Prepare OLM bundle

.github/workflows/main.yml

@@ -76,12 +76,12 @@ jobs:
           kubectl create ns test
           kubectl -n test create secret generic fulcio-secret-rh --from-file=private=./ci/certs/file_ca_key.pem --from-file=public=./ci/certs/file_ca_pub.pem --from-file=cert=./ci/certs/fulcio-root.pem  --from-literal=password=secure
           kubectl -n test create secret generic rekor-private-key --from-file=private=./ci/certs/rekor_key.pem
-          kubectl apply -f config/samples/rhtas_v1alpha1_securesign.yaml -n test
+          kubectl apply -f ci/resources/securesign.yaml -n test
 
       - name: Apply sample config that generates certifcates
         run: |
           kubectl create ns create-cert
-          kubectl apply -f config/samples/rhtas_v1alpha1_securesign_cert_create.yaml -n create-cert
+          kubectl apply -f ci/resources/cert_create.yaml -n create-cert
 
       - name: Until shell script to wait for fulcio deployment to be created
         run: |

api/v1alpha1/ctlog_types.go

@@ -7,11 +7,11 @@ import (
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 
-// CTlogSpec defines the desired state of CTlog
+// CTlogSpec defines the desired state of CTlog component
 type CTlogSpec struct {
 }
 
-// CTlogStatus defines the observed state of CTlog
+// CTlogStatus defines the observed state of CTlog component
 type CTlogStatus struct {
 	Phase Phase `json:"phase"`
 }

api/v1alpha1/fulcio_types.go

@@ -9,10 +9,14 @@ import (
 
 // FulcioSpec defines the desired state of Fulcio
 type FulcioSpec struct {
-	External    bool                  `json:"external,omitempty"`
-	KeySecret   string                `json:"keySecret,omitempty"`
-	OidcIssuers map[string]OidcIssuer `json:"oidcIssuers,omitempty"`
-	FulcioCert  FulcioCert            `json:"fulcioCert,omitempty"`
+	// Define whether you want to export service or not
+	External bool `json:"external,omitempty"`
+	// Enter secret name with your keys and certificate
+	KeySecret string `json:"keySecret,omitempty"`
+	// OIDC issuer configuration
+	OidcIssuers map[string]OidcIssuer `json:"oidcIssuers"`
+	// Certificate configuration if you want to generate one
+	FulcioCert FulcioCert `json:"fulcioCert,omitempty"`
 }
 
 type FulcioCert struct {

api/v1alpha1/rekor_types.go

@@ -9,9 +9,13 @@ import (
 
 // RekorSpec defines the desired state of Rekor
 type RekorSpec struct {
-	External  bool      `json:"external,omitempty"`
-	KeySecret string    `json:"keySecret,omitempty"`
-	PvcName   string    `json:"pvcName,omitempty"`
+	// Define whether you want to export service or not
+	External bool `json:"external,omitempty"`
+	// Enter secret name with your keys and certificate
+	KeySecret string `json:"keySecret,omitempty"`
+	// Persistent volume claim name to bound with Rekor component
+	PvcName string `json:"pvcName,omitempty"`
+	// Certificate configuration if you want to generate one
 	RekorCert RekorCert `json:"rekorCert,omitempty"`
 }
 

api/v1alpha1/securesign_types.go

@@ -25,10 +25,6 @@ import (
 
 // SecuresignSpec defines the desired state of Securesign
 type SecuresignSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-
-	// Foo is an example field of Securesign. Edit securesign_types.go to remove/update
 	Rekor    RekorSpec    `json:"rekor,omitempty"`
 	Fulcio   FulcioSpec   `json:"fulcio,omitempty"`
 	Trillian TrillianSpec `json:"trillian,omitempty"`

api/v1alpha1/trillian_types.go

@@ -20,21 +20,20 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // TrillianSpec defines the desired state of Trillian
 type TrillianSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
+	// Define your database connection
+	Db TrillianDB `json:"database,omitempty"`
+}
+
+type TrillianDB struct {
+	// Persistent volume claim name to bound with Trillian DB
 	PvcName string `json:"pvcName,omitempty"`
 }
 
 // TrillianStatus defines the observed state of Trillian
 type TrillianStatus struct {
 	Phase Phase `json:"phase"`
-	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
 }
 
 //+kubebuilder:object:root=true

api/v1alpha1/tuf_types.go

@@ -9,6 +9,7 @@ import (
 
 // TufSpec defines the desired state of Tuf
 type TufSpec struct {
+	// Define whether you want to export service or not
 	External bool `json:"external,omitempty"`
 }
 

bundle/manifests/rhtas.redhat.com_ctlogs.yaml

@@ -0,0 +1,60 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  creationTimestamp: null
+  name: ctlogs.rhtas.redhat.com
+spec:
+  group: rhtas.redhat.com
+  names:
+    kind: CTlog
+    listKind: CTlogList
+    plural: ctlogs
+    singular: ctlog
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: The component phase
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: CTlog is the Schema for the ctlogs API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CTlogSpec defines the desired state of CTlog component
+            type: object
+          status:
+            description: CTlogStatus defines the observed state of CTlog component
+            properties:
+              phase:
+                type: string
+            required:
+            - phase
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null

bundle/manifests/rhtas.redhat.com_fulcios.yaml

@@ -0,0 +1,103 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  creationTimestamp: null
+  name: fulcios.rhtas.redhat.com
+spec:
+  group: rhtas.redhat.com
+  names:
+    kind: Fulcio
+    listKind: FulcioList
+    plural: fulcios
+    singular: fulcio
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: The component phase
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: The component url
+      jsonPath: .status.url
+      name: URL
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Fulcio is the Schema for the fulcios API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FulcioSpec defines the desired state of Fulcio
+            properties:
+              external:
+                description: Define whether you want to export service or not
+                type: boolean
+              fulcioCert:
+                description: Certificate configuration if you want to generate one
+                properties:
+                  certPassword:
+                    type: string
+                  create:
+                    type: boolean
+                  organizationEmail:
+                    type: string
+                  organizationName:
+                    type: string
+                required:
+                - create
+                type: object
+              keySecret:
+                description: Enter secret name with your keys and certificate
+                type: string
+              oidcIssuers:
+                additionalProperties:
+                  properties:
+                    ClientID:
+                      type: string
+                    IssuerURL:
+                      type: string
+                    Type:
+                      type: string
+                  required:
+                  - ClientID
+                  - IssuerURL
+                  - Type
+                  type: object
+                description: OIDC issuer configuration
+                type: object
+            required:
+            - oidcIssuers
+            type: object
+          status:
+            description: FulcioStatus defines the observed state of Fulcio
+            properties:
+              phase:
+                type: string
+              url:
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null

bundle/manifests/rhtas.redhat.com_rekors.yaml

@@ -0,0 +1,82 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  creationTimestamp: null
+  name: rekors.rhtas.redhat.com
+spec:
+  group: rhtas.redhat.com
+  names:
+    kind: Rekor
+    listKind: RekorList
+    plural: rekors
+    singular: rekor
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: The component phase
+      jsonPath: .status.phase
+      name: Phase
+      type: string
+    - description: The component url
+      jsonPath: .status.url
+      name: URL
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Rekor is the Schema for the rekors API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RekorSpec defines the desired state of Rekor
+            properties:
+              external:
+                description: Define whether you want to export service or not
+                type: boolean
+              keySecret:
+                description: Enter secret name with your keys and certificate
+                type: string
+              pvcName:
+                description: Persistent volume claim name to bound with Rekor component
+                type: string
+              rekorCert:
+                description: Certificate configuration if you want to generate one
+                properties:
+                  create:
+                    type: boolean
+                required:
+                - create
+                type: object
+            type: object
+          status:
+            description: RekorStatus defines the observed state of Rekor
+            properties:
+              phase:
+                type: string
+              url:
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: null
+  storedVersions: null