From 6a63f1bc1e098c00317984e00c0aed95d6105687 Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 17:34:52 +0300 Subject: [PATCH 01/15] Simple operator-install check start --- .github/workflows/ci.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 031bf26..df3c082 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -20,3 +20,17 @@ jobs: - uses: actions/checkout@v4 - uses: azure/setup-helm@v4.1.0 - run: helm template mirrord-operator --set license.key=secret --debug + + operator-install: + runs-on: ubuntu-latest + name: helm install & check install + steps: + - uses: actions/checkout@v4 + - name: start minikube + uses: medyagh/setup-minikube@master + with: + container-runtime: ${{ inputs.container-runtime }} + cpus: 'max' + memory: '4gb' + - uses: azure/setup-helm@v4.1.0 + - run: helm install mirrord-operator ./mirrord-operator From 2932e7a7017dafda8f84f380d64dd79d93ef094c Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 17:43:09 +0300 Subject: [PATCH 02/15] Update --- .github/workflows/ci.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index df3c082..956d580 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,5 +32,6 @@ jobs: container-runtime: ${{ inputs.container-runtime }} cpus: 'max' memory: '4gb' + - run: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml - uses: azure/setup-helm@v4.1.0 - - run: helm install mirrord-operator ./mirrord-operator + - run: helm install mirrord-operator --set operator.disableTelemetries=true --set tls.certManager.enabled=true ./mirrord-operator From 421d863b084a98605ebc7722c6c2f5332cd488f7 Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 17:56:49 +0300 Subject: [PATCH 03/15] Update --- .github/workflows/ci.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 956d580..aa83563 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,4 +34,9 @@ jobs: memory: '4gb' - run: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml - uses: azure/setup-helm@v4.1.0 - - run: helm install mirrord-operator --set operator.disableTelemetries=true --set tls.certManager.enabled=true ./mirrord-operator + - run: | + helm install mirrord-operator \ + --set license.file.data."license\\.pem"="$MIRRORD_OPERATOR_LICENSE" \ + --set operator.disableTelemetries=true \ + --set tls.certManager.enabled=true \ + ./mirrord-operator From 5503e053a5762ee1f358420779a0427129e2771c Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 18:05:57 +0300 Subject: [PATCH 04/15] ? --- .github/workflows/ci.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index aa83563..32fcc68 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,9 +34,4 @@ jobs: memory: '4gb' - run: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml - uses: azure/setup-helm@v4.1.0 - - run: | - helm install mirrord-operator \ - --set license.file.data."license\\.pem"="$MIRRORD_OPERATOR_LICENSE" \ - --set operator.disableTelemetries=true \ - --set tls.certManager.enabled=true \ - ./mirrord-operator + - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.certManager.enabled=true ./mirrord-operator From c23a4d4ed002321c1d185656a42062e3e09074a2 Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 18:33:22 +0300 Subject: [PATCH 05/15] ? --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 32fcc68..0139547 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,6 +32,6 @@ jobs: container-runtime: ${{ inputs.container-runtime }} cpus: 'max' memory: '4gb' - - run: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml - uses: azure/setup-helm@v4.1.0 - - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.certManager.enabled=true ./mirrord-operator + - uses: kofemann/action-create-certificate@v0.0.4 + - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat hostkey.pem)" --set tls.data."tls\\.crt"="$(cat hostcert.pem)" ./mirrord-operator From 36b9965a29a477df6daa4ef2309dda22475d31bf Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 18:35:45 +0300 Subject: [PATCH 06/15] ? --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0139547..3ca41e4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,4 +34,4 @@ jobs: memory: '4gb' - uses: azure/setup-helm@v4.1.0 - uses: kofemann/action-create-certificate@v0.0.4 - - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat hostkey.pem)" --set tls.data."tls\\.crt"="$(cat hostcert.pem)" ./mirrord-operator + - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat ./hostkey.pem)" --set tls.data."tls\\.crt"="$(cat ./hostcert.pem)" ./mirrord-operator From 77317129c8e46444ce2ac6feb54101ceeaa7efbc Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 18:51:57 +0300 Subject: [PATCH 07/15] Create Certs --- .github/workflows/ca.conf | 12 ++++++++++++ .github/workflows/ci.yaml | 11 +++++++++-- .github/workflows/tls.conf | 19 +++++++++++++++++++ 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/ca.conf create mode 100644 .github/workflows/tls.conf diff --git a/.github/workflows/ca.conf b/.github/workflows/ca.conf new file mode 100644 index 0000000..0d744f2 --- /dev/null +++ b/.github/workflows/ca.conf @@ -0,0 +1,12 @@ +basicConstraints = CA:TRUE +keyUsage = cRLSign, keyCertSign + +[req] +distinguished_name = req_distinguished_name +prompt = no + +[req_distinguished_name] +C = US +O = MetalBear +emailAddress = ci@metalbear.co +CN = ci.metalbear.co diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3ca41e4..04fdb43 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,5 +33,12 @@ jobs: cpus: 'max' memory: '4gb' - uses: azure/setup-helm@v4.1.0 - - uses: kofemann/action-create-certificate@v0.0.4 - - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat ./hostkey.pem)" --set tls.data."tls\\.crt"="$(cat ./hostcert.pem)" ./mirrord-operator + - run: | + openssl genrsa -out ca.key 4096 + openssl genrsa -out tls.key 4096 + openssl req -x509 -new -sha512 -nodes -key ./ca.key -days 7307 -out ./ca.crt -config ./.github/workflows/ca.conf + openssl req -new -key ./tls.key -out ./tls.csr -config ./.github/workflows/tls.conf + openssl x509 -req -in ./tls.csr -CA ./ca.crt -CAkey ./ca.key \ + -CAcreateserial -out ./tls.crt -days 10000 \ + -extensions v3_req -extfile ./.github/workflows/tls.conf + - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator diff --git a/.github/workflows/tls.conf b/.github/workflows/tls.conf new file mode 100644 index 0000000..9027855 --- /dev/null +++ b/.github/workflows/tls.conf @@ -0,0 +1,19 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +x509_extensions = v3_req +distinguished_name = dn + +[dn] +C = US +O = MetalBear +emailAddress = ci@metalbear.co +CN = ci.metalbear.co + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = mirrord-operator.mirrord.svc +DNS.2 = mirrord-operator.mirrord.svc.cluster.local From fd7615a4b3d7660cff92bc0abb81a3e4ac9e6bef Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 18:53:42 +0300 Subject: [PATCH 08/15] Ops --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 04fdb43..a495e34 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -41,4 +41,4 @@ jobs: openssl x509 -req -in ./tls.csr -CA ./ca.crt -CAkey ./ca.key \ -CAcreateserial -out ./tls.crt -days 10000 \ -extensions v3_req -extfile ./.github/workflows/tls.conf - - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator + - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" --set tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator From 0324204091657863b09a4b3ef0afde911a7b37e0 Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 18:54:59 +0300 Subject: [PATCH 09/15] Wait? --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a495e34..06648f6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -41,4 +41,4 @@ jobs: openssl x509 -req -in ./tls.csr -CA ./ca.crt -CAkey ./ca.key \ -CAcreateserial -out ./tls.crt -days 10000 \ -extensions v3_req -extfile ./.github/workflows/tls.conf - - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" --set tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator + - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" --set tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator --wait From db269065e8da179fe603cf63d84b9818eca3491f Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Sun, 14 Apr 2024 19:01:02 +0300 Subject: [PATCH 10/15] Perform mirrord get operator status --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 06648f6..edbfda4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -42,3 +42,4 @@ jobs: -CAcreateserial -out ./tls.crt -days 10000 \ -extensions v3_req -extfile ./.github/workflows/tls.conf - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" --set tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator --wait + - run: kubectl get mirrordoperators.operator.metalbear.co operator -o yaml From 41318bd662dc1002632bc257e56486c668fd9a77 Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Mon, 15 Apr 2024 10:38:12 +0300 Subject: [PATCH 11/15] Let operator create tls for now --- .github/workflows/ca.conf | 12 ------------ .github/workflows/ci.yaml | 10 +--------- .github/workflows/tls.conf | 19 ------------------- 3 files changed, 1 insertion(+), 40 deletions(-) delete mode 100644 .github/workflows/ca.conf delete mode 100644 .github/workflows/tls.conf diff --git a/.github/workflows/ca.conf b/.github/workflows/ca.conf deleted file mode 100644 index 0d744f2..0000000 --- a/.github/workflows/ca.conf +++ /dev/null @@ -1,12 +0,0 @@ -basicConstraints = CA:TRUE -keyUsage = cRLSign, keyCertSign - -[req] -distinguished_name = req_distinguished_name -prompt = no - -[req_distinguished_name] -C = US -O = MetalBear -emailAddress = ci@metalbear.co -CN = ci.metalbear.co diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index edbfda4..4e62516 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,13 +33,5 @@ jobs: cpus: 'max' memory: '4gb' - uses: azure/setup-helm@v4.1.0 - - run: | - openssl genrsa -out ca.key 4096 - openssl genrsa -out tls.key 4096 - openssl req -x509 -new -sha512 -nodes -key ./ca.key -days 7307 -out ./ca.crt -config ./.github/workflows/ca.conf - openssl req -new -key ./tls.key -out ./tls.csr -config ./.github/workflows/tls.conf - openssl x509 -req -in ./tls.csr -CA ./ca.crt -CAkey ./ca.key \ - -CAcreateserial -out ./tls.crt -days 10000 \ - -extensions v3_req -extfile ./.github/workflows/tls.conf - - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true --set tls.data."tls\\.key"="$(cat tls.key)" --set tls.data."tls\\.crt"="$(cat tls.crt)" ./mirrord-operator --wait + - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true ./mirrord-operator --wait - run: kubectl get mirrordoperators.operator.metalbear.co operator -o yaml diff --git a/.github/workflows/tls.conf b/.github/workflows/tls.conf deleted file mode 100644 index 9027855..0000000 --- a/.github/workflows/tls.conf +++ /dev/null @@ -1,19 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -x509_extensions = v3_req -distinguished_name = dn - -[dn] -C = US -O = MetalBear -emailAddress = ci@metalbear.co -CN = ci.metalbear.co - -[v3_req] -subjectAltName = @alt_names - -[alt_names] -DNS.1 = mirrord-operator.mirrord.svc -DNS.2 = mirrord-operator.mirrord.svc.cluster.local From f12e5e17f277cdb1566fcff1310fc99fb02cb80b Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Mon, 15 Apr 2024 10:48:54 +0300 Subject: [PATCH 12/15] This should be empty --- mirrord-operator/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mirrord-operator/values.yaml b/mirrord-operator/values.yaml index b415c1c..9be209f 100644 --- a/mirrord-operator/values.yaml +++ b/mirrord-operator/values.yaml @@ -89,8 +89,8 @@ tls: certificate: mirrord-operator-tls data: - tls.key: "" - tls.crt: "" + # tls.key: "" + # tls.crt: "" # if you run on OpenShift, set this value to true to get a SCC in the yaml. openshift: false From 88f1e9addee78a5f7b7c8e065add581031465802 Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Mon, 15 Apr 2024 10:50:04 +0300 Subject: [PATCH 13/15] Object --- mirrord-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mirrord-operator/values.yaml b/mirrord-operator/values.yaml index 9be209f..387ff4b 100644 --- a/mirrord-operator/values.yaml +++ b/mirrord-operator/values.yaml @@ -88,7 +88,7 @@ tls: issuer: mirrord-operator-issuer certificate: mirrord-operator-tls - data: + data: {} # tls.key: "" # tls.crt: "" From 5357c16019baea0f139fdfaad0d5458dce529ace Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Mon, 15 Apr 2024 12:12:46 +0300 Subject: [PATCH 14/15] Retry? --- .github/workflows/ci.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4e62516..5ef4946 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,4 +34,9 @@ jobs: memory: '4gb' - uses: azure/setup-helm@v4.1.0 - run: helm install mirrord-operator --set license.file.data."license\\.pem"=$MIRRORD_OPERATOR_LICENSE --set operator.disableTelemetries=true ./mirrord-operator --wait - - run: kubectl get mirrordoperators.operator.metalbear.co operator -o yaml + - uses: nick-fields/retry@v3 + with: + timeout_seconds: 10 + max_attempts: 5 + retry_wait_seconds: 1 + command: kubectl get mirrordoperators.operator.metalbear.co operator -o yaml From 13efc45414c4ecbbc126015621a685ace4bc7f67 Mon Sep 17 00:00:00 2001 From: Dmitry Dodzin Date: Mon, 15 Apr 2024 14:39:10 +0300 Subject: [PATCH 15/15] Try --- mirrord-operator/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mirrord-operator/values.yaml b/mirrord-operator/values.yaml index 387ff4b..b415c1c 100644 --- a/mirrord-operator/values.yaml +++ b/mirrord-operator/values.yaml @@ -88,9 +88,9 @@ tls: issuer: mirrord-operator-issuer certificate: mirrord-operator-tls - data: {} - # tls.key: "" - # tls.crt: "" + data: + tls.key: "" + tls.crt: "" # if you run on OpenShift, set this value to true to get a SCC in the yaml. openshift: false