Skip to content

Commit

Permalink
salt: move common olmv1 components to new folder
Browse files Browse the repository at this point in the history
  • Loading branch information
@eg-ayoub
eg-ayoub committed Dec 13, 2024
1 parent 978f2c1 commit c11f043
Show file tree
Hide file tree
Showing 10 changed files with 67 additions and 90 deletions.
3 changes: 3 additions & 0 deletions buildchain/buildchain/salt_tree.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,9 @@ def task(self) -> types.TaskDict:
Path("salt/metalk8s/addons/olm/catalogd/deployed/init.sls"),
Path("salt/metalk8s/addons/olm/catalogd/deployed/rbac.sls"),
Path("salt/metalk8s/addons/olm/catalogd/deployed/webhook.sls"),
Path("salt/metalk8s/addons/olm/common/deployed/cert.sls"),
Path("salt/metalk8s/addons/olm/common/deployed/init.sls"),
Path("salt/metalk8s/addons/olm/common/deployed/namespace.sls"),
Path("salt/metalk8s/addons/olm/operator-controller/deployed/cert.sls"),
Path("salt/metalk8s/addons/olm/operator-controller/deployed/crds.sls"),
Path("salt/metalk8s/addons/olm/operator-controller/deployed/init.sls"),
Expand Down
36 changes: 0 additions & 36 deletions salt/metalk8s/addons/olm/catalogd/deployed/cert.sls
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,5 @@
#!jinja | metalk8s_kubernetes

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: olmv1-ca
namespace: metalk8s-certs
spec:
commonName: olmv1-ca
isCA: true
issuerRef:
group: cert-manager.io
kind: Issuer
name: self-sign-issuer
privateKey:
algorithm: ECDSA
size: 256
secretName: olmv1-ca
secretTemplate:
annotations:
cert-manager.io/allow-direct-injection: "true"
---
apiVersion: cert-manager.io/v1
kind: Certificate
Expand All @@ -39,19 +19,3 @@ spec:
algorithm: ECDSA
size: 256
secretName: catalogd-service-cert-v1.0.0
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: olmv1-ca
spec:
ca:
secretName: olmv1-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-sign-issuer
namespace: metalk8s-certs
spec:
selfSigned: {}
2 changes: 2 additions & 0 deletions salt/metalk8s/addons/olm/catalogd/deployed/init.sls
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
include:
- ...common.deployed
- .crds
- .rbac
- .cert
Expand All @@ -15,6 +16,7 @@ Wait for the Catalogd Controller Manager deployment to be Ready:
- retry:
attempts: 30
- require:
- test: Deploy common OLMv1 components
- sls: metalk8s.addons.olm.catalogd.deployed.crds
- sls: metalk8s.addons.olm.catalogd.deployed.rbac
- sls: metalk8s.addons.olm.catalogd.deployed.cert
Expand Down
11 changes: 0 additions & 11 deletions salt/metalk8s/addons/olm/catalogd/deployed/rbac.sls
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,5 @@
#!jinja | metalk8s_kubernetes

---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/part-of: olm
pod-security.kubernetes.io/enforce: baseline
pod-security.kubernetes.io/enforce-version: latest
name: olmv1-system
annotations:
scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Exists", "effect": "NoSchedule", "key": "node-role.kubernetes.io/bootstrap"}, {"operator": "Exists", "effect": "NoSchedule", "key": "node-role.kubernetes.io/infra"}]'
---
apiVersion: v1
kind: ServiceAccount
Expand Down
38 changes: 38 additions & 0 deletions salt/metalk8s/addons/olm/common/deployed/cert.sls
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#!jinja | metalk8s_kubernetes

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: olmv1-ca
namespace: metalk8s-certs
spec:
commonName: olmv1-ca
isCA: true
issuerRef:
group: cert-manager.io
kind: Issuer
name: self-sign-issuer
privateKey:
algorithm: ECDSA
size: 256
secretName: olmv1-ca
secretTemplate:
annotations:
cert-manager.io/allow-direct-injection: "true"
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: olmv1-ca
spec:
ca:
secretName: olmv1-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-sign-issuer
namespace: metalk8s-certs
spec:
selfSigned: {}
9 changes: 9 additions & 0 deletions salt/metalk8s/addons/olm/common/deployed/init.sls
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
include:
- .namespace
- .cert

Deploy common OLMv1 components:
test.succeed_without_changes:
- require:
- sls: metalk8s.addons.olm.common.deployed.namespace
- sls: metalk8s.addons.olm.common.deployed.cert
13 changes: 13 additions & 0 deletions salt/metalk8s/addons/olm/common/deployed/namespace.sls
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!jinja | metalk8s_kubernetes

---
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/part-of: olm
pod-security.kubernetes.io/enforce: baseline
pod-security.kubernetes.io/enforce-version: latest
name: olmv1-system
annotations:
scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Exists", "effect": "NoSchedule", "key": "node-role.kubernetes.io/bootstrap"}, {"operator": "Exists", "effect": "NoSchedule", "key": "node-role.kubernetes.io/infra"}]'
33 changes: 0 additions & 33 deletions salt/metalk8s/addons/olm/operator-controller/deployed/cert.sls
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,5 @@
#!jinja | metalk8s_kubernetes

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: olmv1-ca
namespace: metalk8s-certs
spec:
commonName: olmv1-ca
isCA: true
issuerRef:
group: cert-manager.io
kind: Issuer
name: self-sign-issuer
privateKey:
algorithm: ECDSA
size: 256
secretName: olmv1-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
Expand All @@ -35,19 +18,3 @@ spec:
algorithm: ECDSA
size: 256
secretName: olmv1-cert
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: olmv1-ca
spec:
ca:
secretName: olmv1-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-sign-issuer
namespace: metalk8s-certs
spec:
selfSigned: {}
2 changes: 2 additions & 0 deletions salt/metalk8s/addons/olm/operator-controller/deployed/init.sls
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
include:
- ...common.deployed
- ...catalogd.deployed
- .crds
- .rbac
Expand All @@ -15,6 +16,7 @@ Wait for the Operator Controller Controller Manager Deployment to be Ready:
- retry:
attempts: 30
- require:
- test: Deploy common OLMv1 components
- test: Wait for the Catalogd Controller Manager deployment to be Ready
- sls: metalk8s.addons.olm.operator-controller.deployed.crds
- sls: metalk8s.addons.olm.operator-controller.deployed.rbac
Expand Down
10 changes: 0 additions & 10 deletions salt/metalk8s/addons/olm/operator-controller/deployed/rbac.sls
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,5 @@
#!jinja | metalk8s_kubernetes

---
apiVersion: v1
kind: Namespace
metadata:
labels:
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: latest
name: olmv1-system
annotations:
scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Exists", "effect": "NoSchedule", "key": "node-role.kubernetes.io/bootstrap"}, {"operator": "Exists", "effect": "NoSchedule", "key": "node-role.kubernetes.io/infra"}]'
---
apiVersion: v1
kind: ServiceAccount
Expand Down

0 comments on commit c11f043

Please sign in to comment.