feat(cert-manager): add cluster issuer to okd cluster score #157

wjro · 2025-09-12T19:42:47Z

wjro commented

2025-09-12 19:42:47 +00:00

added score to install okd cluster issuer

wjro added 1 commit 2025-09-12 19:42:48 +00:00

feat(cert-manager): add cluster issuer to okd cluster score

Run Check Script / check (pull_request) Successful in 57s

Details

4e63fe4ff2

letian reviewed 2025-09-26 13:51:08 +00:00

harmony/src/modules/cert_manager/cluster_issuer.rs

						
				@ -0,0 +71,4 @@

				        &self,

				        client: &Arc<K8sClient>,

				    ) -> Result<Outcome, InterpretError> {

				        let cert_manager = "cet-manager".to_string();

letian commented

2025-09-26 13:51:08 +00:00

is it a typo? cet-manager instead of cert-manager?

is it a typo? `cet-manager` instead of `cert-manager`?

wjro marked this conversation as resolved

letian reviewed 2025-09-26 14:05:54 +00:00

harmony/src/modules/cert_manager/cluster_issuer.rs Outdated

						
				@ -0,0 +132,4 @@

				      - http01:

				          ingress:

				            class: nginx"#,

				        );

letian commented

2025-09-26 14:05:54 +00:00

Considering we try to do as little yaml as possible, maybe it would be better to introduce a Resource for this?

Something like:

#[derive(CustomResource, Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[kube(
    group = "cert-manager.io",
    version = "v1",
    kind = "ClusterIssuer",
    namespaced = false // ClusterIssuer is a cluster-scoped resource
)]
#[serde(rename_all = "camelCase")]
pub struct ClusterIssuerSpec {
    pub acme: AcmeSpec,
}

#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct AcmeSpec {
    pub email: String,
    pub private_key_secret_ref: PrivateKeySecretRef,
    pub server: String,
    pub solvers: Vec<SolverSpec>,
}

#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct PrivateKeySecretRef {
    pub name: String,
}

#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct SolverSpec {
    pub http01: Option<Http01Solver>,
    // Other solver types (e.g., dns01) would go here as Options
}

#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct Http01Solver {
    pub ingress: Http01Ingress,
}

#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct Http01Ingress {
    pub class: String,
}

And it would be used like:

    ClusterIssuer {
        metadata: ObjectMeta {
            name: Some(issuer_name.to_string()),
            namespace: Some(namespace.to_string()),
            ..Default::default()
        },
        spec: ClusterIssuerSpec {
            acme: AcmeSpec {
                email: email.to_string(),
                private_key_secret_ref: PrivateKeySecretRef {
                    name: issuer_name.to_string(),
                },
                server: server.to_string(),
                solvers: vec![
                    SolverSpec {
                        http01: Some(Http01Solver {
                            ingress: Http01Ingress {
                                class: "nginx".to_string(),
                            },
                        }),
                    }
                ],
            },
        },
    }

Considering we try to do as little yaml as possible, maybe it would be better to introduce a Resource for this? Something like: ```rs #[derive(CustomResource, Deserialize, Serialize, Clone, Debug, JsonSchema)] #[kube( group = "cert-manager.io", version = "v1", kind = "ClusterIssuer", namespaced = false // ClusterIssuer is a cluster-scoped resource )] #[serde(rename_all = "camelCase")] pub struct ClusterIssuerSpec { pub acme: AcmeSpec, } #[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)] #[serde(rename_all = "camelCase")] pub struct AcmeSpec { pub email: String, pub private_key_secret_ref: PrivateKeySecretRef, pub server: String, pub solvers: Vec<SolverSpec>, } #[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)] #[serde(rename_all = "camelCase")] pub struct PrivateKeySecretRef { pub name: String, } #[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)] #[serde(rename_all = "camelCase")] pub struct SolverSpec { pub http01: Option<Http01Solver>, // Other solver types (e.g., dns01) would go here as Options } #[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)] #[serde(rename_all = "camelCase")] pub struct Http01Solver { pub ingress: Http01Ingress, } #[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)] #[serde(rename_all = "camelCase")] pub struct Http01Ingress { pub class: String, } ``` And it would be used like: ```rs ClusterIssuer { metadata: ObjectMeta { name: Some(issuer_name.to_string()), namespace: Some(namespace.to_string()), ..Default::default() }, spec: ClusterIssuerSpec { acme: AcmeSpec { email: email.to_string(), private_key_secret_ref: PrivateKeySecretRef { name: issuer_name.to_string(), }, server: server.to_string(), solvers: vec![ SolverSpec { http01: Some(Http01Solver { ingress: Http01Ingress { class: "nginx".to_string(), }, }), } ], }, }, } ```

wjro marked this conversation as resolved

wjro added 1 commit 2025-10-21 15:17:52 +00:00

Merge branch 'master' into feat/okd_set_ingress_certs

Run Check Script / check (pull_request) Has been cancelled

Details

770f1fea4a

wjro added 1 commit 2025-10-21 15:44:06 +00:00

fix: use derive custom resource for kube-rs rather than a yaml string

Run Check Script / check (pull_request) Has been cancelled

Details

8932bf3cf7

wjro added 1 commit 2025-10-21 15:55:31 +00:00