Skip to content

Initial implementation #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
simu merged 12 commits into from
Jan 25, 2023
Merged

Initial implementation #2

simu merged 12 commits into from
Jan 25, 2023

Conversation

@simu
Copy link
Member

@simu simu commented Jan 24, 2023

Replaces #1

Checklist

  • PR contains a single logical change (to build a better changelog).
  • Update the documentation.
  • Categorize the PR by setting a good title and adding one of the labels:
    bug, enhancement, documentation, change, breaking, dependency
    as they show up in the changelog.
  • Link this PR to related issues or PRs.

@simu simu added the enhancement New feature or request label Jan 24, 2023
@simu
Update from template
f779a68 
Template version: main (804e9c7)
@simu simu force-pushed the initial-implementation branch from dd4bc2d to 14bd0ae Compare January 24, 2023 09:53
@simu
Copy link
Member Author

simu commented Jan 24, 2023
edited
Loading

TODO:

  • Add option to provide own serving certificate for webhook (e.g. in vcluster, where we don't install cert-manager by default)
  • Finalize decision and component library implementation with regard to fine-grained vs component-wide RBAC

@simu simu force-pushed the initial-implementation branch from 8d0ae99 to 0bb025b Compare January 24, 2023 13:49
@simu simu force-pushed the initial-implementation branch from 0bb025b to c444ba0 Compare January 24, 2023 15:44
@simu simu requested a review from bastjan January 24, 2023 16:19
bastjan
bastjan approved these changes Jan 24, 2023
View reviewed changes
simu added 9 commits January 25, 2023 10:42
@simu
Add component library
f4d680a 
We copy the resource-locker component library, and update the
implementation to generate patch-operator custom resources instead.

The additional file `patch-operator-migrate.libsonnet` could be used to
provide a transitional `resource-locker.libjsonnet`, if we update
Commodore to allow components to steal library prefixes from deprecated
components.
@simu
Remove per-patch RBAC management
9f2a762 
Instead, we create a single service account which is granted the cluster
role `cluster-admin` by default. The service account name, and granted
role can be customized through the component parameters.
@simu
Use cert-manager to manage serving certificate for admission webhook
99da56d 
We also add a postprocessing filter to ensure that the cert-manager
certificate and the openshift serving certificate annotation don't use
the same secret name.
@simu
Add parameter docs
f0d79ab
@simu
Add migration how-to
3642447
@simu
Add support for bring-your-own certificates
236c2d4
@simu
Add test case for external certificate support
52b927f 
Rendered from template version: main (804e9c7)
@simu
Add how-to for setting up self-signed external certificates
63ea5f9
@simu
Add some content in index.adoc
b4bd15f
@simu simu force-pushed the initial-implementation branch from 0d28384 to b4bd15f Compare January 25, 2023 09:42
@simu simu merged commit c7fe019 into master Jan 25, 2023
@simu simu deleted the initial-implementation branch January 25, 2023 09:49
@simu simu mentioned this pull request Feb 10, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bastjan bastjan bastjan approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simu @bastjan