feat(cert-manager): add cluster issuer to okd cluster score #157
@ -2,7 +2,9 @@ use std::sync::Arc;
|
|||||||
|
|
||||||
use async_trait::async_trait;
|
use async_trait::async_trait;
|
||||||
use harmony_types::id::Id;
|
use harmony_types::id::Id;
|
||||||
use serde::Serialize;
|
use kube::{CustomResource, api::ObjectMeta};
|
||||||
|
use schemars::JsonSchema;
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
data::Version,
|
data::Version,
|
||||||
@ -13,14 +15,14 @@ use crate::{
|
|||||||
};
|
};
|
||||||
|
|
||||||
#[derive(Clone, Debug, Serialize)]
|
#[derive(Clone, Debug, Serialize)]
|
||||||
pub struct ClusterIssuer {
|
pub struct ClusterIssuerScore {
|
||||||
email: String,
|
email: String,
|
||||||
server: String,
|
server: String,
|
||||||
issuer_name: String,
|
issuer_name: String,
|
||||||
namespace: String,
|
namespace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<T: Topology + K8sclient> Score<T> for ClusterIssuer {
|
impl<T: Topology + K8sclient> Score<T> for ClusterIssuerScore {
|
||||||
fn name(&self) -> String {
|
fn name(&self) -> String {
|
||||||
"ClusterIssuerScore".to_string()
|
"ClusterIssuerScore".to_string()
|
||||||
}
|
}
|
||||||
@ -35,7 +37,7 @@ impl<T: Topology + K8sclient> Score<T> for ClusterIssuer {
|
|||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
pub struct ClusterIssuerInterpret {
|
pub struct ClusterIssuerInterpret {
|
||||||
score: ClusterIssuer,
|
score: ClusterIssuerScore,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[async_trait]
|
#[async_trait]
|
||||||
@ -71,7 +73,7 @@ impl ClusterIssuerInterpret {
|
|||||||
&self,
|
&self,
|
||||||
client: &Arc<K8sClient>,
|
client: &Arc<K8sClient>,
|
||||||
|
wjro marked this conversation as resolved
|
|||||||
) -> Result<Outcome, InterpretError> {
|
) -> Result<Outcome, InterpretError> {
|
||||||
let cert_manager = "cet-manager".to_string();
|
let cert_manager = "cert-manager".to_string();
|
||||||
let operator_namespace = "openshift-operators".to_string();
|
let operator_namespace = "openshift-operators".to_string();
|
||||||
match client
|
match client
|
||||||
.get_deployment(&cert_manager, Some(&operator_namespace))
|
.get_deployment(&cert_manager, Some(&operator_namespace))
|
||||||
@ -108,31 +110,35 @@ impl ClusterIssuerInterpret {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn build_cluster_issuer(&self) -> Result<String, InterpretError> {
|
fn build_cluster_issuer(&self) -> Result<ClusterIssuer, InterpretError> {
|
||||||
let issuer_name = &self.score.issuer_name;
|
let issuer_name = &self.score.issuer_name;
|
||||||
let email = &self.score.email;
|
let email = &self.score.email;
|
||||||
let server = &self.score.server;
|
let server = &self.score.server;
|
||||||
let namespace = &self.score.namespace;
|
let namespace = &self.score.namespace;
|
||||||
let cluster_issuer = format!(
|
let cluster_issuer = ClusterIssuer {
|
||||||
r#"
|
metadata: ObjectMeta {
|
||||||
apiVersion: cert-manager.io/v1
|
name: Some(issuer_name.to_string()),
|
||||||
kind: ClusterIssuer
|
namespace: Some(namespace.to_string()),
|
||||||
metadata:
|
..Default::default()
|
||||||
- apiVersion: cert-manager.io/v1
|
},
|
||||||
manager: cert-manager-clusterissuers
|
spec: ClusterIssuerSpec {
|
||||||
name: {issuer_name}
|
acme: AcmeSpec {
|
||||||
namespace: {namespace}
|
email: email.to_string(),
|
||||||
spec:
|
private_key_secret_ref: PrivateKeySecretRef {
|
||||||
acme:
|
name: issuer_name.to_string(),
|
||||||
email: {email}
|
},
|
||||||
privateKeySecretRef:
|
server: server.to_string(),
|
||||||
name: {issuer_name}
|
solvers: vec
letian
commented
Considering we try to do as little yaml as possible, maybe it would be better to introduce a Resource for this? Something like: And it would be used like: Considering we try to do as little yaml as possible, maybe it would be better to introduce a Resource for this?
Something like:
```rs
#[derive(CustomResource, Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[kube(
group = "cert-manager.io",
version = "v1",
kind = "ClusterIssuer",
namespaced = false // ClusterIssuer is a cluster-scoped resource
)]
#[serde(rename_all = "camelCase")]
pub struct ClusterIssuerSpec {
pub acme: AcmeSpec,
}
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct AcmeSpec {
pub email: String,
pub private_key_secret_ref: PrivateKeySecretRef,
pub server: String,
pub solvers: Vec<SolverSpec>,
}
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct PrivateKeySecretRef {
pub name: String,
}
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct SolverSpec {
pub http01: Option<Http01Solver>,
// Other solver types (e.g., dns01) would go here as Options
}
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct Http01Solver {
pub ingress: Http01Ingress,
}
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct Http01Ingress {
pub class: String,
}
```
And it would be used like:
```rs
ClusterIssuer {
metadata: ObjectMeta {
name: Some(issuer_name.to_string()),
namespace: Some(namespace.to_string()),
..Default::default()
},
spec: ClusterIssuerSpec {
acme: AcmeSpec {
email: email.to_string(),
private_key_secret_ref: PrivateKeySecretRef {
name: issuer_name.to_string(),
},
server: server.to_string(),
solvers: vec![
SolverSpec {
http01: Some(Http01Solver {
ingress: Http01Ingress {
class: "nginx".to_string(),
},
}),
}
],
},
},
}
```
|
|||||||
class: nginx"#,
|
}),
|
||||||
);
|
}],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
Ok(cluster_issuer)
|
Ok(cluster_issuer)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -155,3 +161,49 @@ spec:
|
|||||||
)))
|
)))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(CustomResource, Deserialize, Serialize, Clone, Debug, JsonSchema)]
|
||||||
|
#[kube(
|
||||||
|
group = "cert-manager.io",
|
||||||
|
version = "v1",
|
||||||
|
kind = "ClusterIssuer",
|
||||||
|
plural = "clusterissuers"
|
||||||
|
)]
|
||||||
|
#[serde(rename_all = "camelCase")]
|
||||||
|
pub struct ClusterIssuerSpec {
|
||||||
|
pub acme: AcmeSpec,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
|
||||||
|
#[serde(rename_all = "camelCase")]
|
||||||
|
pub struct AcmeSpec {
|
||||||
|
pub email: String,
|
||||||
|
pub private_key_secret_ref: PrivateKeySecretRef,
|
||||||
|
pub server: String,
|
||||||
|
pub solvers: Vec<SolverSpec>,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
|
||||||
|
#[serde(rename_all = "camelCase")]
|
||||||
|
pub struct PrivateKeySecretRef {
|
||||||
|
pub name: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
|
||||||
|
#[serde(rename_all = "camelCase")]
|
||||||
|
pub struct SolverSpec {
|
||||||
|
pub http01: Option<Http01Solver>,
|
||||||
|
// Other solver types (e.g., dns01) would go here as Options
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
|
||||||
|
#[serde(rename_all = "camelCase")]
|
||||||
|
pub struct Http01Solver {
|
||||||
|
pub ingress: Http01Ingress,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Deserialize, Serialize, Clone, Debug, JsonSchema)]
|
||||||
|
#[serde(rename_all = "camelCase")]
|
||||||
|
pub struct Http01Ingress {
|
||||||
|
pub class: String,
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user
is it a typo?
cet-managerinstead ofcert-manager?