABLED + value: {{ .Values.global.certManagerEnabled | quote }} image: {{ include "common.images.image" ( dict "imageRoot" .Values.lifecycleOperator.image "global" .Values.global ) }} imagePullPolicy: {{ .Values.lifecycleOperator.imagePullPolicy }} name: lifecycle-operator diff --git a/lifecycle-operator/chart/templates/keptnapp-crd.yaml b/lifecycle-operator/chart/templates/keptnapp-crd.yaml index eb14f75472..5d4d66619c 100644 --- a/lifecycle-operator/chart/templates/keptnapp-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnapp-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnapps.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" (dict "context" .) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptnappcreationrequest-crd.yaml b/lifecycle-operator/chart/templates/keptnappcreationrequest-crd.yaml index aa602851d6..04128469f3 100644 --- a/lifecycle-operator/chart/templates/keptnappcreationrequest-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnappcreationrequest-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnappcreationrequests.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn @@ -91,4 +93,4 @@ spec: served: true storage: false subresources: - status: {} \ No newline at end of file + status: {} diff --git a/lifecycle-operator/chart/templates/keptnappversion-crd.yaml b/lifecycle-operator/chart/templates/keptnappversion-crd.yaml index afd15522a4..05a9ba20e1 100644 --- a/lifecycle-operator/chart/templates/keptnappversion-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnappversion-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnappversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptnconfig-crd.yaml b/lifecycle-operator/chart/templates/keptnconfig-crd.yaml index 1dc455b41b..43aa18cff3 100644 --- a/lifecycle-operator/chart/templates/keptnconfig-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnconfig-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnconfigs.options.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptnevaluation-crd.yaml b/lifecycle-operator/chart/templates/keptnevaluation-crd.yaml index 00948573cb..534f5bbb14 100644 --- a/lifecycle-operator/chart/templates/keptnevaluation-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnevaluation-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnevaluations.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptnevaluationdefinition-crd.yaml b/lifecycle-operator/chart/templates/keptnevaluationdefinition-crd.yaml index e11a4513dc..d540533700 100644 --- a/lifecycle-operator/chart/templates/keptnevaluationdefinition-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnevaluationdefinition-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnevaluationdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptntask-crd.yaml b/lifecycle-operator/chart/templates/keptntask-crd.yaml index 73b47b693a..711a7dcd04 100644 --- a/lifecycle-operator/chart/templates/keptntask-crd.yaml +++ b/lifecycle-operator/chart/templates/keptntask-crd.yaml @@ -5,7 +5,9 @@ metadata: name: keptntasks.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptntaskdefinition-crd.yaml b/lifecycle-operator/chart/templates/keptntaskdefinition-crd.yaml index 1685bb5db4..74d3bb2a17 100644 --- a/lifecycle-operator/chart/templates/keptntaskdefinition-crd.yaml +++ b/lifecycle-operator/chart/templates/keptntaskdefinition-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptntaskdefinitions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptnworkload-crd.yaml b/lifecycle-operator/chart/templates/keptnworkload-crd.yaml index dccb1fea60..32258343bf 100644 --- a/lifecycle-operator/chart/templates/keptnworkload-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnworkload-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnworkloads.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/keptnworkloadversion-crd.yaml b/lifecycle-operator/chart/templates/keptnworkloadversion-crd.yaml index 0f1b9f83cd..a7e4ba52e9 100644 --- a/lifecycle-operator/chart/templates/keptnworkloadversion-crd.yaml +++ b/lifecycle-operator/chart/templates/keptnworkloadversion-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnworkloadversions.lifecycle.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml b/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml index 62d58c9325..144030faa2 100644 --- a/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml +++ b/lifecycle-operator/chart/templates/lifecycle-mutating-webhook-configuration.yaml @@ -2,9 +2,17 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: lifecycle-mutating-webhook-configuration +{{- $caAnnotations := .Values.global.caInjectionAnnotations}} +{{- $annotations := include "common.annotations" (dict "context" .) }} +{{- if or $caAnnotations $annotations }} annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' - {{- include "common.annotations" (dict "context" .) }} + {{- with $annotations }} + {{- . -}} + {{- end }} + {{- with $caAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} labels: keptn.sh/inject-cert: "true" app.kubernetes.io/part-of: "keptn" diff --git a/lifecycle-operator/chart/templates/lifecycle-validating-webhook-configuration.yaml b/lifecycle-operator/chart/templates/lifecycle-validating-webhook-configuration.yaml index 5f3f4f3839..c608b7138e 100644 --- a/lifecycle-operator/chart/templates/lifecycle-validating-webhook-configuration.yaml +++ b/lifecycle-operator/chart/templates/lifecycle-validating-webhook-configuration.yaml @@ -2,9 +2,17 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: lifecycle-validating-webhook-configuration +{{- $caAnnotations := .Values.global.caInjectionAnnotations}} +{{- $annotations := include "common.annotations" (dict "context" .) }} +{{- if or $caAnnotations $annotations }} annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' - {{- include "common.annotations" ( dict "context" . ) }} + {{- with $annotations }} + {{- . -}} + {{- end }} + {{- with $caAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} labels: keptn.sh/inject-cert: "true" {{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} diff --git a/lifecycle-operator/chart/values.yaml b/lifecycle-operator/chart/values.yaml index 3baf6f2553..a36181b029 100644 --- a/lifecycle-operator/chart/values.yaml +++ b/lifecycle-operator/chart/values.yaml @@ -4,6 +4,8 @@ ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass global: + ## @param global.certManagerEnabled Enable this value to install Keptn Certificate Manager + certManagerEnabled: true ## @param global.imageRegistry Global container image registry imageRegistry: "" @@ -13,12 +15,15 @@ global: ## - myRegistryKeySecretName ## imagePullSecrets: [] - ## @param global.commonLabels Common annotations to add to all Keptn resources. Evaluated as a template + ## @param global.commonLabels Common labels to add to all Keptn resources. Evaluated as a template ## commonLabels: { } ## @param global.commonAnnotations Common annotations to add to all Keptn resources. Evaluated as a template ## commonAnnotations: { } + ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration + ## + caInjectionAnnotations: { } lifecycleOperatorConfig: health: diff --git a/lifecycle-operator/config/manager/manager.yaml b/lifecycle-operator/config/manager/manager.yaml index a8e6ee7acb..a3b25595d4 100644 --- a/lifecycle-operator/config/manager/manager.yaml +++ b/lifecycle-operator/config/manager/manager.yaml @@ -81,6 +81,8 @@ spec: value: "0" - name: SCHEDULING_GATES_ENABLED value: "false" + - name: CERT_MANAGER_ENABLED + value: "true" securityContext: seccompProfile: type: RuntimeDefault diff --git a/lifecycle-operator/go.mod b/lifecycle-operator/go.mod index 3a274edf88..89f6cade31 100644 --- a/lifecycle-operator/go.mod +++ b/lifecycle-operator/go.mod @@ -9,7 +9,7 @@ require ( github.com/cloudevents/sdk-go/v2 v2.14.0 github.com/go-logr/logr v1.4.1 github.com/kelseyhightower/envconfig v1.4.0 - github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231211075630-e386ec643fa7 + github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231220125738-6b5f424f8cf1 github.com/magiconair/properties v1.8.7 github.com/onsi/ginkgo/v2 v2.14.0 github.com/onsi/gomega v1.30.0 diff --git a/lifecycle-operator/go.sum b/lifecycle-operator/go.sum index 0f68044d30..29c98a75fe 100644 --- a/lifecycle-operator/go.sum +++ b/lifecycle-operator/go.sum @@ -78,8 +78,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= -github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231211075630-e386ec643fa7 h1:IQmKPpTRP2/ZBJ778BCkHfwolf8VHt3p5yBJFtwSFII= -github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231211075630-e386ec643fa7/go.mod h1:5BmQaTihG6MYDrwJoeFI80uGJ5iGIxBIWzl6RcKJejk= +github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231220125738-6b5f424f8cf1 h1:C1yHneE1lcuOnJY3PLlVK+AhaPLfShOMhSxdlja0S1U= +github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231220125738-6b5f424f8cf1/go.mod h1:5BmQaTihG6MYDrwJoeFI80uGJ5iGIxBIWzl6RcKJejk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= diff --git a/lifecycle-operator/main.go b/lifecycle-operator/main.go index 67a9a0d174..986f6f21e6 100644 --- a/lifecycle-operator/main.go +++ b/lifecycle-operator/main.go @@ -103,6 +103,8 @@ type envConfig struct { KeptnOptionsControllerLogLevel int `envconfig:"OPTIONS_CONTROLLER_LOG_LEVEL" default:"0"` SchedulingGatesEnabled bool `envconfig:"SCHEDULING_GATES_ENABLED" default:"false"` + + CertManagerEnabled bool `envconfig:"CERT_MANAGER_ENABLED" default:"true"` } const KeptnLifecycleActiveMetric = "keptn_lifecycle_active" @@ -393,15 +395,22 @@ func main() { setupLog.Info("Keptn lifecycle-operator is alive") keptnLifecycleActive.Add(context.Background(), 1) if !disableWebhook { - webhookBuilder = webhookBuilder.SetCertificateWatcher( - certificates.NewCertificateWatcher( + var certificateWatcher certificates.ICertificateWatcher + + // Check if cert manager is enabled + if env.CertManagerEnabled { + certificateWatcher = certificates.NewCertificateWatcher( mgr.GetAPIReader(), webhookBuilder.GetOptions().CertDir, env.PodNamespace, certCommon.SecretName, setupLog, - )) - + ) + } else { + // Use the NoOpCertificateWatcher when cert manager is disabled + certificateWatcher = certificates.NewNoOpCertificateWatcher() + } + webhookBuilder = webhookBuilder.SetCertificateWatcher(certificateWatcher) setupLog.Info(fmt.Sprintf("%v", webhookBuilder)) webhookLogger := ctrl.Log.WithName("Mutating Webhook") webhookRecorder := mgr.GetEventRecorderFor("keptn/webhook") diff --git a/metrics-operator/.gitignore b/metrics-operator/.gitignore index e28d69955a..0f21226281 100644 --- a/metrics-operator/.gitignore +++ b/metrics-operator/.gitignore @@ -28,3 +28,5 @@ load-report.* *~ .dccache* + +chart/charts/*.tgz diff --git a/metrics-operator/chart/README.md b/metrics-operator/chart/README.md index 3dea96e631..33dda89c4b 100644 --- a/metrics-operator/chart/README.md +++ b/metrics-operator/chart/README.md @@ -13,12 +13,14 @@ Prometheus, Dynatrace, DataDog and K8s metric server... ### Global parameters -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------- | ----- | -| `global.imageRegistry` | Global container image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.commonLabels` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | -| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------- | ------ | +| `global.certManagerEnabled` | Enable this value to install Keptn Certificate Manager | `true` | +| `global.imageRegistry` | Global container image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.commonLabels` | Common labels to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration | `{}` | ### Keptn Metrics Operator common diff --git a/metrics-operator/chart/templates/analysis-crd.yaml b/metrics-operator/chart/templates/analysis-crd.yaml index 492b134db9..73f311f28c 100644 --- a/metrics-operator/chart/templates/analysis-crd.yaml +++ b/metrics-operator/chart/templates/analysis-crd.yaml @@ -4,6 +4,9 @@ metadata: name: analyses.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' {{- include "common.annotations" ( dict "context" . ) }} labels: diff --git a/metrics-operator/chart/templates/analysisdefinition-crd.yaml b/metrics-operator/chart/templates/analysisdefinition-crd.yaml index 2e75e9eb37..db87f99f58 100644 --- a/metrics-operator/chart/templates/analysisdefinition-crd.yaml +++ b/metrics-operator/chart/templates/analysisdefinition-crd.yaml @@ -4,7 +4,9 @@ metadata: name: analysisdefinitions.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/metrics-operator/chart/templates/analysisvaluetemplate-crd.yaml b/metrics-operator/chart/templates/analysisvaluetemplate-crd.yaml index e06ec85b3a..ed4bac9d3b 100644 --- a/metrics-operator/chart/templates/analysisvaluetemplate-crd.yaml +++ b/metrics-operator/chart/templates/analysisvaluetemplate-crd.yaml @@ -4,7 +4,9 @@ metadata: name: analysisvaluetemplates.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/metrics-operator/chart/templates/deployment.yaml b/metrics-operator/chart/templates/deployment.yaml index 5a16d36758..8a35a33b8f 100644 --- a/metrics-operator/chart/templates/deployment.yaml +++ b/metrics-operator/chart/templates/deployment.yaml @@ -60,6 +60,8 @@ spec: }} - name: KUBERNETES_CLUSTER_DOMAIN value: {{ .Values.kubernetesClusterDomain }} + - name: CERT_MANAGER_ENABLED + value: {{ .Values.global.certManagerEnabled | quote }} image: {{- include "common.images.image" ( dict "imageRoot" .Values.image "global" .Values.global ) | indent 1}} imagePullPolicy: {{ .Values.imagePullPolicy }} name: metrics-operator diff --git a/metrics-operator/chart/templates/keptnmetric-crd.yaml b/metrics-operator/chart/templates/keptnmetric-crd.yaml index e073d68e3e..7c8baa273f 100644 --- a/metrics-operator/chart/templates/keptnmetric-crd.yaml +++ b/metrics-operator/chart/templates/keptnmetric-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnmetrics.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/metrics-operator/chart/templates/keptnmetricsprovider-crd.yaml b/metrics-operator/chart/templates/keptnmetricsprovider-crd.yaml index 0d313f6b7f..62665a29ef 100644 --- a/metrics-operator/chart/templates/keptnmetricsprovider-crd.yaml +++ b/metrics-operator/chart/templates/keptnmetricsprovider-crd.yaml @@ -4,7 +4,9 @@ metadata: name: keptnmetricsproviders.metrics.keptn.sh annotations: controller-gen.kubebuilder.io/version: v0.13.0 - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' + {{- with .Values.global.caInjectionAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "common.annotations" ( dict "context" . ) }} labels: app.kubernetes.io/part-of: keptn diff --git a/metrics-operator/chart/templates/metrics-validating-webhook-configuration.yaml b/metrics-operator/chart/templates/metrics-validating-webhook-configuration.yaml index b402989e34..3cebb018c4 100644 --- a/metrics-operator/chart/templates/metrics-validating-webhook-configuration.yaml +++ b/metrics-operator/chart/templates/metrics-validating-webhook-configuration.yaml @@ -2,9 +2,17 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: metrics-validating-webhook-configuration +{{- $caAnnotations := .Values.global.caInjectionAnnotations}} +{{- $annotations := include "common.annotations" (dict "context" .) }} +{{- if or $caAnnotations $annotations }} annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/keptn-certs' - {{- include "common.annotations" ( dict "context" . ) }} + {{- with $annotations }} + {{- . -}} + {{- end }} + {{- with $caAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} labels: keptn.sh/inject-cert: "true" {{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} diff --git a/metrics-operator/chart/values.yaml b/metrics-operator/chart/values.yaml index f0fbf813ff..c5aee68585 100644 --- a/metrics-operator/chart/values.yaml +++ b/metrics-operator/chart/values.yaml @@ -4,6 +4,8 @@ ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass global: + ## @param global.certManagerEnabled Enable this value to install Keptn Certificate Manager + certManagerEnabled: true ## @param global.imageRegistry Global container image registry imageRegistry: "" @@ -13,12 +15,15 @@ global: ## - myRegistryKeySecretName ## imagePullSecrets: [] - ## @param global.commonLabels Common annotations to add to all Keptn resources. Evaluated as a template + ## @param global.commonLabels Common labels to add to all Keptn resources. Evaluated as a template ## commonLabels: { } ## @param global.commonAnnotations Common annotations to add to all Keptn resources. Evaluated as a template ## commonAnnotations: { } + ## @param global.caInjectionAnnotations CA injection annotations for cert-manager.io configuration + ## + caInjectionAnnotations: { } ## @section Keptn Metrics Operator common ## @extra operatorService.ports[0] webhook port (must correspond to Mutating Webhook Configurations) diff --git a/metrics-operator/config/manager/manager.yaml b/metrics-operator/config/manager/manager.yaml index 55fc51d38a..b8207fe2fe 100644 --- a/metrics-operator/config/manager/manager.yaml +++ b/metrics-operator/config/manager/manager.yaml @@ -71,6 +71,8 @@ spec: value: "0" - name: ANALYSIS_CONTROLLER_LOG_LEVEL value: "0" + - name: CERT_MANAGER_ENABLED + value: "true" ports: - containerPort: 9443 name: webhook-server diff --git a/metrics-operator/go.mod b/metrics-operator/go.mod index 15ea69ac56..2163b8a737 100644 --- a/metrics-operator/go.mod +++ b/metrics-operator/go.mod @@ -8,7 +8,7 @@ require ( github.com/go-logr/logr v1.4.1 github.com/gorilla/mux v1.8.1 github.com/kelseyhightower/envconfig v1.4.0 - github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231211075630-e386ec643fa7 + github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231220125738-6b5f424f8cf1 github.com/open-feature/go-sdk v1.9.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.18.0 diff --git a/metrics-operator/go.sum b/metrics-operator/go.sum index e8e47c6f63..d58adf4922 100644 --- a/metrics-operator/go.sum +++ b/metrics-operator/go.sum @@ -111,8 +111,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8= github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= -github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231211075630-e386ec643fa7 h1:IQmKPpTRP2/ZBJ778BCkHfwolf8VHt3p5yBJFtwSFII= -github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231211075630-e386ec643fa7/go.mod h1:5BmQaTihG6MYDrwJoeFI80uGJ5iGIxBIWzl6RcKJejk= +github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231220125738-6b5f424f8cf1 h1:C1yHneE1lcuOnJY3PLlVK+AhaPLfShOMhSxdlja0S1U= +github.com/keptn/lifecycle-toolkit/keptn-cert-manager v0.0.0-20231220125738-6b5f424f8cf1/go.mod h1:5BmQaTihG6MYDrwJoeFI80uGJ5iGIxBIWzl6RcKJejk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= diff --git a/metrics-operator/main.go b/metrics-operator/main.go index f3ded37750..3a50b5ad62 100644 --- a/metrics-operator/main.go +++ b/metrics-operator/main.go @@ -73,6 +73,7 @@ type envConfig struct { AnalysisControllerLogLevel int `envconfig:"ANALYSIS_CONTROLLER_LOG_LEVEL" default:"0"` ExposeKeptnMetrics bool `envconfig:"EXPOSE_KEPTN_METRICS" default:"true"` EnableCustomMetricsAPIService bool `envconfig:"ENABLE_CUSTOM_METRICS_API_SERVICE" default:"true"` + CertManagerEnabled bool `envconfig:"CERT_MANAGER_ENABLED" default:"true"` } //nolint:gocyclo,funlen @@ -228,14 +229,23 @@ func main() { setupProbes(mgr) if !disableWebhook { - webhookBuilder = webhookBuilder.SetCertificateWatcher( - certificates.NewCertificateWatcher( + var certificateWatcher certificates.ICertificateWatcher + + // Check if cert manager is enabled + if env.CertManagerEnabled { + certificateWatcher = certificates.NewCertificateWatcher( mgr.GetAPIReader(), webhookBuilder.GetOptions().CertDir, env.PodNamespace, certCommon.SecretName, setupLog, - )) + ) + } else { + // Use the NoOpCertificateWatcher when cert manager is disabled + certificateWatcher = certificates.NewNoOpCertificateWatcher() + } + + webhookBuilder = webhookBuilder.SetCertificateWatcher(certificateWatcher) webhookBuilder.Register(mgr, nil) setupLog.Info("starting webhook") }