Skip to content

Commit e13b03f

Browse files
tjololotjololo
committed
feat: enable certmanager for dis-apim-operator
chore: add release pipeline for dis-apim kustomize resources
1 parent 19f9e32 commit e13b03f

File tree

2 files changed

+183
-97
lines changed

2 files changed

+183
-97
lines changed

.github/workflows/dis-apim-kustomize-realease.yaml

+86
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
name: Build kustomize oci artifact for Dis APIM Operator
2+
3+
env:
4+
ARTIFACT_NAME: kustomize/dis-apim-operator
5+
6+
on:
7+
push:
8+
branches:
9+
- main
10+
paths:
11+
- 'services/dis-apim-operator/config/**'
12+
- '.github/workflows/dis-apim-kustomize-release.yaml'
13+
tags:
14+
- 'kustomize-dis-apim-*'
15+
16+
permissions:
17+
contents: read
18+
packages: write
19+
20+
jobs:
21+
latest:
22+
name: Build latest from main
23+
if: github.ref == 'refs/heads/main'
24+
defaults:
25+
run:
26+
working-directory: ./services/dis-apim-operator/config
27+
runs-on: ubuntu-latest
28+
steps:
29+
- name: Checkout
30+
uses: actions/checkout@v4
31+
- name: Setup vars
32+
id: vars
33+
run: |
34+
echo "reponame=${GITHUB_REPOSITORY,,}" >> ${GITHUB_OUTPUT}
35+
- name: Setup flux
36+
uses: fluxcd/flux2/action@3b42b200d376430f0e24d35f1a600447d92da531
37+
with:
38+
version: latest
39+
- name: Build latest artifact
40+
run: |
41+
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u USERNAME --password-stdin
42+
container_registry=ghcr.io/${{ steps.vars.outputs.reponame }}
43+
artifact_name=${{ env.ARTIFACT_NAME }}
44+
flux push artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
45+
--provider=generic \
46+
--reproducible \
47+
--path="." \
48+
--source="$(git config --get remote.origin.url)" \
49+
--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
50+
flux tag artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
51+
--provider=generic \
52+
--tag latest
53+
release:
54+
name: Build release from tag
55+
if: github.ref == 'refs/tags/kustomize-dis-apim-*'
56+
defaults:
57+
run:
58+
working-directory: ./services/dis-apim-operator/config
59+
runs-on: ubuntu-latest
60+
steps:
61+
- name: Checkout
62+
uses: actions/checkout@v4
63+
- name: Setup flux
64+
uses: fluxcd/flux2/action@3b42b200d376430f0e24d35f1a600447d92da531
65+
with:
66+
version: latest
67+
- name: Setup vars
68+
id: vars
69+
run: |
70+
tag=${GITHUB_REF/refs\/tags\/${{ env.ARTIFACT_NAME }}-/}
71+
echo "reponame=${GITHUB_REPOSITORY,,}" >> ${GITHUB_OUTPUT}
72+
echo "tag=${tag}" >> $GITHUB_OUTPUT
73+
- name: Build release artifact
74+
run: |
75+
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u USERNAME --password-stdin
76+
container_registry=ghcr.io/${{ steps.vars.outputs.reponame }}
77+
artifact_name=${{ env.ARTIFACT_NAME }}
78+
flux push artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
79+
--provider=generic \
80+
--reproducible \
81+
--path="." \
82+
--source="$(git config --get remote.origin.url)" \
83+
--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
84+
flux tag artifact oci://${container_registry}/${artifact_name}:$(git rev-parse --short HEAD) \
85+
--provider=generic \
86+
--tag ${{ steps.vars.outputs.tag }}

services/dis-apim-operator/config/default/kustomization.yaml

+97-97
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ resources:
2222
# crd/kustomization.yaml
2323
- ../webhook
2424
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
25-
#- ../certmanager
25+
- ../certmanager
2626
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
2727
#- ../prometheus
2828
# [METRICS] Expose the controller manager metrics service.
@@ -47,68 +47,68 @@ patches:
4747

4848
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
4949
# Uncomment the following replacements to add the cert-manager CA injection annotations
50-
#replacements:
51-
# - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
52-
# kind: Certificate
53-
# group: cert-manager.io
54-
# version: v1
55-
# name: serving-cert # This name should match the one in certificate.yaml
56-
# fieldPath: .metadata.namespace # Namespace of the certificate CR
57-
# targets:
58-
# - select:
59-
# kind: ValidatingWebhookConfiguration
60-
# fieldPaths:
61-
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
62-
# options:
63-
# delimiter: '/'
64-
# index: 0
65-
# create: true
66-
# - source:
67-
# kind: Certificate
68-
# group: cert-manager.io
69-
# version: v1
70-
# name: serving-cert # This name should match the one in certificate.yaml
71-
# fieldPath: .metadata.name
72-
# targets:
73-
# - select:
74-
# kind: ValidatingWebhookConfiguration
75-
# fieldPaths:
76-
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
77-
# options:
78-
# delimiter: '/'
79-
# index: 1
80-
# create: true
81-
#
82-
# - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
83-
# kind: Certificate
84-
# group: cert-manager.io
85-
# version: v1
86-
# name: serving-cert # This name should match the one in certificate.yaml
87-
# fieldPath: .metadata.namespace # Namespace of the certificate CR
88-
# targets:
89-
# - select:
90-
# kind: MutatingWebhookConfiguration
91-
# fieldPaths:
92-
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
93-
# options:
94-
# delimiter: '/'
95-
# index: 0
96-
# create: true
97-
# - source:
98-
# kind: Certificate
99-
# group: cert-manager.io
100-
# version: v1
101-
# name: serving-cert # This name should match the one in certificate.yaml
102-
# fieldPath: .metadata.name
103-
# targets:
104-
# - select:
105-
# kind: MutatingWebhookConfiguration
106-
# fieldPaths:
107-
# - .metadata.annotations.[cert-manager.io/inject-ca-from]
108-
# options:
109-
# delimiter: '/'
110-
# index: 1
111-
# create: true
50+
replacements:
51+
- source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
52+
kind: Certificate
53+
group: cert-manager.io
54+
version: v1
55+
name: serving-cert # This name should match the one in certificate.yaml
56+
fieldPath: .metadata.namespace # Namespace of the certificate CR
57+
targets:
58+
- select:
59+
kind: ValidatingWebhookConfiguration
60+
fieldPaths:
61+
- .metadata.annotations.[cert-manager.io/inject-ca-from]
62+
options:
63+
delimiter: '/'
64+
index: 0
65+
create: true
66+
- source:
67+
kind: Certificate
68+
group: cert-manager.io
69+
version: v1
70+
name: serving-cert # This name should match the one in certificate.yaml
71+
fieldPath: .metadata.name
72+
targets:
73+
- select:
74+
kind: ValidatingWebhookConfiguration
75+
fieldPaths:
76+
- .metadata.annotations.[cert-manager.io/inject-ca-from]
77+
options:
78+
delimiter: '/'
79+
index: 1
80+
create: true
81+
82+
- source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
83+
kind: Certificate
84+
group: cert-manager.io
85+
version: v1
86+
name: serving-cert # This name should match the one in certificate.yaml
87+
fieldPath: .metadata.namespace # Namespace of the certificate CR
88+
targets:
89+
- select:
90+
kind: MutatingWebhookConfiguration
91+
fieldPaths:
92+
- .metadata.annotations.[cert-manager.io/inject-ca-from]
93+
options:
94+
delimiter: '/'
95+
index: 0
96+
create: true
97+
- source:
98+
kind: Certificate
99+
group: cert-manager.io
100+
version: v1
101+
name: serving-cert # This name should match the one in certificate.yaml
102+
fieldPath: .metadata.name
103+
targets:
104+
- select:
105+
kind: MutatingWebhookConfiguration
106+
fieldPaths:
107+
- .metadata.annotations.[cert-manager.io/inject-ca-from]
108+
options:
109+
delimiter: '/'
110+
index: 1
111+
create: true
112112
#
113113
# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
114114
# kind: Certificate
@@ -141,37 +141,37 @@ patches:
141141
# index: 1
142142
# create: true
143143
#
144-
# - source: # Uncomment the following block if you enable cert-manager
145-
# kind: Service
146-
# version: v1
147-
# name: webhook-service
148-
# fieldPath: .metadata.name # Name of the service
149-
# targets:
150-
# - select:
151-
# kind: Certificate
152-
# group: cert-manager.io
153-
# version: v1
154-
# fieldPaths:
155-
# - .spec.dnsNames.0
156-
# - .spec.dnsNames.1
157-
# options:
158-
# delimiter: '.'
159-
# index: 0
160-
# create: true
161-
# - source:
162-
# kind: Service
163-
# version: v1
164-
# name: webhook-service
165-
# fieldPath: .metadata.namespace # Namespace of the service
166-
# targets:
167-
# - select:
168-
# kind: Certificate
169-
# group: cert-manager.io
170-
# version: v1
171-
# fieldPaths:
172-
# - .spec.dnsNames.0
173-
# - .spec.dnsNames.1
174-
# options:
175-
# delimiter: '.'
176-
# index: 1
177-
# create: true
144+
- source: # Uncomment the following block if you enable cert-manager
145+
kind: Service
146+
version: v1
147+
name: webhook-service
148+
fieldPath: .metadata.name # Name of the service
149+
targets:
150+
- select:
151+
kind: Certificate
152+
group: cert-manager.io
153+
version: v1
154+
fieldPaths:
155+
- .spec.dnsNames.0
156+
- .spec.dnsNames.1
157+
options:
158+
delimiter: '.'
159+
index: 0
160+
create: true
161+
- source:
162+
kind: Service
163+
version: v1
164+
name: webhook-service
165+
fieldPath: .metadata.namespace # Namespace of the service
166+
targets:
167+
- select:
168+
kind: Certificate
169+
group: cert-manager.io
170+
version: v1
171+
fieldPaths:
172+
- .spec.dnsNames.0
173+
- .spec.dnsNames.1
174+
options:
175+
delimiter: '.'
176+
index: 1
177+
create: true

0 commit comments

Comments
 (0)