Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(RELEASE-1387): use trusted artifacts #784

Open
wants to merge 21 commits into
base: development
Choose a base branch
from
Open

feat(RELEASE-1387): use trusted artifacts #784

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
e6d7ab6
feat(RELEASE-1387): use trusted artifacts
scoheb Jan 23, 2025
b9e9f99
feat(RELEASE-1387): use ta for verify-access
scoheb Jan 24, 2025
add53d2
feat(RELEASE-1387): use ta for reduce-snapshot
scoheb Jan 24, 2025
a99ed7d
feat(RELEASE-1387): remove debug
scoheb Jan 24, 2025
cf2f8d5
feat(RELEASE-1387): use ta for apply-mapping
scoheb Jan 24, 2025
2ca48a5
feat(RELEASE-1387): test pipeline
scoheb Jan 27, 2025
6397e78
feat(RELEASE-1387): cleanup
scoheb Jan 29, 2025
17b80ea
feat(RELEASE-1387): before rework back to subdir
scoheb Jan 29, 2025
7882c20
feat(RELEASE-1387): use subdirectory for collect-data
scoheb Jan 29, 2025
5be8b8d
feat(RELEASE-1387): collect-data uses both workspace types
scoheb Jan 30, 2025
42fe900
feat(RELEASE-1387): change variable names
scoheb Jan 30, 2025
e949930
feat(RELEASE-1387): reduce-snapshot uses both workspace types
scoheb Jan 30, 2025
c7167b3
feat(RELEASE-1387): apply-mapping uses both workspace types
scoheb Jan 30, 2025
635c18c
feat(RELEASE-1387): reduce step count
scoheb Jan 30, 2025
01ce188
feat(RELEASE-1387): pvc version
scoheb Jan 30, 2025
cdc5d61
feat(RELEASE-1387): fix apply-labels tests
scoheb Jan 31, 2025
b672d4a
feat(RELEASE-1387): support 2 runs of tasks
scoheb Feb 3, 2025
25d0247
feat(RELEASE-1387): remove debug
scoheb Feb 3, 2025
0d74b5d
feat(RELEASE-1387): fix yamllint errors
scoheb Feb 3, 2025
16818be
feat(RELEASE-1387): update versions and readme
scoheb Feb 3, 2025
6bef15b
feat(RELEASE-1387): cleanup old comments
scoheb Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions .github/resources/cert-manager/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml

patches:
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager-cainjector
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager-webhook
5 changes: 5 additions & 0 deletions .github/resources/cluster-issuer/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- self-signed-cluster-issuer.yaml
33 changes: 33 additions & 0 deletions .github/resources/cluster-issuer/self-signed-cluster-issuer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: self-signed-cluster-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: selfsigned-ca
namespace: cert-manager
spec:
isCA: true
commonName: selfsigned-ca
secretName: root-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: self-signed-cluster-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
namespace: cert-manager
spec:
ca:
secretName: root-secret
18 changes: 18 additions & 0 deletions .github/resources/registry/certificate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-cert
namespace: kind-registry
spec:
isCA: true
subject:
organizations:
- konflux
dnsNames:
- localhost
- registry-service.kind-registry
issuerRef:
kind: ClusterIssuer
name: ca-issuer
secretName: local-registry-tls
7 changes: 7 additions & 0 deletions .github/resources/registry/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- registry.yaml
- certificate.yaml
- trust-bundle.yaml
65 changes: 65 additions & 0 deletions .github/resources/registry/registry.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: kind-registry
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: registry
name: registry
namespace: kind-registry
annotations:
ignore-check.kube-linter.io/no-read-only-root-fs: "This component requires write permissions"
ignore-check.kube-linter.io/run-as-non-root: "This component requires root permissions"
spec:
replicas: 1
selector:
matchLabels:
run: registry
template:
metadata:
labels:
run: registry
spec:
containers:
- name: registry
image: registry:2
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 100m
memory: 250Mi
ports:
- containerPort: 5000
env:
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: "/certs/tls.crt"
- name: REGISTRY_HTTP_TLS_KEY
value: "/certs/tls.key"
volumeMounts:
- name: certs
mountPath: /certs
volumes:
- name: certs
secret:
secretName: local-registry-tls
---
apiVersion: v1
kind: Service
metadata:
name: registry-service
namespace: kind-registry
spec:
type: NodePort
selector:
run: registry
ports:
- protocol: TCP
nodePort: 30001
port: 443
targetPort: 5000
15 changes: 15 additions & 0 deletions .github/resources/registry/trust-bundle.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
name: trusted-ca
spec:
sources:
- useDefaultCAs: true
- secret:
name: "root-secret"
key: "ca.crt"
target:
configMap:
key: "ca-bundle.crt"
namespaceSelector: {}
5 changes: 5 additions & 0 deletions .github/resources/trust-manager/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- trust-manager.yaml
Loading