From 866a2f6cf0336731ccea6a85a34e033db62ffa77 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 10:47:42 -0800 Subject: [PATCH 01/26] Add manifest for cluster-issuer --- cert-manager-cluster-issuer.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 cert-manager-cluster-issuer.yaml diff --git a/cert-manager-cluster-issuer.yaml b/cert-manager-cluster-issuer.yaml new file mode 100644 index 0000000..102825e --- /dev/null +++ b/cert-manager-cluster-issuer.yaml @@ -0,0 +1,17 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-issuer +spec: + acme: + email: lsitops@lsit.ucsb.edu + privateKeySecretRef: + name: letsencrypt-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + ingressClassName: nginx + - http01: + ingress: + ingressClassName: traefik From 1985fc00a33deda6c2feee336d8b8aa6a732a287 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 10:57:07 -0800 Subject: [PATCH 02/26] Move manifests to sub-path --- .../cert-manager-cluster-issuer.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename cert-manager-cluster-issuer.yaml => manifests/cert-manager-cluster-issuer.yaml (100%) diff --git a/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml similarity index 100% rename from cert-manager-cluster-issuer.yaml rename to manifests/cert-manager-cluster-issuer.yaml From bfd86c29cef2c53d05435dc45d1b8f3e28ccaeed Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 11:10:55 -0800 Subject: [PATCH 03/26] Revert "Move manifests to sub-path" This reverts commit 1985fc00a33deda6c2feee336d8b8aa6a732a287. --- ...anager-cluster-issuer.yaml => cert-manager-cluster-issuer.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename manifests/cert-manager-cluster-issuer.yaml => cert-manager-cluster-issuer.yaml (100%) diff --git a/manifests/cert-manager-cluster-issuer.yaml b/cert-manager-cluster-issuer.yaml similarity index 100% rename from manifests/cert-manager-cluster-issuer.yaml rename to cert-manager-cluster-issuer.yaml From 23aef1d66275fa014971d9c8afd9070226e5d9ec Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 11:26:58 -0800 Subject: [PATCH 04/26] Make helm adopt cert-manager --- fleet.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/fleet.yaml b/fleet.yaml index dae396b..1bf3880 100644 --- a/fleet.yaml +++ b/fleet.yaml @@ -3,6 +3,7 @@ helm: repo: https://charts.jetstack.io releaseName: cert-manager chart: cert-manager + takeOwnership: true values: namespace: cert-manager installCRDs: true From b36eea699cb59018d45afb48a93ac556d4ca5ad8 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:09:18 -0800 Subject: [PATCH 05/26] Refactor to attempt to get clusterissuer and helm all happy together --- README.md | 4 ++++ .../cert-manager-cluster-issuer.yaml | 0 manifests/fleet.yaml | 3 +++ fleet.yaml => operator/fleet.yaml | 0 4 files changed, 7 insertions(+) create mode 100644 README.md rename cert-manager-cluster-issuer.yaml => manifests/cert-manager-cluster-issuer.yaml (100%) create mode 100644 manifests/fleet.yaml rename fleet.yaml => operator/fleet.yaml (100%) diff --git a/README.md b/README.md new file mode 100644 index 0000000..bf76d93 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +Fleet Cert Manager +================== + +Automate cert-manager with Fleet. diff --git a/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml similarity index 100% rename from cert-manager-cluster-issuer.yaml rename to manifests/cert-manager-cluster-issuer.yaml diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml new file mode 100644 index 0000000..7467588 --- /dev/null +++ b/manifests/fleet.yaml @@ -0,0 +1,3 @@ +defaultNamespace: cert-manager +dependsOn: + - name: fleet-cert-manager-operator diff --git a/fleet.yaml b/operator/fleet.yaml similarity index 100% rename from fleet.yaml rename to operator/fleet.yaml From 12a3e71a2f0ef16fb762a1aa370c6a3edbfdff07 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:16:30 -0800 Subject: [PATCH 06/26] Point DependOn to right bundle --- manifests/fleet.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index 7467588..d3ce5f5 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,3 +1,3 @@ defaultNamespace: cert-manager dependsOn: - - name: fleet-cert-manager-operator + - name: cert-manager-lsit-operator From d733c8d5d05331d548dcebe0be3322a6e000a3ae Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:21:34 -0800 Subject: [PATCH 07/26] Set clusterIssuer to be default namespace --- manifests/fleet.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index d3ce5f5..a1d45af 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,3 +1,3 @@ -defaultNamespace: cert-manager +defaultNamespace: default dependsOn: - name: cert-manager-lsit-operator From 5b88d77a69dc05f0795fb9e374f4cf5527bd04aa Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:22:59 -0800 Subject: [PATCH 08/26] Try without default namespace --- manifests/fleet.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index a1d45af..5d764ca 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,3 +1,2 @@ -defaultNamespace: default dependsOn: - name: cert-manager-lsit-operator From a5952b0fba2502a01662c6602bf657299432a24d Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:27:37 -0800 Subject: [PATCH 09/26] Still trying to make it happy with namespace refs --- manifests/cert-manager-cluster-issuer.yaml | 1 + manifests/fleet.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/manifests/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml index 102825e..dd34507 100644 --- a/manifests/cert-manager-cluster-issuer.yaml +++ b/manifests/cert-manager-cluster-issuer.yaml @@ -1,4 +1,5 @@ apiVersion: cert-manager.io/v1 +namespace: default kind: ClusterIssuer metadata: name: letsencrypt-issuer diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index 5d764ca..a1d45af 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,2 +1,3 @@ +defaultNamespace: default dependsOn: - name: cert-manager-lsit-operator From 4784b1a784f28279490eb41321d2f6130b856d88 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:32:33 -0800 Subject: [PATCH 10/26] Still trying to make it happy with namespace refs --- manifests/fleet.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index a1d45af..bb5096c 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,3 +1,3 @@ -defaultNamespace: default +correctDrift: true dependsOn: - name: cert-manager-lsit-operator From 4dac629bca57b86c4907757dadc02cc428af7b06 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:43:11 -0800 Subject: [PATCH 11/26] Still trying to make it happy with namespace refs --- manifests/fleet.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index bb5096c..27c7be2 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,3 +1,4 @@ +defaultNamespace: default correctDrift: true dependsOn: - name: cert-manager-lsit-operator From 1c371a7abe9505fa6f05907e379ca7e9dfc97824 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 12:47:41 -0800 Subject: [PATCH 12/26] Still trying to make it happy with namespace refs --- manifests/cert-manager-cluster-issuer.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml index dd34507..65b1983 100644 --- a/manifests/cert-manager-cluster-issuer.yaml +++ b/manifests/cert-manager-cluster-issuer.yaml @@ -3,6 +3,7 @@ namespace: default kind: ClusterIssuer metadata: name: letsencrypt-issuer + meta.helm.sh/release-namespace: default spec: acme: email: lsitops@lsit.ucsb.edu From ea24076b670fe2b3565a1d1c81bd609c104090a2 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 13:01:15 -0800 Subject: [PATCH 13/26] Still trying to make it happy with namespace refs --- manifests/cert-manager-cluster-issuer.yaml | 6 +++++- manifests/fleet.yaml | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml index 65b1983..43e1f5e 100644 --- a/manifests/cert-manager-cluster-issuer.yaml +++ b/manifests/cert-manager-cluster-issuer.yaml @@ -3,7 +3,11 @@ namespace: default kind: ClusterIssuer metadata: name: letsencrypt-issuer - meta.helm.sh/release-namespace: default + labels: + app.kubernetes.io/managed-by: Helm + annotations: + meta.helm.sh/release-name: cert-managet-lsit-manifests + meta.helm.sh/release-namespace: cert-manager spec: acme: email: lsitops@lsit.ucsb.edu diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index 27c7be2..bb5096c 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,4 +1,3 @@ -defaultNamespace: default correctDrift: true dependsOn: - name: cert-manager-lsit-operator From 195eb292720bc0ac07a9499fecf686ae581b0a86 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 13:16:41 -0800 Subject: [PATCH 14/26] Fix typo in annotation --- manifests/cert-manager-cluster-issuer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml index 43e1f5e..66a5541 100644 --- a/manifests/cert-manager-cluster-issuer.yaml +++ b/manifests/cert-manager-cluster-issuer.yaml @@ -6,7 +6,7 @@ metadata: labels: app.kubernetes.io/managed-by: Helm annotations: - meta.helm.sh/release-name: cert-managet-lsit-manifests + meta.helm.sh/release-name: cert-manager-lsit-manifests meta.helm.sh/release-namespace: cert-manager spec: acme: From 1a20aeda0c2445a00f92edb0a9bd32b2666561e0 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 15:09:30 -0800 Subject: [PATCH 15/26] Update README.md --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index bf76d93..c8e8621 100644 --- a/README.md +++ b/README.md @@ -2,3 +2,28 @@ Fleet Cert Manager ================== Automate cert-manager with Fleet. + +## Example GitRepo object + +``` +apiVersion: fleet.cattle.io/v1alpha1 +kind: GitRepo +metadata: + name: cert-manager-lsit + namespace: fleet-default +spec: + branch: main + clientSecretName: auth-g4szs + correctDrift: + enabled: true + forceSyncGeneration: 20 + insecureSkipTLSVerify: false + keepResources: true + paths: + - operator + - manifests + repo: https://git.lsit.ucsb.edu/LSIT-Systems/fleet-cert-manager + targetNamespace: '' + targets: + - clusterGroup: dev +``` From 38a673c715f9717fee955cfabd9886cdb35183f6 Mon Sep 17 00:00:00 2001 From: Scott Williams Date: Fri, 8 Mar 2024 15:22:58 -0800 Subject: [PATCH 16/26] Little bit of cleanup --- manifests/cert-manager-cluster-issuer.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml index 66a5541..a487b3f 100644 --- a/manifests/cert-manager-cluster-issuer.yaml +++ b/manifests/cert-manager-cluster-issuer.yaml @@ -1,5 +1,4 @@ apiVersion: cert-manager.io/v1 -namespace: default kind: ClusterIssuer metadata: name: letsencrypt-issuer From 4bc8155017bedf2999d0f969b2398dca1ad5fd25 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 25 Oct 2024 12:32:21 -0700 Subject: [PATCH 17/26] Update manifests/fleet.yaml --- manifests/fleet.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/fleet.yaml b/manifests/fleet.yaml index bb5096c..e2f1150 100644 --- a/manifests/fleet.yaml +++ b/manifests/fleet.yaml @@ -1,3 +1,4 @@ -correctDrift: true +correctDrift: + enabled: true dependsOn: - name: cert-manager-lsit-operator From ae4cea2feb9e85deea3879ba9923602926a1fd5d Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 25 Oct 2024 14:23:27 -0700 Subject: [PATCH 18/26] Update manifests/cert-manager-cluster-issuer.yaml --- manifests/cert-manager-cluster-issuer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/cert-manager-cluster-issuer.yaml b/manifests/cert-manager-cluster-issuer.yaml index a487b3f..40c3467 100644 --- a/manifests/cert-manager-cluster-issuer.yaml +++ b/manifests/cert-manager-cluster-issuer.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/managed-by: Helm annotations: meta.helm.sh/release-name: cert-manager-lsit-manifests - meta.helm.sh/release-namespace: cert-manager + meta.helm.sh/release-namespace: default spec: acme: email: lsitops@lsit.ucsb.edu From 2367f01653ae48dde158a6b051c6d81c2a86b4f8 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 25 Oct 2024 14:26:00 -0700 Subject: [PATCH 19/26] Update operator/fleet.yaml --- operator/fleet.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/operator/fleet.yaml b/operator/fleet.yaml index 1bf3880..fdd7bdf 100644 --- a/operator/fleet.yaml +++ b/operator/fleet.yaml @@ -4,6 +4,7 @@ helm: releaseName: cert-manager chart: cert-manager takeOwnership: true + force: true values: namespace: cert-manager installCRDs: true From 200c4801bbecbc76bb7369c3d829748d97039a01 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 25 Oct 2024 15:09:15 -0700 Subject: [PATCH 20/26] Wait at least 10 minutes for cert-manager to finish --- operator/fleet.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/operator/fleet.yaml b/operator/fleet.yaml index fdd7bdf..e97f434 100644 --- a/operator/fleet.yaml +++ b/operator/fleet.yaml @@ -4,7 +4,8 @@ helm: releaseName: cert-manager chart: cert-manager takeOwnership: true - force: true + timeoutSeconds: 600 + waitForJobs: true values: namespace: cert-manager installCRDs: true From 593c5347daca7e8007c94ac20400c45b5db5d203 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 25 Oct 2024 15:13:23 -0700 Subject: [PATCH 21/26] Update README.md --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c8e8621..c70369a 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ spec: - manifests repo: https://git.lsit.ucsb.edu/LSIT-Systems/fleet-cert-manager targetNamespace: '' - targets: - - clusterGroup: dev + # To limit by label: + #targets: + # - clusterGroup: dev ``` From 3eaf003fc517b2c610c2f9dd7e621350265ee681 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 25 Oct 2024 15:19:35 -0700 Subject: [PATCH 22/26] Update README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index c70369a..a1c7b55 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,7 @@ spec: clientSecretName: auth-g4szs correctDrift: enabled: true - forceSyncGeneration: 20 - insecureSkipTLSVerify: false + force: true keepResources: true paths: - operator From 644c0296efbfd1cc969f6bc49d529ddf7a5f41d4 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 25 Oct 2024 15:20:30 -0700 Subject: [PATCH 23/26] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a1c7b55..b2877c0 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,9 @@ kind: GitRepo metadata: name: cert-manager-lsit namespace: fleet-default + #For rancher manager, also deploy this to fleet-local namespace spec: branch: main - clientSecretName: auth-g4szs correctDrift: enabled: true force: true From 3b21ca0b332c5a6d17da28b71be8ef230acaff91 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Thu, 31 Oct 2024 14:43:42 -0700 Subject: [PATCH 24/26] Add MIT License before making public --- LICENSE | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8e0c853 --- /dev/null +++ b/LICENSE @@ -0,0 +1,7 @@ +Copyright 2024 University of California, Santa Barbara + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. From 8d0880aba728a13679413089baa8b4f2246efdb2 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Tue, 19 Nov 2024 15:58:39 -0800 Subject: [PATCH 25/26] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b2877c0..50e0b8b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ Fleet Cert Manager ================== -Automate cert-manager with Fleet. +Automate cert-manager with Fleet. This deploys cert-manager via Helm and includes a curated ClusterIssuer for LetsEncrypt for nginx and traefik ingesses. ## Example GitRepo object From e997d46ba04b4bed0780d289f81a5c4748e5ac66 Mon Sep 17 00:00:00 2001 From: scottwilliams Date: Fri, 27 Dec 2024 14:03:34 -0800 Subject: [PATCH 26/26] Update operator/fleet.yaml --- operator/fleet.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/operator/fleet.yaml b/operator/fleet.yaml index e97f434..89d3248 100644 --- a/operator/fleet.yaml +++ b/operator/fleet.yaml @@ -8,7 +8,8 @@ helm: waitForJobs: true values: namespace: cert-manager - installCRDs: true + crds: + enabled: true targetCustomizations: - name: prod helm: