Partial implementation of certmanager for integration sink (#8481)

* Adding cert-mananger bits Basics for Cert-manager Signed-off-by: Matthias Wessendorf <[email protected]> * Adding create cert manifest function Signed-off-by: Matthias Wessendorf <[email protected]> * Use the make cert Signed-off-by: Matthias Wessendorf <[email protected]> * Reconcile Certificate manifest and add RBAC Signed-off-by: Matthias Wessendorf <[email protected]> * Add secret filter to controller Signed-off-by: Matthias Wessendorf <[email protected]> * Look up secrets/certs for sink Signed-off-by: Matthias Wessendorf <[email protected]> * Remove old/wrong Certificate manifest and reference Signed-off-by: Matthias Wessendorf <[email protected]> * Fix controller compile Signed-off-by: Matthias Wessendorf <[email protected]> * Formatting Signed-off-by: Matthias Wessendorf <[email protected]> * change the reconcile of cert manifest, and run it only w/ some form of TLS Signed-off-by: Matthias Wessendorf <[email protected]> * using filtered informer Signed-off-by: Matthias Wessendorf <[email protected]> * Adding Rekt test for IntegrationSink TLS support Signed-off-by: Matthias Wessendorf <[email protected]> * adding a bit of https port for deployment/service of the IntegrationSink Signed-off-by: Matthias Wessendorf <[email protected]> * Mounting secrets and setting quarkus env vars for TLS support Signed-off-by: Matthias Wessendorf <[email protected]> * Adding flags for different TLS levels resulting in diffeerent quarkus env vars Signed-off-by: Matthias Wessendorf <[email protected]> * Remove bad comment Signed-off-by: Matthias Wessendorf <[email protected]> * Adding label Signed-off-by: Matthias Wessendorf <[email protected]> * Update codegen Signed-off-by: Matthias Wessendorf <[email protected]> * Disable tmp. the cert manager feature Signed-off-by: Matthias Wessendorf <[email protected]> * Fixing header/year Signed-off-by: Matthias Wessendorf <[email protected]> * More test tweaking Signed-off-by: Matthias Wessendorf <[email protected]> * Remove unused and comment out the hooks for now Signed-off-by: Matthias Wessendorf <[email protected]> --------- Signed-off-by: Matthias Wessendorf <[email protected]>
knative · Feb 19, 2025 · 732ec62 · 732ec62
1 parent 5998cfe
commit 732ec62
Show file tree

Hide file tree

Showing 129 changed files with 15,389 additions and 93 deletions.
diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -57,12 +57,17 @@ func main() {
 		eventingtls.TrustBundleLabelSelector,
 		sinks.JobSinkJobsLabelSelector,
 		eventtransform.JsonataResourcesSelector,
+		"app.kubernetes.io/name",
 	)
 
 	ctx = eventingfilteredfactory.WithSelectors(ctx,
 		eventtransform.JsonataResourcesSelector,
 	)
 
+	//for _, inf := range []injection.InformerInjector{v1certificate.WithInformer} {
+	//	injection.Default.RegisterInformer(inf)
+	//}
+
 	sharedmain.MainWithContext(ctx, "controller",
 		// Messaging
 		channel.NewController,

diff --git a/config/core-tls/integration-sink-tls-certificate.yaml b/config/core-tls/integration-sink-tls-certificate.yaml
diff --git a/config/core/roles/controller-clusterroles.yaml b/config/core/roles/controller-clusterroles.yaml
@@ -223,3 +223,29 @@ rules:
       - "delete"
       - "patch"
       - "watch"
+
+  - apiGroups:
+      - "cert-manager.io"
+    resources:
+      - "certificates"
+    verbs:
+      - "get"
+      - "list"
+      - "create"
+      - "update"
+      - "delete"
+      - "patch"
+      - "watch"
+
+  - apiGroups:
+      - "acme.cert-manager.io"
+    resources:
+      - "challenges"
+    verbs:
+      - "get"
+      - "list"
+      - "create"
+      - "update"
+      - "delete"
+      - "patch"
+      - "watch"
diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.23.0
 
 require (
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1
+	github.com/cert-manager/cert-manager v1.13.3
 	github.com/cloudevents/conformance v0.2.0
 	github.com/cloudevents/sdk-go/observability/opencensus/v2 v2.15.2
 	github.com/cloudevents/sdk-go/protocol/mqtt_paho/v2 v2.0.0-20240508060731-1ed9471c98bd
@@ -121,6 +122,7 @@ require (
 	k8s.io/klog v1.0.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect
+	sigs.k8s.io/gateway-api v0.8.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -64,6 +64,8 @@ github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
+github.com/cert-manager/cert-manager v1.13.3 h1:3R4G0RI7K0OkTZhWlVOC5SGZMYa2NwqmQJoyKydrz/M=
+github.com/cert-manager/cert-manager v1.13.3/go.mod h1:BM2+Pt/NmSv1Zr25/MHv6BgIEF9IUxA1xAjp80qkxgc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -865,6 +867,8 @@ knative.dev/reconciler-test v0.0.0-20250217113456-62eb465c1406/go.mod h1:MgX538j
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/gateway-api v0.8.0 h1:isQQ3Jx2qFP7vaA3ls0846F0Amp9Eq14P08xbSwVbQg=
+sigs.k8s.io/gateway-api v0.8.0/go.mod h1:okOnjPNBFbIS/Rw9kAhuIUaIkLhTKEu+ARIuXk2dgaM=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=

diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh
@@ -44,6 +44,13 @@ kube::codegen::gen_client \
   --with-watch \
   "${REPO_ROOT_DIR}/pkg/apis"
 
+kube::codegen::gen_client \
+  --boilerplate "${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt" \
+  --output-dir "${REPO_ROOT_DIR}/pkg/client/certmanager" \
+  --output-pkg "knative.dev/eventing/pkg/client/certmanager" \
+  --with-watch \
+  "${REPO_ROOT_DIR}/vendor/github.com/cert-manager/cert-manager/pkg/apis"
+
 group "Knative Codegen"
 
 # Knative Injection
@@ -52,6 +59,13 @@ ${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \
   "sinks:v1alpha1 eventing:v1alpha1 eventing:v1beta1 eventing:v1beta2 eventing:v1beta3 eventing:v1 messaging:v1 flows:v1 sources:v1alpha1 sources:v1beta2 sources:v1 duck:v1beta1 duck:v1" \
   --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt
 
+# Knative Injection (for cert-manager)
+${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \
+  knative.dev/eventing/pkg/client/certmanager github.com/cert-manager/cert-manager/pkg/apis \
+  "certmanager:v1 acme:v1" \
+  --disable-informer-init \
+  --go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt
+
 group "Generating API reference docs"
 
 ${REPO_ROOT_DIR}/hack/update-reference-docs.sh

diff --git a/pkg/client/certmanager/clientset/versioned/clientset.go b/pkg/client/certmanager/clientset/versioned/clientset.go
diff --git a/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go b/pkg/client/certmanager/clientset/versioned/fake/clientset_generated.go