Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove scaffolding images #19

Merged
merged 5 commits into from
Jan 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 16 additions & 28 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,14 @@ jobs:
kubectl create ns create-cert
kubectl apply -f config/samples/rhtas_v1alpha1_securesign_cert_create.yaml -n create-cert

- name: Until shell script to wait for fulcio deployment to be created
#Deployment is done in iterations TUF should be the last one
- name: Until shell script to wait for tuf deployment to be created
run: |
timeout 120s bash -c 'until [ ! -z "$(kubectl get deployment fulcio-server -n test 2>/dev/null)" ]
timeout 120s bash -c 'until [ ! -z "$(kubectl get deployment tuf -n test 2>/dev/null)" ]
do
echo "Waiting for fulcio deployment to be created. Pods in test namespace:"
echo "Waiting for tuf deployment to be created. Pods in test namespace:"
kubectl get pods -n test
kubectl get rekor,fulcio,tuf,ctlog,trillian -n test
sleep 3
done'
shell: bash
Expand All @@ -106,31 +108,24 @@ jobs:
run: kubectl wait --for=condition=available deployment/trillian-logsigner --timeout=80s -n test

- name: Check for the deployment of trillian logserver
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=80s -n test

- name: wait for the createtree job to finish
run: kubectl wait --for=condition=complete job/create-tree --timeout=120s -n test

- name: wait for the create-tree-rekor job to finish
run: kubectl wait --for=condition=complete job/create-tree-rekor --timeout=120s -n test

- name: wait for create-config job to finish
run: kubectl wait --for=condition=complete job/create-config --timeout=120s -n test
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=200s -n test

- name: Check for the deployment of tuf
run: kubectl wait --for=condition=available deployment/tuf --timeout=120s -n test

- name: Check for the deployment of ctlog
run: kubectl wait --for=condition=available deployment/ctlog --timeout=120s -n test

- name: Until shell script to wait for fulcio deployment to be created
#Deployment is done in iterations TUF should be the last one
- name: Until shell script to wait for tuf deployment to be created
run: |
until [ ! -z "$(kubectl get deployment fulcio-server -n create-cert 2>/dev/null)" ]
timeout 120s bash -c 'until [ ! -z "$(kubectl get deployment tuf -n create-cert 2>/dev/null)" ]
do
echo "Waiting for fulcio deployment to be created. Pods in create-cert namespace:"
echo "Waiting for tuf deployment to be created. Pods in create-cert namespace:"
kubectl get pods -n create-cert
kubectl get rekor,fulcio,tuf,ctlog,trillian -n create-cert
sleep 3
done
done'
shell: bash

- name: Check the deployment of fulcio
Expand All @@ -146,16 +141,7 @@ jobs:
run: kubectl wait --for=condition=available deployment/trillian-logsigner --timeout=80s -n create-cert

- name: Check for the deployment of trillian logserver
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=80s -n create-cert

- name: wait for the createtree job to finish
run: kubectl wait --for=condition=complete job/create-tree --timeout=120s -n create-cert

- name: wait for the create-tree-rekor job to finish
run: kubectl wait --for=condition=complete job/create-tree-rekor --timeout=120s -n create-cert

- name: wait for create-config job to finish
run: kubectl wait --for=condition=complete job/create-config --timeout=120s -n create-cert
run: kubectl wait --for=condition=available deployment/trillian-logserver --timeout=200s -n create-cert

- name: Check for the deployment of tuf
run: kubectl wait --for=condition=available deployment/tuf --timeout=120s -n create-cert
Expand All @@ -169,5 +155,7 @@ jobs:
if: always()

- name: dump all deployments
run: kubectl get deployments -A
run: |
kubectl get deployments -A
kubectl get rekor,fulcio,tuf,ctlog,trillian -A
if: always()
20 changes: 19 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,25 @@ UnDeploy the controller from the cluster:
make undeploy
```

### Local Development
As a prerequisite you need to enable HTTP/2 on a single Ingress Controller. To enable HTTP/2 on an Ingress Controller, enter the oc annotate command:

```
$ oc -n openshift-ingress-operator annotate ingresscontrollers/<ingresscontroller_name> ingress.operator.openshift.io/default-enable-http2=true
```
Replace <ingresscontroller_name> with the name of the Ingress Controller to annotate.

#### Install the CRDs into the cluster:
```
make install
````

Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):
```
make run
```
NOTE: You can also run this in one step by running: make install run

## Contributing
// TODO(user): Add detailed information on how you would like others to contribute to this project

Expand All @@ -58,7 +77,6 @@ make install
```

2. Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):

```sh
make run
```
Expand Down
13 changes: 7 additions & 6 deletions api/v1alpha1/phase.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@ package v1alpha1
type Phase string

const (
PhaseNone Phase = ""
PhaseInitialization Phase = "Initialization"
PhaseReady Phase = "Ready"
PhasePending Phase = "Pending"
PhaseError Phase = "Error"
PhaseDuplicitResource = "DuplicitResource"
PhaseNone Phase = ""
PhaseCreating Phase = "Creating"

PhaseInitialize Phase = "Initialization"
PhaseReady Phase = "Ready"
PhasePending Phase = "Pending"
PhaseError Phase = "Error"
)
8 changes: 6 additions & 2 deletions api/v1alpha1/trillian_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,19 +27,23 @@ import (
type TrillianSpec struct {
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
// Important: Run "make" to regenerate code after modifying this file
PvcName string `json:"pvcName,omitempty"`
PvcName string `json:"pvcName,omitempty"`
External bool `json:"external,omitempty"`
}

// TrillianStatus defines the observed state of Trillian
type TrillianStatus struct {
Phase Phase `json:"phase"`
Url string `json:"url"`
TreeID int64 `json:"treeID"`
Phase Phase `json:"phase"`
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
}

//+kubebuilder:object:root=true
//+kubebuilder:subresource:status
//+kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase`,description="The component phase"
//+kubebuilder:printcolumn:name="URL",type=string,JSONPath=`.status.url`,description="The component url"

// Trillian is the Schema for the trillians API
type Trillian struct {
Expand Down
2 changes: 2 additions & 0 deletions config/crd/bases/rhtas.redhat.com_securesigns.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,8 @@ spec:
trillian:
description: TrillianSpec defines the desired state of Trillian
properties:
external:
type: boolean
lance marked this conversation as resolved.
Show resolved Hide resolved
pvcName:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of
cluster Important: Run "make" to regenerate code after modifying
Expand Down
13 changes: 13 additions & 0 deletions config/crd/bases/rhtas.redhat.com_trillians.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ spec:
jsonPath: .status.phase
name: Phase
type: string
- description: The component url
jsonPath: .status.url
name: URL
type: string
name: v1alpha1
schema:
openAPIV3Schema:
Expand All @@ -40,6 +44,8 @@ spec:
spec:
description: TrillianSpec defines the desired state of Trillian
properties:
external:
type: boolean
pvcName:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "make" to regenerate code after modifying this file'
Expand All @@ -50,8 +56,15 @@ spec:
properties:
phase:
type: string
treeID:
format: int64
type: integer
url:
type: string
required:
- phase
- treeID
- url
type: object
type: object
served: true
Expand Down
12 changes: 12 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -329,3 +329,15 @@ rules:
- get
- patch
- update
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
8 changes: 4 additions & 4 deletions config/samples/rhtas_v1alpha1_securesign.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ metadata:
name: securesign-sample
spec:
rekor:
external: true
external: false
keySecret: rekor-private-key
rekorCert:
create: false
fulcio:
external: true
external: false
keySecret: fulcio-secret-rh
oidcIssuers:
"http://keycloak-internal.keycloak-system.svc/auth/realms/sigstore":
Expand All @@ -27,5 +27,5 @@ spec:

trillian:
tuf:
external: true
ctlog:
external: false
ctlog:
6 changes: 3 additions & 3 deletions config/samples/rhtas_v1alpha1_securesign_cert_create.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ metadata:
name: securesign-sample
spec:
rekor:
external: true
external: false
keySecret: rekor-private-key
rekorCert:
create: true
fulcio:
external: true
external: false
keySecret: fulcio-secret-rh
oidcIssuers:
"http://keycloak-internal.keycloak-system.svc/auth/realms/sigstore":
Expand All @@ -31,4 +31,4 @@ spec:
trillian:
tuf:
external: true
ctlog:
ctlog:
6 changes: 6 additions & 0 deletions controllers/common/base_action.go
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
package common

import (
"github.com/go-logr/logr"
"k8s.io/client-go/tools/record"
"sigs.k8s.io/controller-runtime/pkg/client"
)

type BaseAction struct {
Client client.Client
Recorder record.EventRecorder
Logger logr.Logger
}

func (action *BaseAction) InjectClient(client client.Client) {
Expand All @@ -17,3 +19,7 @@ func (action *BaseAction) InjectClient(client client.Client) {
func (action *BaseAction) InjectRecorder(recorder record.EventRecorder) {
action.Recorder = recorder
}

func (action *BaseAction) InjectLogger(logger logr.Logger) {
action.Logger = logger
}
23 changes: 0 additions & 23 deletions controllers/common/utils/deployment.go

This file was deleted.

11 changes: 11 additions & 0 deletions controllers/common/utils/kubernetes/common.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package kubernetes

func FilterCommonLabels(labels map[string]string) map[string]string {
out := map[string]string{}
for key, value := range labels {
if key == "app.kubernetes.io/part-of" || key == "app.kubernetes.io/instance" {
out[key] = value
}
}
return out
}
18 changes: 18 additions & 0 deletions controllers/common/utils/kubernetes/config_map.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package kubernetes

import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func InitConfigmap(namespace string, name string, labels map[string]string, data map[string]string) *corev1.ConfigMap {
return &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Labels: labels,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if utilities like this should always inject a part-of label. Or maybe that's what's always passed in... Just wondering if having the part-of labels always added at the point of object creation would help with consistency. Take it or leave it. :)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's always passed in the labels map that is parsed by https://github.com/securesign/secure-sign-operator/blob/labels/controllers/common/utils/kubernetes/common.go#L6 but maybe it make sense to have it explicitly defined. 👍 WIll fix it.

},

Data: data,
}
}
23 changes: 23 additions & 0 deletions controllers/common/utils/kubernetes/deployment.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
package kubernetes

import (
"context"

v1 "k8s.io/api/apps/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)

func DeploymentIsRunning(ctx context.Context, cli client.Client, namespace string, labels map[string]string) (bool, error) {
var err error
list := &v1.DeploymentList{}

if err = cli.List(ctx, list, client.InNamespace(namespace), client.MatchingLabels(labels)); err != nil {
return false, err
}
for _, d := range list.Items {
if d.Status.ReadyReplicas != *d.Spec.Replicas {
return false, nil
}
}
return true, nil
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package utils
package kubernetes

import (
corev1 "k8s.io/api/core/v1"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package utils
package kubernetes

import (
routev1 "github.com/openshift/api/route/v1"
Expand All @@ -7,11 +7,12 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)

func CreateRoute(svc v1.Service, port string) *routev1.Route {
func CreateRoute(svc v1.Service, port string, labels map[string]string) *routev1.Route {
return &routev1.Route{
ObjectMeta: metav1.ObjectMeta{
Name: svc.Name,
Namespace: svc.Namespace,
Labels: labels,
},
Spec: routev1.RouteSpec{
To: routev1.RouteTargetReference{
Expand Down
Loading
Loading