Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deploy shoot-cert-service on garden runtime cluster #314

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Deploy shoot-cert-service on garden runtime cluster #314

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f99c012
support ACME or CA as default issuer
MartinWeindel Dec 11, 2024
b564af7
forward extension class to controller
MartinWeindel Dec 11, 2024
6944e7b
adapt charts for deployment on runtime
MartinWeindel Dec 11, 2024
1a83a6e
separate charts for cert-management deployment on Garden runtime and …
MartinWeindel Dec 11, 2024
60a44e1
adapt shoot_cert_service actuator for deployment on runtime
MartinWeindel Dec 11, 2024
7ed39b6
address review feedback for validation
MartinWeindel Dec 16, 2024
160690f
cleanup network policy annotations in service
MartinWeindel Dec 17, 2024
8002d9a
Use `ExpectWithOffset`
MartinWeindel Dec 17, 2024
10a8ff3
Add controllers to watch garden and certificate resources on runtime …
MartinWeindel Jan 2, 2025
81d7278
Update documentation
MartinWeindel Jan 3, 2025
420ecb1
add e2e test for deployment on Garden runtime cluster
MartinWeindel Jan 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
/local
**/dev
/hack/tools/bin
/gardener

*.coverprofile
*.html
Expand Down
29 changes: 27 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ REPO_ROOT := $(shell dirname $(realpath $(lastword $(MAKEFILE_
HACK_DIR := $(REPO_ROOT)/hack
VERSION := $(shell cat "$(REPO_ROOT)/VERSION")
EFFECTIVE_VERSION := $(VERSION)-$(shell git rev-parse HEAD)
BUILD_DATE := $(shell date '+%Y-%m-%dT%H:%M:%S%z' | sed 's/\([0-9][0-9]\)$$/:\1/g')
LD_FLAGS := "-w $(shell bash $(GARDENER_HACK_DIR)/get-build-ld-flags.sh k8s.io/component-base $(REPO_ROOT)/VERSION $(EXTENSION_PREFIX))"
LEADER_ELECTION := false
IGNORE_OPERATION_ANNOTATION := true
Expand Down Expand Up @@ -74,19 +75,22 @@ tidy:
clean:
@$(shell find ./example -type f -name "controller-registration.yaml" -exec rm '{}' \;)
@bash $(GARDENER_HACK_DIR)/clean.sh ./cmd/... ./pkg/... ./test/...
@rm -f $(REPO_ROOT)/charts/internal/embedded-cert-management/templates/*

.PHONY: check-generate
check-generate:
@bash $(GARDENER_HACK_DIR)/check-generate.sh $(REPO_ROOT)

.PHONY: check
check: $(GOIMPORTS) $(GOLANGCI_LINT) $(HELM)
@bash $(GARDENER_HACK_DIR)/check.sh --golangci-lint-config=./.golangci.yaml ./cmd/... ./pkg/... ./test/...
@bash $(GARDENER_HACK_DIR)/check-charts.sh ./charts
#@bash $(GARDENER_HACK_DIR)/check.sh --golangci-lint-config=./.golangci.yaml ./cmd/... ./pkg/... ./test/...
#@bash $(GARDENER_HACK_DIR)/check-charts.sh ./charts
@GARDENER_HACK_DIR=$(GARDENER_HACK_DIR) $(REPO_ROOT)/hack/check-skaffold-deps.sh

.PHONY: generate
generate: $(CONTROLLER_GEN) $(GEN_CRD_API_REFERENCE_DOCS) $(HELM) $(MOCKGEN) $(YQ) $(VGOPATH)
@VGOPATH=$(VGOPATH) REPO_ROOT=$(REPO_ROOT) GARDENER_HACK_DIR=$(GARDENER_HACK_DIR) bash $(GARDENER_HACK_DIR)/generate-sequential.sh ./charts/... ./cmd/... ./pkg/... ./test/...
@$(REPO_ROOT)/hack/copy-templates-for-embedded-cert-management.sh
$(MAKE) format

.PHONY: format
Expand Down Expand Up @@ -118,3 +122,24 @@ verify: check format test sast

.PHONY: verify-extended
verify-extended: check-generate check format test-cov test-clean sast-report

.PHONY: test-e2e-local
test-e2e-local: $(KIND) $(YQ) $(GINKGO)
@$(REPO_ROOT)/hack/test-e2e-provider-local.sh --procs=3

.PHONY: extension-up
extension-up: export EXTENSION_VERSION = $(VERSION)
extension-up: export SKAFFOLD_DEFAULT_REPO = garden.local.gardener.cloud:5001
extension-up: export SKAFFOLD_PUSH = true
extension-up: export SOURCE_DATE_EPOCH = $(shell date -d $(BUILD_DATE) +%s)
extension-up: export LD_FLAGS = $(shell bash $(GARDENER_HACK_DIR)/get-build-ld-flags.sh k8s.io/component-base $(REPO_ROOT)/VERSION gardener-extension-shoot-cert-service $(BUILD_DATE))
extension-up: export EXTENSION_GARDENER_HACK_DIR = $(GARDENER_HACK_DIR)
extension-up: $(SKAFFOLD) $(HELM) $(KUBECTL)
$(SKAFFOLD) run --cache-artifacts=true

extension-down: $(KUBECTL)
kubectl get extop extension-shoot-cert-service -oyaml | yq eval '.spec.deployment.extension.values.gardenerCertificates.seed.enabled = false' | kubectl replace -f -
kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io gardener-extension-shoot-cert-service --ignore-not-found
kubectl -n garden annotate extension.extensions.gardener.cloud shoot-cert-service confirmation.gardener.cloud/deletion=true --overwrite || echo "ignored"
kubectl -n garden delete extension.extensions.gardener.cloud shoot-cert-service --ignore-not-found
$(SKAFFOLD) delete
28 changes: 25 additions & 3 deletions charts/gardener-extension-shoot-cert-service/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@
gardener-extension-shoot-cert-service
{{- end -}}

{{- define "clusterRoleName" -}}
{{- if .Values.gardener.runtimeCluster.enabled -}}
gardener-extension-shoot-cert-service-runtime
{{- else -}}
gardener-extension-shoot-cert-service
{{- end -}}
{{- end -}}

{{- define "certconfig" -}}
---
apiVersion: shoot-cert-service.extensions.config.gardener.cloud/v1alpha1
Expand All @@ -27,6 +35,7 @@ privateKeyDefaults:
sizeECDSA: {{ .Values.certificateConfig.privateKeyDefaults.sizeECDSA }}
{{- end }}
{{- end }}
{{- if .Values.certificateConfig.defaultIssuer.acme }}
acme:
email: {{ required ".Values.certificateConfig.defaultIssuer.acme.email is required" .Values.certificateConfig.defaultIssuer.acme.email }}
server: {{ required ".Values.certificateConfig.defaultIssuer.acme.server is required" .Values.certificateConfig.defaultIssuer.acme.server }}
Expand All @@ -47,12 +56,25 @@ acme:
deactivateAuthorizations: true
{{- end }}
{{- end }}
{{- if .Values.certificateConfig.defaultIssuer.ca }}
ca:
certificate: {{- toYaml (required ".Values.certificateConfig.defaultIssuer.ca.certificate is required" .Values.certificateConfig.defaultIssuer.ca.certificate) | indent 2 }}
certificateKey: {{- toYaml (required ".Values.certificateConfig.defaultIssuer.ca.certificateKey is required" .Values.certificateConfig.defaultIssuer.ca.certificateKey) | indent 2 }}
{{- if .Values.certificateConfig.caCertificates }}
caCertificates: {{- toYaml .Values.certificateConfig.caCertificates | indent 2 }}
{{- end }}
{{- end }}
{{- end }}

{{- define "image" -}}
{{- if hasPrefix "sha256:" .Values.image.tag }}
{{- printf "%s@%s" .Values.image.repository .Values.image.tag }}
{{- if .Values.skaffoldImage }}
{{- .Values.skaffoldImage }}
{{- else }}
{{- printf "%s:%s" .Values.image.repository .Values.image.tag }}
{{- if hasPrefix "sha256:" .Values.image.tag }}
{{- printf "%s@%s" .Values.image.repository .Values.image.tag }}
{{- else }}
{{- printf "%s:%s" .Values.image.repository .Values.image.tag }}
{{- end }}
{{- end }}
{{- end }}

Expand Down
4 changes: 4 additions & 0 deletions charts/gardener-extension-shoot-cert-service/templates/clusterfilters-logging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
{{- if not .Values.gardener.runtimeCluster.enabled }}
---
apiVersion: fluentbit.fluent.io/v1alpha2
kind: ClusterFilter
metadata:
Expand Down Expand Up @@ -26,3 +28,5 @@ spec:
rules:
- '$tag ^kubernetes\.var\.log\.containers\.(cert-controller-manager-.+?_.+?_shoot-cert-management-seed) user-exposed.$TAG true'
match: kubernetes.*
---
{{- end }}
4 changes: 4 additions & 0 deletions charts/gardener-extension-shoot-cert-service/templates/clusterparsers-logging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
{{- if not .Values.gardener.runtimeCluster.enabled }}
---
apiVersion: fluentbit.fluent.io/v1alpha2
kind: ClusterParser
metadata:
Expand All @@ -10,3 +12,5 @@ spec:
timeKey: time
timeFormat: "%Y-%m-%dT%H:%M:%S%z"
regex: '^time="(?<time>\d{4}-\d{2}-\d{2}T[^"]*)"\s+level=(?<severity>\w+)\smsg="(?<log>.*)"'
---
{{- end }}
Loading
Loading