diff --git a/.wordlist-md b/.wordlist-md index a651e77e..af5077a9 100644 --- a/.wordlist-md +++ b/.wordlist-md @@ -17,6 +17,7 @@ CICD CRD CRDs CheCluster +ClusterIssuer ClusterPolicy ClusterRoleBindings ClusterTask @@ -203,6 +204,7 @@ machineset microservices mig namespace +namespaced namespaces newman nfd diff --git a/openshift-cert-manager-operator/README.md b/openshift-cert-manager-operator/README.md index ad5d3027..61e9b59b 100644 --- a/openshift-cert-manager-operator/README.md +++ b/openshift-cert-manager-operator/README.md @@ -9,6 +9,9 @@ The current *overlays* available are for the following channels: * [stable-v1](operator/overlays/stable-v1) * [stable-v1.10](operator/overlays/stable-v1.10) * [stable-v1.11](operator/overlays/stable-v1.11) +* [stable-v1.12](operator/overlays/stable-v1.12) +* [stable-v1.13](operator/overlays/stable-v1.13) +* [stable-v1.14](operator/overlays/stable-v1.14) * [tech-preview](operator/overlays/tech-preview) ## Usage diff --git a/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/README.md b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/README.md new file mode 100644 index 00000000..791be945 --- /dev/null +++ b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/README.md @@ -0,0 +1,3 @@ +This is an example of ClusterIssuer resources for letsencrypt to use HTTP01 solver. Use of these prod and staging +cluster issuers requires valid DNS that will point letsencrypt servers to an ingress with which cert-manager can respond +from within OpenShift. diff --git a/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/kustomization.yaml b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/kustomization.yaml new file mode 100644 index 00000000..3f0e4f89 --- /dev/null +++ b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - letsencrypt-prod-cluster-issuer.yaml + - letsencrypt-staging-cluster-issuer.yaml diff --git a/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/letsencrypt-prod-cluster-issuer.yaml b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/letsencrypt-prod-cluster-issuer.yaml new file mode 100644 index 00000000..db21462c --- /dev/null +++ b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/letsencrypt-prod-cluster-issuer.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + # This key doesn't exist, cert-manager creates it + privateKeySecretRef: + name: letsencrypt-prod-account-key + server: 'https://acme-v02.api.letsencrypt.org/directory' + preferredChain: '' + solvers: + - http01: + ingress: + class: openshift-default diff --git a/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/letsencrypt-staging-cluster-issuer.yaml b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/letsencrypt-staging-cluster-issuer.yaml new file mode 100644 index 00000000..303957f1 --- /dev/null +++ b/openshift-cert-manager-operator/examples/letsencrypt-http01-cluster-issuer/letsencrypt-staging-cluster-issuer.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + # This key doesn't exist, cert-manager creates it + privateKeySecretRef: + name: letsencrypt-staging-account-key + server: 'https://acme-staging-v02.api.letsencrypt.org/directory' + preferredChain: '' + solvers: + - http01: + ingress: + class: openshift-default diff --git a/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/README.md b/openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/README.md similarity index 100% rename from openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/README.md rename to openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/README.md diff --git a/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml b/openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/kustomization.yaml similarity index 100% rename from openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/kustomization.yaml rename to openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/kustomization.yaml diff --git a/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-prod-cluster-issuer.yaml b/openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/letsencrypt-prod-cluster-issuer.yaml similarity index 100% rename from openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-prod-cluster-issuer.yaml rename to openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/letsencrypt-prod-cluster-issuer.yaml diff --git a/openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-staging-cluster-issuer.yaml b/openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/letsencrypt-staging-cluster-issuer.yaml similarity index 100% rename from openshift-cert-manager-operator/examples/letsencrypt-route53-issuer/letsencrypt-staging-cluster-issuer.yaml rename to openshift-cert-manager-operator/examples/letsencrypt-route53-cluster-issuer/letsencrypt-staging-cluster-issuer.yaml diff --git a/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/README.md b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/README.md new file mode 100644 index 00000000..a50c8a2d --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/README.md @@ -0,0 +1,4 @@ +This is an example of using cert-manager to generate a root CA for signing certificates. + +It works by creating a namespaced issuer (not ClusterIssuer) to generate the root certificate in the cert-manager +namespace. It then references the root certificate with a ClusterIssuer set to be a CA. \ No newline at end of file diff --git a/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/kustomization.yaml b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/kustomization.yaml new file mode 100644 index 00000000..87646862 --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - self-signed-root-issuer.yaml + - self-signed-ca-root.yaml + - self-signed-ca-cluster-issuer.yaml diff --git a/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-ca-cluster-issuer.yaml b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-ca-cluster-issuer.yaml new file mode 100644 index 00000000..c08f2037 --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-ca-cluster-issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: self-signed-ca +spec: + ca: + secretName: self-signed-ca-root diff --git a/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-ca-root.yaml b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-ca-root.yaml new file mode 100644 index 00000000..227f423a --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-ca-root.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: self-signed-ca-root + namespace: cert-manager +spec: + issuerRef: + group: cert-manager.io + kind: Issuer + name: self-signed-root + isCA: true + commonName: self-signed-ca-root + secretName: self-signed-ca-root + privateKey: + algorithm: ECDSA + size: 256 diff --git a/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-root-issuer.yaml b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-root-issuer.yaml new file mode 100644 index 00000000..71f26602 --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-ca-cluster-issuer/self-signed-root-issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: self-signed-root + namespace: cert-manager +spec: + selfSigned: {} diff --git a/openshift-cert-manager-operator/examples/self-signed-issuer/README.md b/openshift-cert-manager-operator/examples/self-signed-issuer/README.md new file mode 100644 index 00000000..2b86ce9c --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-issuer/README.md @@ -0,0 +1 @@ +This is an example of a cert-manager namespaced issuer (not ClusterIssuer) for generating self-signed certificates. \ No newline at end of file diff --git a/openshift-cert-manager-operator/examples/self-signed-issuer/kustomization.yaml b/openshift-cert-manager-operator/examples/self-signed-issuer/kustomization.yaml new file mode 100644 index 00000000..03cf62dd --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-issuer/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - self-signed-issuer.yaml diff --git a/openshift-cert-manager-operator/examples/self-signed-issuer/self-signed-issuer.yaml b/openshift-cert-manager-operator/examples/self-signed-issuer/self-signed-issuer.yaml new file mode 100644 index 00000000..addbef0d --- /dev/null +++ b/openshift-cert-manager-operator/examples/self-signed-issuer/self-signed-issuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: self-signed-issuer +spec: + selfSigned: {} diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.12/kustomization.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.12/kustomization.yaml new file mode 100644 index 00000000..1cc67843 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.12/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: openshift-cert-manager-operator + path: patch-channel.yaml diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.12/patch-channel.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.12/patch-channel.yaml new file mode 100644 index 00000000..10c71933 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.12/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: stable-v1.12 diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.13/kustomization.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.13/kustomization.yaml new file mode 100644 index 00000000..1cc67843 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.13/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: openshift-cert-manager-operator + path: patch-channel.yaml diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.13/patch-channel.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.13/patch-channel.yaml new file mode 100644 index 00000000..f6c364f1 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.13/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: stable-v1.13 diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.14/kustomization.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.14/kustomization.yaml new file mode 100644 index 00000000..1cc67843 --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.14/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../base + +patches: + - target: + kind: Subscription + name: openshift-cert-manager-operator + path: patch-channel.yaml diff --git a/openshift-cert-manager-operator/operator/overlays/stable-v1.14/patch-channel.yaml b/openshift-cert-manager-operator/operator/overlays/stable-v1.14/patch-channel.yaml new file mode 100644 index 00000000..34fe44ab --- /dev/null +++ b/openshift-cert-manager-operator/operator/overlays/stable-v1.14/patch-channel.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/channel + value: stable-v1.14