Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(RELEASE-1387): use trusted artifacts #784

Open
wants to merge 21 commits into
base: development
Choose a base branch
from
+3,546 −272
Open

feat(RELEASE-1387): use trusted artifacts #784

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
af8eb0f
feat(RELEASE-1387): use trusted artifacts
scoheb Jan 23, 2025
2c107d9
feat(RELEASE-1387): use ta for verify-access
scoheb Jan 24, 2025
6706fa5
feat(RELEASE-1387): use ta for reduce-snapshot
scoheb Jan 24, 2025
e4816cf
feat(RELEASE-1387): remove debug
scoheb Jan 24, 2025
3d6da32
feat(RELEASE-1387): use ta for apply-mapping
scoheb Jan 24, 2025
d586be5
feat(RELEASE-1387): test pipeline
scoheb Jan 27, 2025
8bdba99
feat(RELEASE-1387): cleanup
scoheb Jan 29, 2025
d180da2
feat(RELEASE-1387): before rework back to subdir
scoheb Jan 29, 2025
e79d270
feat(RELEASE-1387): use subdirectory for collect-data
scoheb Jan 29, 2025
cb3a3e9
feat(RELEASE-1387): collect-data uses both workspace types
scoheb Jan 30, 2025
3af12e0
feat(RELEASE-1387): change variable names
scoheb Jan 30, 2025
dde1ab5
feat(RELEASE-1387): reduce-snapshot uses both workspace types
scoheb Jan 30, 2025
62f6f4f
feat(RELEASE-1387): apply-mapping uses both workspace types
scoheb Jan 30, 2025
48fddf9
feat(RELEASE-1387): reduce step count
scoheb Jan 30, 2025
000e58b
feat(RELEASE-1387): pvc version
scoheb Jan 30, 2025
248d9a4
feat(RELEASE-1387): fix apply-labels tests
scoheb Jan 31, 2025
4806ad2
feat(RELEASE-1387): support 2 runs of tasks
scoheb Feb 3, 2025
aed60b4
feat(RELEASE-1387): remove debug
scoheb Feb 3, 2025
f653eba
feat(RELEASE-1387): fix yamllint errors
scoheb Feb 3, 2025
52a33bd
feat(RELEASE-1387): update versions and readme
scoheb Feb 3, 2025
600808a
feat(RELEASE-1387): cleanup old comments
scoheb Feb 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions .github/resources/cert-manager/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml

patches:
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager-cainjector
- patch: |
- op: add
path: /spec/template/spec/containers/0/resources
value:
requests:
cpu: 90m
memory: 90Mi
limits:
cpu: 120m
memory: 120Mi
target:
kind: Deployment
name: cert-manager-webhook
5 changes: 5 additions & 0 deletions .github/resources/cluster-issuer/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- self-signed-cluster-issuer.yaml
33 changes: 33 additions & 0 deletions .github/resources/cluster-issuer/self-signed-cluster-issuer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: self-signed-cluster-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: selfsigned-ca
namespace: cert-manager
spec:
isCA: true
commonName: selfsigned-ca
secretName: root-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: self-signed-cluster-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
namespace: cert-manager
spec:
ca:
secretName: root-secret
18 changes: 18 additions & 0 deletions .github/resources/registry/certificate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: registry-cert
namespace: kind-registry
spec:
isCA: true
subject:
organizations:
- konflux
dnsNames:
- localhost
- registry-service.kind-registry
issuerRef:
kind: ClusterIssuer
name: ca-issuer
secretName: local-registry-tls
7 changes: 7 additions & 0 deletions .github/resources/registry/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- registry.yaml
- certificate.yaml
- trust-bundle.yaml
65 changes: 65 additions & 0 deletions .github/resources/registry/registry.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: kind-registry
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: registry
name: registry
namespace: kind-registry
annotations:
ignore-check.kube-linter.io/no-read-only-root-fs: "This component requires write permissions"
ignore-check.kube-linter.io/run-as-non-root: "This component requires root permissions"
spec:
replicas: 1
selector:
matchLabels:
run: registry
template:
metadata:
labels:
run: registry
spec:
containers:
- name: registry
image: registry:2
resources:
requests:
cpu: 10m
memory: 50Mi
limits:
cpu: 100m
memory: 250Mi
ports:
- containerPort: 5000
env:
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: "/certs/tls.crt"
- name: REGISTRY_HTTP_TLS_KEY
value: "/certs/tls.key"
volumeMounts:
- name: certs
mountPath: /certs
volumes:
- name: certs
secret:
secretName: local-registry-tls
---
apiVersion: v1
kind: Service
metadata:
name: registry-service
namespace: kind-registry
spec:
type: NodePort
selector:
run: registry
ports:
- protocol: TCP
nodePort: 30001
port: 443
targetPort: 5000
15 changes: 15 additions & 0 deletions .github/resources/registry/trust-bundle.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
name: trusted-ca
spec:
sources:
- useDefaultCAs: true
- secret:
name: "root-secret"
key: "ca.crt"
target:
configMap:
key: "ca-bundle.crt"
namespaceSelector: {}
5 changes: 5 additions & 0 deletions .github/resources/trust-manager/kustomization.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- trust-manager.yaml
Loading