Skip to content

Commit

Permalink
fix up Certificate integration
Browse files Browse the repository at this point in the history
The main aim here is to improve testing and to add other annotations
that weren't added in the open source PR.

This is a squashed commit of several:

- ensure logr calls have named args to prevent panics
- update RBAC to use certs rather than certreqs
- fix duration in smoke test, log when polling
- don't try to create secret, clean up tests
- fix lint error, allow more permissive algorithm specification
- change check for CRs to certs
- don't Own Secrets since we don't generate them
- add support for IP addresses + URIs for certs
- add most remaining annotations and improve integration/e2e tests
- remove readme notice
- remove create secrets permission
  • Loading branch information
SgtCoDFish committed Oct 2, 2024
1 parent b83ba20 commit d22d991
Show file tree
Hide file tree
Showing 8 changed files with 987 additions and 816 deletions.
8 changes: 0 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -143,14 +143,6 @@ After modifying the source code, you can execute the tests with:
go test ./...
```

To run the controller locally, export the location of your kubeconfig file:

```sh
export KUBECONFIG=$HOME/path/to/kubeconfig
# adjust namespace as necessary
go run internal/cmd/main.go --namespace cert-manager --enable-leader-election=false
```

# Why is This a Separate Project?

We do not wish to support non Kubernetes (or kubernetes-sigs) APIs in cert-manager core. This adds
Expand Down
12 changes: 10 additions & 2 deletions deploy/charts/openshift-routes/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ rules:
- apiGroups:
- cert-manager.io
resources:
- certificaterequests
- certificates
verbs:
- create
- get
Expand All @@ -41,11 +41,19 @@ rules:
- apiGroups:
- cert-manager.io
resources:
- certificaterequests/status
- certificates/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
Expand Down
12 changes: 7 additions & 5 deletions internal/cmd/app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,19 +69,21 @@ func Command() *cobra.Command {
return fmt.Errorf("connected to the Kubernetes API, but the Openshift Route v1 CRD does not appear to be installed")
}

// Check if v1 cert-manager CertificateRequests exist in the API server
apiServerHasCertificateRequests := false
// Check if v1 cert-manager Certificates exist in the API server
apiServerHasCertificates := false
cmResources, err := cl.Discovery().ServerResourcesForGroupVersion("cert-manager.io/v1")
if err != nil {
return fmt.Errorf("couldn't check if cert-manager.io/v1 exists in the kubernetes API: %w", err)
}

for _, r := range cmResources.APIResources {
if r.Kind == "CertificateRequest" {
apiServerHasCertificateRequests = true
if r.Kind == "Certificate" {
apiServerHasCertificates = true
break
}
}
if !apiServerHasCertificateRequests {

if !apiServerHasCertificates {
return fmt.Errorf("connected to the Kubernetes API, but the cert-manager v1 CRDs do not appear to be installed")
}

Expand Down
3 changes: 1 addition & 2 deletions internal/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import (
"github.com/go-logr/logr"
routev1 "github.com/openshift/api/route/v1"
routev1client "github.com/openshift/client-go/route/clientset/versioned"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
Expand Down Expand Up @@ -118,10 +117,10 @@ func AddToManager(mgr manager.Manager, opts *options.Options) error {
if err != nil {
return err
}

return builder.
ControllerManagedBy(mgr).
For(&routev1.Route{}).
Owns(&cmapi.Certificate{}).
Owns(&corev1.Secret{}).
Complete(controller)
}
Loading

0 comments on commit d22d991

Please sign in to comment.