From af4bee7192a05d40da758a49e2ed7c9ffd96b480 Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Wed, 15 Jan 2025 10:54:04 -0500 Subject: [PATCH] Add support for installing cert manager from RH catalogue Signed-off-by: Harshal Patil --- Makefile | 4 ++ hack/deploy-cert-manager-ocp.sh | 107 ++++++++++++++++++++++++++++++++ hack/remove-cert-manager-ocp.sh | 56 +++++++++++++++++ 3 files changed, 167 insertions(+) create mode 100755 hack/deploy-cert-manager-ocp.sh create mode 100755 hack/remove-cert-manager-ocp.sh diff --git a/Makefile b/Makefile index 18f9cd72..8a139b0c 100644 --- a/Makefile +++ b/Makefile @@ -166,6 +166,10 @@ check-gpu-nodes: exit 1; \ fi +.PHONY: deploy-latest-cert-manager-ocp +deploy-latest-cert-manager-ocp: + hack/deploy-cert-manager-ocp.sh stable-v1.14 v1.14.1 + .PHONY: test-e2e-ocp-emulated test-e2e-ocp-emulated: export IMG_TAG=latest test-e2e-ocp-emulated: export EMULATOR_MODE=true diff --git a/hack/deploy-cert-manager-ocp.sh b/hack/deploy-cert-manager-ocp.sh new file mode 100755 index 00000000..9f507fab --- /dev/null +++ b/hack/deploy-cert-manager-ocp.sh @@ -0,0 +1,107 @@ +#!/usr/bin/env bash + +# /* +# Copyright 2025. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# */ + +set -euo pipefail + +# Check for required arguments +if [ "$#" -ne 2 ]; then + echo "Usage: $0 " + echo "Example: $0 stable-v1.14 v1.14.1" + exit 1 +fi + +CHANNEL="$1" +VERSION="$2" +STARTING_CSV="cert-manager-operator.${VERSION}" + +KUBECTL=${KUBECTL:-oc} +NAMESPACE="cert-manager-operator" +DEPLOYMENT_NAME="cert-manager-operator-controller-manager" +WEBHOOK_NAMESPACE="cert-manager" +WEBHOOK_LABEL="app=webhook" +WEBHOOK_TIMEOUT="120s" +POLL_INTERVAL=5 +MAX_RETRIES=24 # Total timeout = MAX_RETRIES * POLL_INTERVAL = 120s + +# Check if cert-manager-operator is already installed +if $KUBECTL get namespace $NAMESPACE > /dev/null 2>&1; then + echo "Namespace $NAMESPACE already exists. Checking deployment..." + if $KUBECTL get deployment $DEPLOYMENT_NAME -n $NAMESPACE > /dev/null 2>&1; then + echo "cert-manager-operator is already installed and running." + exit 0 + fi + echo "Namespace exists, but deployment not found. Proceeding with installation..." +fi + +echo "Creating namespace for cert-manager-operator..." +$KUBECTL create namespace $NAMESPACE --dry-run=client -o yaml | $KUBECTL apply -f - + +echo "Applying OperatorGroup configuration..." +cat < /dev/null 2>&1; do + echo "Waiting for $DEPLOYMENT_NAME to appear..." + sleep $POLL_INTERVAL +done + +echo "Waiting for cert-manager-operator deployment to be available..." +$KUBECTL wait --for=condition=Available deployment/$DEPLOYMENT_NAME \ + -n $NAMESPACE --timeout=$WEBHOOK_TIMEOUT + +echo "Waiting for webhook pod to be created..." +retries=0 +until $KUBECTL get pod -l $WEBHOOK_LABEL -n $WEBHOOK_NAMESPACE > /dev/null 2>&1; do + if [ $retries -ge $MAX_RETRIES ]; then + echo "Error: Webhook pod did not appear within the timeout period." + exit 1 + fi + echo "Waiting for webhook pod to appear... (Attempt $((retries + 1))/$MAX_RETRIES)" + sleep $POLL_INTERVAL + retries=$((retries + 1)) +done + +echo "Waiting for webhook pod to be ready..." +$KUBECTL wait --for=condition=ready pod -l $WEBHOOK_LABEL -n $WEBHOOK_NAMESPACE --timeout=$WEBHOOK_TIMEOUT + +echo "cert-manager-operator setup completed successfully." diff --git a/hack/remove-cert-manager-ocp.sh b/hack/remove-cert-manager-ocp.sh new file mode 100755 index 00000000..9f1f3692 --- /dev/null +++ b/hack/remove-cert-manager-ocp.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +# /* +# Copyright 2025. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# */ + +set -euo pipefail + +KUBECTL=${KUBECTL:-oc} +NAMESPACE="cert-manager-operator" + +echo "Deleting custom resources managed by cert-manager..." +$KUBECTL delete certificates --all -n $NAMESPACE || true +$KUBECTL delete certificaterequests --all -n $NAMESPACE || true +$KUBECTL delete issuers --all -n $NAMESPACE || true +$KUBECTL delete clusterissuers --all || true + +echo "Deleting Subscription for cert-manager-operator..." +$KUBECTL delete subscription openshift-cert-manager-operator -n $NAMESPACE || true + +echo "Deleting ClusterServiceVersion (CSV)..." +$KUBECTL get csv -n $NAMESPACE -o name | xargs -r $KUBECTL delete -n $NAMESPACE + +echo "Deleting OperatorGroup..." +$KUBECTL delete operatorgroup openshift-cert-manager-operator -n $NAMESPACE || true + +echo "Deleting services..." +$KUBECTL delete service cert-manager cert-manager-webhook -n cert-manager || true + +echo "Deleting Custom Resource Definitions (CRDs)..." +$KUBECTL delete crd certificates.cert-manager.io \ + certificaterequests.cert-manager.io \ + issuers.cert-manager.io \ + clusterissuers.cert-manager.io \ + challenges.acme.cert-manager.io \ + orders.acme.cert-manager.io || true + +echo "Deleting the namespace..." +$KUBECTL delete namespace $NAMESPACE || true + +echo "Deleting deployments in the cert-manager namespace..." +$KUBECTL delete deployment -n cert-manager --all + +echo "Uninstall of cert manager operator completed successfully."