Skip to content

Commit

Permalink
Add support for builds v1beta1 api and conversion webhook
Browse files Browse the repository at this point in the history 
- Update release.yaml with nightly release
- Add cert-manager as shipwright operator dependency
- ReconcileCertManager to generate ssl key pair for the webhook
- Generate rbac, manifests and bundle
- update doc
  • Loading branch information
@jkhelil
jkhelil committed Sep 19, 2023
1 parent bc1ab18 commit 722e1d9
Show file tree
Hide file tree
Showing 22 changed files with 12,648 additions and 8,110 deletions.
12 changes: 11 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ Once OLM has been deployed, use the following command to install the latest oper
$ kubectl apply -f https://operatorhub.io/install/shipwright-operator.yaml
```

## OLM Dependencies
When installed via OLM using the provided SHipwright Operator Bundle, the Shipwright operator has two dependencies to:
- The Tekton operator needed by the Shipright Build Controller
- The Cert-Manager operator needed in case you delegate to the Shipwright operator the ssl certificates management of the Shipwright Conversion webhook
The two operators are then installed automatically by OLM.

## Usage

To deploy and manage [Shipwright Builds](https://github.com/shipwright-io/build) in your cluster,
Expand All @@ -36,11 +42,15 @@ Refer to the [ShipwrightBuild documentation](docs/shipwrightbuild.md) for more i

The operator handles differents environment variables to customize Shiprwright controller installation:
- KO_DATA_PATH : defines the shipwright controller manifest to install
- USE_MANAGED_WEBHOOK_CERTS: defines wether the webook ssl certificate is installed by the operator. It requires cert-manager to be installed in the cluster.
- IMAGE_SHIPWRIGHT_SHIPWRIGHT_BUILD : defines the Shipwright Build Controller Image to use
- IMAGE_SHIPWRIGHT_GIT_CONTAINER_IMAGE: defines the Shipwright Git Container Image to use
- IMAGE_SHIPWRIGHT_MUTATE_IMAGE_CONTAINER_IMAGE: defines the Shipwright Mutate Image to use
- IMAGE_SHIPWRIGHT_IMAGE_PROCESSING_CONTAINER_IMAGE: defines the Shipwright Processing Image to use
- IMAGE_SHIPWRIGHT_BUNDLE_CONTAINER_IMAGE: defines the Shipwright Bundle Image to use
- IMAGE_SHIPWRIGHT_WAITER_CONTAINER_IMAGE: defines the Shipwright Waiter Image to use
- IMAGE_SHIPWRIGHT_SHIPWRIGHT_BUILD_WEBHOOK: defines the Shipwright Build Webhook Image to use

For more information about the function of these images, please consider the Shipwright Build doc https://github.com/shipwright-io/build/blob/main/docs/configuration.md

## Contributing

Expand Down
174 changes: 174 additions & 0 deletions bundle/manifests/shipwright-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ spec:
- kind: TektonConfig
name: tektonconfigs.operator.tekton.dev
version: v1alpha1
- kind: Certificate
name: certificates.cert-manager.io
version: v1
description: |
Shipwright is a framework for building container images on Kubernetes.
Expand Down Expand Up @@ -380,6 +383,30 @@ spec:
- events
verbs:
- create
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io/v1beta1
resources:
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
Expand Down Expand Up @@ -421,6 +448,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- apps
resourceNames:
- shipwright-build-webhook
resources:
- deployments
verbs:
- delete
- patch
- update
- apiGroups:
- apps
resourceNames:
Expand All @@ -429,6 +466,52 @@ spec:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
resourceNames:
- shipwright-build-webhook
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- create
- get
- list
- watch
- apiGroups:
- cert-manager.io
resourceNames:
- shipwright-build-webhook-cert
resources:
- certificates
verbs:
- delete
- patch
- update
- apiGroups:
- cert-manager.io
resources:
- issuers
verbs:
- create
- get
- list
- watch
- apiGroups:
- cert-manager.io
resourceNames:
- selfsigned-issuer
resources:
- issuers
verbs:
- delete
- patch
- update
- apiGroups:
- ""
resources:
Expand All @@ -441,6 +524,25 @@ spec:
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- shipwright-build-webhook-cert
resources:
- secrets
verbs:
- delete
- patch
- update
- apiGroups:
- ""
resources:
Expand All @@ -460,6 +562,35 @@ spec:
- delete
- patch
- update
- apiGroups:
- ""
resourceNames:
- shipwright-build-webhook
resources:
- serviceaccounts
verbs:
- delete
- patch
- update
- apiGroups:
- ""
resources:
- services
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- shipwright-build-controller
resources:
- services
verbs:
- delete
- patch
- update
- apiGroups:
- operator.shipwright.io
resources:
Expand Down Expand Up @@ -511,6 +642,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- clusterrolebindings
verbs:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand Down Expand Up @@ -550,6 +691,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- clusterroles
verbs:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand All @@ -569,6 +720,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- rolebindings
verbs:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand All @@ -588,6 +749,16 @@ spec:
- delete
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- shipwright-build-webhook
resources:
- roles
verbs:
- delete
- patch
- update
- apiGroups:
- authentication.k8s.io
resources:
Expand Down Expand Up @@ -639,6 +810,9 @@ spec:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
env:
- name: USE_MANAGED_WEBHOOK_CERTS
value: "true"
image: ko://github.com/shipwright-io/operator
livenessProbe:
httpGet:
Expand Down
3 changes: 3 additions & 0 deletions config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ spec:
containers:
- args:
- --leader-elect
env:
- name: USE_MANAGED_WEBHOOK_CERTS
value: "true"
image: ko://github.com/shipwright-io/operator
name: operator
securityContext:
Expand Down
3 changes: 3 additions & 0 deletions config/manifests/bases/shipwright-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ spec:
- kind: TektonConfig
name: tektonconfigs.operator.tekton.dev
version: v1alpha1
- kind: Certificate
name: certificates.cert-manager.io
version: v1
description: |
Shipwright is a framework for building container images on Kubernetes.
Expand Down
Loading

0 comments on commit 722e1d9

Please sign in to comment.