Add cert-manager component to cluster-api

HMC-36
K0rdent · Jun 19, 2024 · 721c8e6 · 721c8e6
1 parent 8ce544e
commit 721c8e6
Show file tree

Hide file tree

Showing 4 changed files with 9,757 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -59,7 +59,7 @@ hmc-chart-generate: kustomize helmify ## Generate hmc helm chart
 	$(KUSTOMIZE) build config/default | $(HELMIFY) templates/hmc
 
 .PHONY: templates-generate
-templates-generate:
+templates-generate: cert-manager
 	@hack/templates.sh
 
 .PHONY: generate-all
@@ -169,6 +169,18 @@ LOCAL_REGISTRY_REPO ?= oci://127.0.0.1:$(LOCAL_REGISTRY_PORT)/charts
 
 AWS_CREDENTIALS=${AWS_B64ENCODED_CREDENTIALS}
 
+CERT_MANAGER_VERSION ?= v1.15.0
+
+CERT_MANAGER_CONFIG_FOLDER ?= config/cert-manager
+CERT_MANAGER_MANIFESTS_FOLDER ?= $(CERT_MANAGER_CONFIG_FOLDER)/manifests
+CERT_MANAGER_KUSTOMIZATION_TEMPLATE ?= $(CERT_MANAGER_CONFIG_FOLDER)/kustomization.template.yaml
+CERT_MANAGER_KUSTOMIZATION_FILE ?= $(CERT_MANAGER_CONFIG_FOLDER)/kustomization.yaml
+
+CAPI_TEMPLATE_FOLDER ?= templates/cluster-api
+CAPI_TEMPLATE_CRDS_FOLDER ?= $(CAPI_TEMPLATE_FOLDER)/crds
+CERT_MANAGER_FILE ?= $(CAPI_TEMPLATE_FOLDER)/templates/cert-manager.yaml
+CERT_MANAGER_CRDS_FILE ?= $(CAPI_TEMPLATE_FOLDER)/crds/cert-manager.crds.yaml
+
 ifndef ignore-not-found
   ignore-not-found = false
 endif
@@ -206,6 +218,16 @@ registry-undeploy:
 helm-controller-deploy: helm
 	$(HELM) upgrade --install --create-namespace --set $(FLUX_CHART_VALUES) helm-controller $(FLUX_CHART_REPOSITORY) --version $(FLUX_CHART_VERSION) -n $(NAMESPACE)
 
+.PHONY: cert-manager
+cert-manager: yq
+	sed "s/CERT_MANAGER_VERSION/${CERT_MANAGER_VERSION}/g" $(CERT_MANAGER_KUSTOMIZATION_TEMPLATE) \
+		> $(CERT_MANAGER_KUSTOMIZATION_FILE); \
+	mkdir -p $(CERT_MANAGER_MANIFESTS_FOLDER) $(CAPI_TEMPLATE_CRDS_FOLDER) $(CERT_MANAGER_FOLDER); \
+	$(KUSTOMIZE) build config/cert-manager -o $(CERT_MANAGER_MANIFESTS_FOLDER); \
+	$(YQ) 'select(.kind == "CustomResourceDefinition")' $(CERT_MANAGER_MANIFESTS_FOLDER)/*.yaml > $(CERT_MANAGER_CRDS_FILE); \
+	$(YQ) 'select(.kind != "CustomResourceDefinition")' $(CERT_MANAGER_MANIFESTS_FOLDER)/*.yaml > $(CERT_MANAGER_FILE); \
+	rm -r $(CERT_MANAGER_KUSTOMIZATION_FILE) $(CERT_MANAGER_MANIFESTS_FOLDER)
+
 .PHONY: crd-install
 crd-install: generate-all kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f -

diff --git a/config/cert-manager/kustomization.template.yaml b/config/cert-manager/kustomization.template.yaml
@@ -0,0 +1,21 @@
+resources:
+- https://github.com/cert-manager/cert-manager/releases/download/CERT_MANAGER_VERSION/cert-manager.yaml
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- ../webhook
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
+#- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+- includeSelectors: true
+  pairs:
+    "app.kubernetes.io/managed-by": "Helm"
+
+commonAnnotations:
+  "meta.helm.sh/release-name": "cluster-api"
+  "meta.helm.sh/release-namespace": "hmc-system"
+