Skip to content

Commit

Permalink
make bundle-generate
Browse files Browse the repository at this point in the history 
Signed-off-by: Richard Wall <[email protected]>
  • Loading branch information
@wallrj
wallrj committed Feb 7, 2024
1 parent 1be36c0 commit 5e92aac
Show file tree
Hide file tree
Showing 16 changed files with 441 additions and 178 deletions.
3 changes: 1 addition & 2 deletions bundle/bundle.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=cert-manager
LABEL operators.operatorframework.io.bundle.channels.v1=candidate,stable
LABEL operators.operatorframework.io.bundle.channel.default.v1=stable
LABEL operators.operatorframework.io.bundle.channels.v1=candidate
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.33.0
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
LABEL operators.operatorframework.io.metrics.project_layout=unknown
Expand Down
130 changes: 90 additions & 40 deletions bundle/manifests/acme.cert-manager.io_challenges.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.13.3
app.kubernetes.io/version: v1.14.1
name: challenges.acme.cert-manager.io
spec:
group: acme.cert-manager.io
Expand Down Expand Up @@ -199,12 +199,16 @@ spec:
challenge records.
properties:
clientID:
description: if both this and ClientSecret are left unset
MSI will be used
description: 'Auth: Azure Service Principal: The ClientID
of the Azure Service Principal used to authenticate
with Azure DNS. If set, ClientSecret and TenantID must
also be set.'
type: string
clientSecretSecretRef:
description: if both this and ClientID are left unset
MSI will be used
description: 'Auth: Azure Service Principal: A reference
to a Secret containing the password associated with
the Service Principal. If set, ClientID and TenantID
must also be set.'
properties:
key:
description: The key of the entry in the Secret resource's
Expand All @@ -230,17 +234,19 @@ spec:
description: name of the DNS zone that should be used
type: string
managedIdentity:
description: managed identity configuration, can not be
used at the same time as clientID, clientSecretSecretRef
or tenantID
description: 'Auth: Azure Workload Identity or Azure Managed
Service Identity: Settings to enable Azure Workload
Identity or Azure Managed Service Identity If set, ClientID,
ClientSecret and TenantID must not be set.'
properties:
clientID:
description: client ID of the managed identity, can
not be used at the same time as resourceID
type: string
resourceID:
description: resource ID of the managed identity,
can not be used at the same time as clientID
can not be used at the same time as clientID Cannot
be used for Azure Managed Service Identity
type: string
type: object
resourceGroupName:
Expand All @@ -250,8 +256,10 @@ spec:
description: ID of the Azure subscription
type: string
tenantID:
description: when specifying ClientID and ClientSecret
then this field is also needed
description: 'Auth: Azure Service Principal: The TenantID
of the Azure Service Principal used to authenticate
with Azure DNS. If set, ClientID and ClientSecret must
also be set.'
type: string
required:
- resourceGroupName
Expand Down Expand Up @@ -580,16 +588,17 @@ spec:
to. For example: Gateway has the AllowedRoutes
field, and ReferenceGrant provides a generic way
to enable any other kind of cross-namespace reference.
\n ParentRefs from a Route to a Service in the
same namespace are \"producer\" routes, which
apply default routing rules to inbound connections
from any namespace to the Service. \n ParentRefs
from a Route to a Service in a different namespace
are \"consumer\" routes, and these routing rules
are only applied to outbound connections originating
from the same namespace as the Route, for which
the intended destination of the connections are
a Service targeted as a ParentRef of the Route.
\n <gateway:experimental:description> ParentRefs
from a Route to a Service in the same namespace
are \"producer\" routes, which apply default routing
rules to inbound connections from any namespace
to the Service. \n ParentRefs from a Route to
a Service in a different namespace are \"consumer\"
routes, and these routing rules are only applied
to outbound connections originating from the same
namespace as the Route, for which the intended
destination of the connections are a Service targeted
as a ParentRef of the Route. </gateway:experimental:description>
\n Support: Core"
maxLength: 63
minLength: 1
Expand All @@ -608,25 +617,26 @@ spec:
port(s) may be changed. When both Port and SectionName
are specified, the name and port of the selected
listener must match both specified values. \n
When the parent resource is a Service, this targets
a specific port in the Service spec. When both
Port (experimental) and SectionName are specified,
the name and port of the selected port must match
both specified values. \n Implementations MAY
choose to support other parent resources. Implementations
supporting other types of parent resources MUST
clearly document how/if Port is interpreted. \n
For the purpose of status, an attachment is considered
successful as long as the parent resource accepts
it partially. For example, Gateway listeners can
restrict which Routes can attach to them by Route
kind, namespace, or hostname. If 1 of 2 Gateway
listeners accept attachment from the referencing
Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment
from this Route, the Route MUST be considered
detached from the Gateway. \n Support: Extended
\n <gateway:experimental>"
<gateway:experimental:description> When the parent
resource is a Service, this targets a specific
port in the Service spec. When both Port (experimental)
and SectionName are specified, the name and port
of the selected port must match both specified
values. </gateway:experimental:description> \n
Implementations MAY choose to support other parent
resources. Implementations supporting other types
of parent resources MUST clearly document how/if
Port is interpreted. \n For the purpose of status,
an attachment is considered successful as long
as the parent resource accepts it partially. For
example, Gateway listeners can restrict which
Routes can attach to them by Route kind, namespace,
or hostname. If 1 of 2 Gateway listeners accept
attachment from the referencing Route, the Route
MUST be considered successfully attached. If no
Gateway listeners accept attachment from this
Route, the Route MUST be considered detached from
the Gateway. \n Support: Extended \n <gateway:experimental>"
format: int32
maximum: 65535
minimum: 1
Expand Down Expand Up @@ -870,6 +880,16 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
Expand Down Expand Up @@ -938,6 +958,16 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
Expand Down Expand Up @@ -1004,6 +1034,16 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
Expand Down Expand Up @@ -1072,6 +1112,16 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
Expand Down
2 changes: 1 addition & 1 deletion bundle/manifests/acme.cert-manager.io_orders.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.13.3
app.kubernetes.io/version: v1.14.1
name: orders.acme.cert-manager.io
spec:
group: acme.cert-manager.io
Expand Down
2 changes: 1 addition & 1 deletion bundle/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.13.3
app.kubernetes.io/version: v1.14.1
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
name: cert-manager-cluster-view
rules:
Expand Down
2 changes: 1 addition & 1 deletion bundle/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.13.3
app.kubernetes.io/version: v1.14.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
Expand Down
2 changes: 1 addition & 1 deletion bundle/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.13.3
app.kubernetes.io/version: v1.14.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
Expand Down
11 changes: 0 additions & 11 deletions bundle/manifests/cert-manager-webhook_v1_configmap.yaml
View file

This file was deleted.

2 changes: 1 addition & 1 deletion bundle/manifests/cert-manager-webhook_v1_service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.13.3
app.kubernetes.io/version: v1.14.1
name: cert-manager-webhook
spec:
ports:
Expand Down
Loading

0 comments on commit 5e92aac

Please sign in to comment.