diff --git a/README.md b/README.md index 6d782302..c7c25dca 100644 --- a/README.md +++ b/README.md @@ -431,11 +431,8 @@ To do this, use the following command: helm install ocm-controller oci://ghcr.io/open-component-model/helm/ocm-controller --version v0.21.3 ``` -To optionally install cert-manager alongside with certificates configured to be ready to be used, run: - -``` -helm install ocm-controller oci://ghcr.io/open-component-model/helm/ocm-controller --set cert-manager.enabled=true -``` +This does require that certain items, like certificate secrets are pre-created by the user. +For details, checkout the prime-test-cluster scripts under the `hack` folder. ## Uninstall diff --git a/deploy/Chart.lock b/deploy/Chart.lock deleted file mode 100644 index fce9be00..00000000 --- a/deploy/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: cert-manager - repository: https://charts.jetstack.io - version: v1.14.5 -digest: sha256:c88105985e88b3fc049cab3541ec8f802c3d58455386e0390838d82ebff7dedf -generated: "2024-06-04T13:13:38.300834+02:00" diff --git a/deploy/Chart.yaml b/deploy/Chart.yaml index 8db153b0..feefd352 100644 --- a/deploy/Chart.yaml +++ b/deploy/Chart.yaml @@ -9,9 +9,3 @@ keywords: - ocm - open-component-model - kubernetes - -dependencies: - - name: cert-manager - version: v1.14.5 - repository: https://charts.jetstack.io - condition: cert-manager.enabled diff --git a/deploy/charts/cert-manager-v1.14.5.tgz b/deploy/charts/cert-manager-v1.14.5.tgz deleted file mode 100644 index 797364f5..00000000 Binary files a/deploy/charts/cert-manager-v1.14.5.tgz and /dev/null differ diff --git a/deploy/templates/cert-manager_namespace.yaml b/deploy/templates/cert-manager_namespace.yaml deleted file mode 100644 index e41b6407..00000000 --- a/deploy/templates/cert-manager_namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager - annotations: - "helm.sh/hook": pre-install -{{- end}} diff --git a/deploy/templates/cluster_issuer.yaml b/deploy/templates/cluster_issuer.yaml deleted file mode 100644 index e58daf07..00000000 --- a/deploy/templates/cluster_issuer.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: ocm-bootstrap-issuer - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "1" -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: ocm-bootstrap-certificate - namespace: cert-manager - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "1" # needs to happen AFTER the job run successfully -spec: - # this is discouraged but required by ios - commonName: cert-manager-ocm-tls - isCA: true - secretName: ocm-registry-tls-certs - subject: - organizations: - - ocm.software - dnsNames: - - registry.ocm-system.svc.cluster.local - - localhost - ipAddresses: - - 127.0.0.1 - - ::1 - privateKey: - algorithm: RSA - encoding: PKCS8 - size: 2048 - issuerRef: - name: ocm-bootstrap-issuer - kind: ClusterIssuer - group: cert-manager.io ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: ocm-certificate-issuer - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "1" -spec: - ca: - secretName: ocm-registry-tls-certs -{{- end}} diff --git a/deploy/templates/namespace.yaml b/deploy/templates/namespace.yaml deleted file mode 100644 index 6a5e02da..00000000 --- a/deploy/templates/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.global.namespace }} - annotations: - "helm.sh/hook": pre-install diff --git a/deploy/templates/ocm-system_certificate.yaml b/deploy/templates/ocm-system_certificate.yaml deleted file mode 100644 index 230e1315..00000000 --- a/deploy/templates/ocm-system_certificate.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: ocm-registry-tls-certs - namespace: {{ .Values.global.namespace }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "1" # needs to be applied after the wait for cert-manager job run successfully - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" -spec: - secretName: ocm-registry-tls-certs - dnsNames: - - registry.ocm-system.svc.cluster.local - - localhost - ipAddresses: - - 127.0.0.1 - - ::1 - privateKey: - algorithm: RSA - encoding: PKCS8 - size: 2048 - issuerRef: - name: ocm-certificate-issuer - kind: ClusterIssuer - group: cert-manager.io -{{- end}} diff --git a/deploy/templates/wait-for-cert-manager-role-binding.yaml b/deploy/templates/wait-for-cert-manager-role-binding.yaml deleted file mode 100644 index 0f73dd74..00000000 --- a/deploy/templates/wait-for-cert-manager-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: wait-for-cert-manager-rolebinding -subjects: - - kind: ServiceAccount - name: wait-for-cert-manager-sa - namespace: cert-manager -roleRef: - kind: ClusterRole - name: wait-for-cert-manager-role - apiGroup: rbac.authorization.k8s.io -{{- end}} diff --git a/deploy/templates/wait-for-cert-manager-role.yaml b/deploy/templates/wait-for-cert-manager-role.yaml deleted file mode 100644 index a98ba251..00000000 --- a/deploy/templates/wait-for-cert-manager-role.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: wait-for-cert-manager-role -rules: - - apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "list", "watch"] -{{- end}} diff --git a/deploy/templates/wait-for-cert-manager-service-account.yaml b/deploy/templates/wait-for-cert-manager-service-account.yaml deleted file mode 100644 index 0abd0231..00000000 --- a/deploy/templates/wait-for-cert-manager-service-account.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: wait-for-cert-manager-sa - namespace: cert-manager -{{- end}} diff --git a/deploy/templates/wait-for-cert-manager.yaml b/deploy/templates/wait-for-cert-manager.yaml deleted file mode 100644 index 7190f1b9..00000000 --- a/deploy/templates/wait-for-cert-manager.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: wait-for-cert-manager - namespace: cert-manager - labels: - app: {{ .Release.Name }}-wait-for-cert-manager - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - spec: - serviceAccountName: wait-for-cert-manager-sa - containers: - - name: wait-for-cert-manager - image: bitnami/kubectl:latest - command: - - /bin/sh - - -c - - | - kubectl wait --for=condition=Available=True Deployment/cert-manager -n cert-manager --timeout=60s - kubectl wait --for=condition=Available=True Deployment/cert-manager-webhook -n cert-manager --timeout=60s - kubectl wait --for=condition=Available=True Deployment/cert-manager-cainjector -n cert-manager --timeout=60s - restartPolicy: OnFailure -{{- end}} diff --git a/deploy/values.yaml b/deploy/values.yaml index 876688fc..6adefff2 100644 --- a/deploy/values.yaml +++ b/deploy/values.yaml @@ -3,13 +3,6 @@ global: namespace: ocm-system -cert-manager: - enabled: false - namespace: cert-manager - installCRDs: true - fullnameOverride: "cert-manager" # this is needed for the certificate issuer to not throw an unknown authority error - nameOverride: "cert-manager" # needed because otherwise it will call it `certManager` - registry: address: registry.ocm-system.svc.cluster.local:5000 tls: