Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: use trusted artifacts #784

Draft
wants to merge 16 commits into
base: development
Choose a base branch
from
Draft

feat: use trusted artifacts #784

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
1d5bda7
feat(RELEASE-1387): use trusted artifacts
scoheb Jan 23, 2025
56873cb
feat(RELEASE-1387): use ta for verify-access
scoheb Jan 24, 2025
2173e00
feat(RELEASE-1387): use ta for reduce-snapshot
scoheb Jan 24, 2025
c47fdaf
feat(RELEASE-1387): remove debug
scoheb Jan 24, 2025
a0d4c8a
feat(RELEASE-1387): use ta for apply-mapping
scoheb Jan 24, 2025
5d7e553
feat(RELEASE-1387): test pipeline
scoheb Jan 27, 2025
63ff692
feat(): cleanup
scoheb Jan 29, 2025
2fd3bac
before rework back to subdir
scoheb Jan 29, 2025
c3d2007
feat(RELEASE-1387): use subdirectory for collect-data
scoheb Jan 29, 2025
887174e
feat(RELEASE-1387): collect-data uses both workspace types
scoheb Jan 30, 2025
b1c68a5
feat(RELEASE-1387): change variable names
scoheb Jan 30, 2025
896f331
feat(RELEASE-1387): reduce-snapshot uses both workspace types
scoheb Jan 30, 2025
fcb0514
feat(RELEASE-1387): apply-mapping uses both workspace types
scoheb Jan 30, 2025
96fc167
reduce step count
scoheb Jan 30, 2025
4864802
pvc version
scoheb Jan 30, 2025
c0ba98f
fix apply-labels tests
scoheb Jan 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions .github/resources/cert-manager/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml

patches:
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager-cainjector
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager-webhook
5 changes: 5 additions & 0 deletions .github/resources/cluster-issuer/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- self-signed-cluster-issuer.yaml
33 changes: 33 additions & 0 deletions .github/resources/cluster-issuer/self-signed-cluster-issuer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: self-signed-cluster-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: selfsigned-ca
namespace: cert-manager
spec:
isCA: true
commonName: selfsigned-ca
secretName: root-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: self-signed-cluster-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
namespace: cert-manager
spec:
ca:
secretName: root-secret
18 changes: 18 additions & 0 deletions .github/resources/registry/certificate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-cert
namespace: kind-registry
spec:
isCA: true
subject:
organizations:
- konflux
dnsNames:
- localhost
- registry-service.kind-registry
issuerRef:
kind: ClusterIssuer
name: ca-issuer
secretName: local-registry-tls
7 changes: 7 additions & 0 deletions .github/resources/registry/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- registry.yaml
- certificate.yaml
- trust-bundle.yaml
65 changes: 65 additions & 0 deletions .github/resources/registry/registry.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: kind-registry
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: registry
name: registry
namespace: kind-registry
annotations:
ignore-check.kube-linter.io/no-read-only-root-fs: "This component requires write permissions"
ignore-check.kube-linter.io/run-as-non-root: "This component requires root permissions"
spec:
replicas: 1
selector:
matchLabels:
run: registry
template:
metadata:
labels:
run: registry
spec:
containers:
- name: registry
image: registry:2
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 100m
memory: 250Mi
ports:
- containerPort: 5000
env:
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: "/certs/tls.crt"
- name: REGISTRY_HTTP_TLS_KEY
value: "/certs/tls.key"
volumeMounts:
- name: certs
mountPath: /certs
volumes:
- name: certs
secret:
secretName: local-registry-tls
---
apiVersion: v1
kind: Service
metadata:
name: registry-service
namespace: kind-registry
spec:
type: NodePort
selector:
run: registry
ports:
- protocol: TCP
nodePort: 30001
port: 443
targetPort: 5000
15 changes: 15 additions & 0 deletions .github/resources/registry/trust-bundle.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
name: trusted-ca
spec:
sources:
- useDefaultCAs: true
- secret:
name: "root-secret"
key: "ca.crt"
target:
configMap:
key: "ca-bundle.crt"
namespaceSelector: {}
5 changes: 5 additions & 0 deletions .github/resources/trust-manager/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- trust-manager.yaml
Loading
Loading