From 9dbb0533631029b36e713d92cf4244697b457dd7 Mon Sep 17 00:00:00 2001 From: Owen Howard Date: Tue, 3 Sep 2024 15:21:11 +0100 Subject: [PATCH] Add Cert Manager operator (#8) Revisions: - https://github.com/openshift/cert-manager-operator/commit/4e8c72243a93dc0b8709a4f00f567943584d3556 --- ...er-operator.v1.14.0-2024-08-09-204321.yaml | 356 ++++++++++++++++++ .../cert-manager-operator.yaml | 10 + 2 files changed, 366 insertions(+) create mode 100644 catalog/cert-manager-operator/cert-manager-operator.v1.14.0-2024-08-09-204321.yaml create mode 100644 catalog/cert-manager-operator/cert-manager-operator.yaml diff --git a/catalog/cert-manager-operator/cert-manager-operator.v1.14.0-2024-08-09-204321.yaml b/catalog/cert-manager-operator/cert-manager-operator.v1.14.0-2024-08-09-204321.yaml new file mode 100644 index 0000000..6f00343 --- /dev/null +++ b/catalog/cert-manager-operator/cert-manager-operator.v1.14.0-2024-08-09-204321.yaml @@ -0,0 +1,356 @@ +--- +image: quay.io/okderators/cert-manager-operator-bundle:1.14.0-2024-08-09-204321 +name: cert-manager-operator.v1.14.0-2024-08-09-204321 +package: cert-manager-operator +properties: +- type: olm.gvk + value: + group: acme.cert-manager.io + kind: Challenge + version: v1 +- type: olm.gvk + value: + group: acme.cert-manager.io + kind: Order + version: v1 +- type: olm.gvk + value: + group: cert-manager.io + kind: Certificate + version: v1 +- type: olm.gvk + value: + group: cert-manager.io + kind: CertificateRequest + version: v1 +- type: olm.gvk + value: + group: cert-manager.io + kind: ClusterIssuer + version: v1 +- type: olm.gvk + value: + group: cert-manager.io + kind: Issuer + version: v1 +- type: olm.gvk + value: + group: operator.openshift.io + kind: CertManager + version: v1alpha1 +- type: olm.package + value: + packageName: cert-manager-operator + version: 1.14.0-2024-08-09-204321 +- type: olm.csv.metadata + value: + annotations: + alm-examples: |- + [ + { + "apiVersion": "acme.cert-manager.io/v1", + "kind": "Challenge", + "metadata": { + "name": "tls-cert-sample", + "namespace": "default" + }, + "spec": { + "authorizationURL": "https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/XXXXX", + "dnsName": "sample.dns.name", + "issuerRef": { + "kind": "Issuer", + "name": "letsencrypt-staging" + }, + "key": "XXX", + "solver": { + "dns01": { + "route53": { + "accessKeyID": "XXX", + "hostedZoneID": "XXX", + "region": "us-east-1", + "secretAccessKeySecretRef": { + "key": "awsSecretAccessKey", + "name": "aws-secret" + } + } + }, + "selector": { + "dnsNames": [ + "sample.dns.name" + ] + } + }, + "token": "XXX", + "type": "DNS-01", + "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/XXXXXX/XXXXX", + "wildcard": false + } + }, + { + "apiVersion": "acme.cert-manager.io/v1", + "kind": "Order", + "metadata": { + "annotations": { + "cert-manager.io/certificate-name": "tls-cert", + "cert-manager.io/certificate-revision": "1", + "cert-manager.io/private-key-secret-name": "tls-cert-sample" + }, + "name": "tls-cert-sample", + "namespace": "default" + }, + "spec": { + "commonName": "sample.dns.name", + "dnsNames": [ + "sample.dns.name" + ], + "issuerRef": { + "kind": "Issuer", + "name": "letsencrypt-staging" + }, + "request": "XXX" + } + }, + { + "apiVersion": "cert-manager.io/v1", + "kind": "Certificate", + "metadata": { + "name": "selfsigned-ca", + "namespace": "default" + }, + "spec": { + "commonName": "selfsigned-ca.dns.name", + "isCA": true, + "issuerRef": { + "group": "cert-manager.io", + "kind": "ClusterIssuer", + "name": "selfsigned-issuer" + }, + "privateKey": { + "algorithm": "ECDSA", + "size": 256 + }, + "secretName": "ca-root-secret" + } + }, + { + "apiVersion": "cert-manager.io/v1", + "kind": "Certificate", + "metadata": { + "name": "tls-cert", + "namespace": "default" + }, + "spec": { + "commonName": "sample.dns.name", + "dnsNames": [ + "sample.dns.name" + ], + "isCA": false, + "issuerRef": { + "kind": "Issuer", + "name": "letsencrypt-staging" + }, + "secretName": "tls-cert" + } + }, + { + "apiVersion": "cert-manager.io/v1", + "kind": "CertificateRequest", + "metadata": { + "annotations": { + "cert-manager.io/certificate-name": "tls-cert", + "cert-manager.io/certificate-revision": "1", + "cert-manager.io/private-key-secret-name": "tls-cert-sample" + }, + "name": "tls-cert-sample", + "namespace": "default" + }, + "spec": { + "groups": [ + "system:serviceaccounts", + "system:serviceaccounts:cert-manager", + "system:authenticated" + ], + "issuerRef": { + "kind": "Issuer", + "name": "letsencrypt-staging" + }, + "request": "XXX", + "username": "system:serviceaccount:cert-manager:cert-manager" + } + }, + { + "apiVersion": "cert-manager.io/v1", + "kind": "ClusterIssuer", + "metadata": { + "name": "selfsigned-issuer" + }, + "spec": { + "selfSigned": {} + } + }, + { + "apiVersion": "cert-manager.io/v1", + "kind": "Issuer", + "metadata": { + "name": "ca-issuer", + "namespace": "default" + }, + "spec": { + "ca": { + "secretName": "ca-root-secret" + } + } + }, + { + "apiVersion": "cert-manager.io/v1", + "kind": "Issuer", + "metadata": { + "name": "letsencrypt-staging", + "namespace": "default" + }, + "spec": { + "acme": { + "email": "aos-ci-cd@redhat.com", + "privateKeySecretRef": { + "name": "letsencrypt-staging" + }, + "server": "https://acme-staging-v02.api.letsencrypt.org/directory", + "solvers": [ + { + "dns01": { + "route53": { + "accessKeyID": "\u003cACCESS_KEY_ID\u003e", + "hostedZoneID": "\u003cHOSTED_ZONE_ID\u003e", + "region": "\u003cAWS_REGION\u003e", + "secretAccessKeySecretRef": { + "key": "access-key", + "name": "sample-aws-secret" + } + } + }, + "selector": { + "dnsNames": [ + "sample.dns.name" + ] + } + } + ] + } + } + }, + { + "apiVersion": "operator.openshift.io/v1alpha1", + "kind": "CertManager", + "metadata": { + "name": "cluster" + }, + "spec": { + "logLevel": "Normal", + "managementState": "Managed" + } + } + ] + capabilities: Seamless Upgrades + categories: Security + console.openshift.io/disable-operand-delete: "true" + containerImage: quay.io/okderators/cert-manager-operator:1.14.0-2024-08-09-204321 + createdAt: 2023-03-03T00:00:00 + features.operators.openshift.io/disconnected: "false" + features.operators.openshift.io/fips-compliant: "true" + features.operators.openshift.io/proxy-aware: "true" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "true" + features.operators.openshift.io/token-auth-azure: "true" + features.operators.openshift.io/token-auth-gcp: "true" + olm.skipRange: '>=1.13.1 <1.14.0' + operator.openshift.io/uninstall-message: The cert-manager Operator OKD will + be removed from cert-manager-operator namespace. If your Operator configured + any off-cluster resources, these will continue to run and require manual cleanup. + All operands created by the operator will need to be manually cleaned up. + Please refer to https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/cert-manager-operator-uninstall.html + for additional steps. + operatorframework.io/cluster-monitoring: "true" + operatorframework.io/suggested-namespace: cert-manager-operator + operators.openshift.io/infrastructure-features: '["proxy-aware"]' + operators.operatorframework.io/builder: operator-sdk-v1.25.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/openshift/cert-manager-operator + support: OKD Community + apiServiceDefinitions: {} + crdDescriptions: + owned: + - kind: CertificateRequest + name: certificaterequests.cert-manager.io + version: v1 + - kind: Certificate + name: certificates.cert-manager.io + version: v1 + - description: CertManager is the Schema for the certmanagers API + displayName: CertManager + kind: CertManager + name: certmanagers.operator.openshift.io + version: v1alpha1 + - kind: Challenge + name: challenges.acme.cert-manager.io + version: v1 + - kind: ClusterIssuer + name: clusterissuers.cert-manager.io + version: v1 + - kind: Issuer + name: issuers.cert-manager.io + version: v1 + - kind: Order + name: orders.acme.cert-manager.io + version: v1 + description: | + The cert-manager Operator for OKD provides seamless support for [cert-manager v1.14.5](https://github.com/cert-manager/cert-manager/tree/v1.14.5), which automates certificate management. + For more information, see the [cert-manager Operator for OKD documentation](https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html). + displayName: cert-manager Operator for OKD + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - cert-manager + - cert-manager-operator + - cert + - certificates + - security + - TLS + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/arch.ppc64le: supported + operatorframework.io/arch.s390x: supported + operatorframework.io/os.linux: supported + links: + - name: Documentation + url: https://github.com/openshift/cert-manager-operator/blob/master/README.md + maintainers: + - email: support@redhat.com + name: Red Hat Support + maturity: stable + minKubeVersion: 1.25.0 + provider: + name: OKD Community +relatedImages: +- image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 + name: "" +- image: quay.io/jetstack/cert-manager-acmesolver:v1.14.5 + name: cert-manager-acmesolver +- image: quay.io/jetstack/cert-manager-cainjector:v1.14.5 + name: cert-manager-ca-injector +- image: quay.io/jetstack/cert-manager-controller:v1.14.5 + name: cert-manager-controller +- image: quay.io/jetstack/cert-manager-webhook:v1.14.5 + name: cert-manager-webhook +- image: quay.io/okderators/cert-manager-operator-bundle:1.14.0-2024-08-09-204321 + name: "" +- image: quay.io/okderators/cert-manager-operator:1.14.0-2024-08-09-204321 + name: "" +schema: olm.bundle diff --git a/catalog/cert-manager-operator/cert-manager-operator.yaml b/catalog/cert-manager-operator/cert-manager-operator.yaml new file mode 100644 index 0000000..84915c0 --- /dev/null +++ b/catalog/cert-manager-operator/cert-manager-operator.yaml @@ -0,0 +1,10 @@ +--- +schema: olm.package +name: cert-manager-operator +defaultChannel: alpha +--- +schema: olm.channel +package: cert-manager-operator +name: alpha +entries: + - name: cert-manager-operator.v1.14.0-2024-08-09-204321 \ No newline at end of file