Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cso): add cert for hook server #54

Open
wants to merge 41 commits into
base: main
Choose a base branch
from
Open

fix(cso): add cert for hook server #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
8398368
fix(cso): add cert for hook server
jschoone Sep 13, 2024
91d3b26
chore: update cert-manager
jschoone Sep 13, 2024
27b0de0
feat(capi): enable runtimesdk
jschoone Sep 13, 2024
0b42ca8
feat(cso): use oci as source
jschoone Sep 13, 2024
d103629
chore: update cspo
jschoone Sep 13, 2024
3c1bac2
test: clusterstack behavior
jschoone Sep 13, 2024
f4ac19d
feat: enable kamaji cluster stacks
jschoone Sep 13, 2024
c059e1c
fix: add missing rbac
jschoone Sep 14, 2024
11961f6
fix: typo
jschoone Sep 14, 2024
9bbc74c
test: deactivate kamaji cluster stack
jschoone Sep 26, 2024
6cfa740
kyverno/config/per-playground-resources.yaml
jschoone Sep 26, 2024
7f6c673
chore(capi): bump versions
jschoone Oct 12, 2024
904b322
chore(kyverno): bump versions
jschoone Oct 12, 2024
b79ab71
feat(kyverno): add permissions for clusterresourcesets
jschoone Oct 12, 2024
735e0c8
feat(installation): add dex
jschoone Oct 15, 2024
25109c0
chore(dex): prepare dex for prod installation
jschoone Oct 15, 2024
b1c073b
feat(rbac): add opencode group
jschoone Oct 15, 2024
42b3d6f
feat(dex): add some redirectURIs for cluster-gen
jschoone Oct 18, 2024
c9f4c9f
test: disable cluster stack distribution
jschoone Oct 20, 2024
575fa89
test(kyverno): enable cluster stack rollout
jschoone Oct 20, 2024
38deda5
fix(kyverno): rename csk
jschoone Oct 20, 2024
521c95f
chore(ing): deny access to capi viz debug page
jschoone Oct 21, 2024
a3c1dc0
chore(capi-viz): bump version
jschoone Oct 21, 2024
dd46e6d
test(kyverno): change to stable channel
jschoone Oct 21, 2024
2ecdf79
test(kyverno): deactivate csk again
jschoone Oct 21, 2024
0a0dc41
text(cso): change to staging image because of https://github.com/Sove…
jschoone Oct 21, 2024
92cda3c
chore(external-dns): secrets aren't secrets
jschoone Oct 22, 2024
b811921
chore(ingress): secrets aren't secrets
jschoone Oct 22, 2024
d60b14b
chore(external-dns): move values to helmrelease resource
jschoone Oct 22, 2024
7968d00
Installation resources for crossplane
mxmxchere Jul 4, 2024
e1ac7d7
chore(crossplane): bump version
jschoone Oct 24, 2024
5cc48d6
fix(dex): use correct secret
jschoone Oct 30, 2024
96ec45b
feat(promtail): limit log scraping to some namespaces
jschoone Oct 30, 2024
2b9483f
feat(promtail): limit log scraping to some namespaces
jschoone Oct 30, 2024
ad0325f
chore(monitoring): bump version
jschoone Oct 30, 2024
362b3d8
fix(monitoring): typo
jschoone Nov 1, 2024
cad14f9
chore(kyverno): remove kubernetes 1.28 for allowed workload cluster v…
jschoone Nov 7, 2024
c8241d8
bump cluster-gen version
paulphys Nov 7, 2024
fc38a5b
chore(kyverno): allow to deploy clusters on 1.29.10
jschoone Nov 8, 2024
4f168f5
chore(kyverno): allow to deploy clusters on 1.30.6
jschoone Nov 13, 2024
91a4a05
chore(rbac): cleanup cluster admins
jschoone Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ The prod components include all of the above and additionally include:
- Kyverno policies
- secrets for gx-scs, dns, github
- pre-deployed namespaces with secrets
- dex

### Development setup

Expand Down
2 changes: 1 addition & 1 deletion capi-visualizer/installation/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
spec:
chart: cluster-api-visualizer
reconcileStrategy: ChartVersion
version: 1.3.0
version: 1.3.1
sourceRef:
kind: HelmRepository
name: capi-visualizer
Expand Down
2 changes: 1 addition & 1 deletion capi/config/cabp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ metadata:
name: kubeadm
namespace: capi-kubeadm-bootstrap-system
spec:
version: v1.7.2
version: v1.8.4
4 changes: 2 additions & 2 deletions capi/config/cacp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,6 @@ spec:
ClusterTopology: true
MachinePool: true
MachineSetPreflightChecks: false
RuntimeSDK: false
RuntimeSDK: true
verbosity: 1
version: v1.7.2
version: v1.8.3
2 changes: 1 addition & 1 deletion capi/config/cacpp.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ spec:
MachinePool: true
ClusterTopology: true
KubeadmBootstrapFormatIgnition: false
version: v1.7.2
version: v1.8.4
6 changes: 3 additions & 3 deletions capi/config/caip.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
apiVersion: v1
kind: Namespace
metadata:
name: openstack-infrastructure-system
name: capo-system
---
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: InfrastructureProvider
metadata:
name: openstack
namespace: openstack-infrastructure-system
namespace: capo-system
spec:
version: v0.10.2
version: v0.10.5
4 changes: 2 additions & 2 deletions capi/config/kamaji.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: ControlPlaneProvider
metadata:
name: kamaji
name: kamaji
namespace: capi-kamaji-control-plane-system
spec:
version: v0.10.0
version: v0.11.0
2 changes: 1 addition & 1 deletion capi/installation/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
spec:
chart: cluster-api-operator
reconcileStrategy: ChartVersion
version: 0.10.1
version: 0.13.0
sourceRef:
kind: HelmRepository
name: capi
Expand Down
2 changes: 1 addition & 1 deletion cert-manager/installation/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
chart:
spec:
chart: cert-manager
version: "v1.14.5"
version: "v1.15.3"
sourceRef:
kind: HelmRepository
name: jetstack
Expand Down
606 changes: 411 additions & 195 deletions cso/installation/cso-infrastructure-components.yaml
View file
Open in desktop

Large diffs are not rendered by default.

241 changes: 134 additions & 107 deletions cspo/installation/cspo-infrastructure-components.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion kyverno/config/k8s-version.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ spec:
deny:
conditions:
all:
- key: "{{ semver_compare( trim_prefix('{{ request.object.spec.topology.version }}', 'v'),'1.28.6 || 1.28.7 || 1.28.8 || 1.28.9 || 1.28.10 || 1.28.11 || 1.28.12 || 1.28.13 || 1.29.3 || 1.29.4 || 1.29.5 || 1.29.6 || 1.29.7 || 1.29.8 || 1.30.1 || 1.30.2 || 1.30.3 || 1.30.4 || 1.31.0') }}"
- key: "{{ semver_compare( trim_prefix('{{ request.object.spec.topology.version }}', 'v'),'1.29.3 || 1.29.4 || 1.29.5 || 1.29.6 || 1.29.7 || 1.29.8 || 1.29.9 || 1.29.10 || 1.30.1 || 1.30.2 || 1.30.3 || 1.30.4 || 1.30.5 || 1.30.6 || 1.31.0') }}"
operator: Equals
value: false
162 changes: 111 additions & 51 deletions kyverno/config/per-playground-resources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,86 +13,146 @@ spec:
validationFailureAction: Audit
generateExisting: true
rules:
- name: generate-clusterstack
- name: generate-cspotemplate
match:
any:
- resources:
kinds:
- Namespace
names:
- '*playground*'
- "*playground*"
generate:
apiVersion: clusterstack.x-k8s.io/v1alpha1
apiVersion: infrastructure.clusterstack.x-k8s.io/v1alpha1
kind: OpenStackClusterStackReleaseTemplate
name: cspotemplate
namespace: "{{request.object.metadata.name}}"
synchronize: true
data:
metadata:
name: scs-cluster-stack
namespace: '{{request.object.metadata.name}}'
name: cspotemplate
namespace: "{{request.object.metadata.name}}"
spec:
autoSubscribe: false
channel: stable
kubernetesVersion: '1.27'
name: scs
noProvider: true
provider: openstack
versions:
- v4
kind: ClusterStack
name: scs-cluster-stack
namespace: '{{request.object.metadata.name}}'
synchronize: true
template:
spec:
identityRef:
kind: Secret
name: openstack
#- name: generate-clusterstack-131
# match:
# any:
# - resources:
# kinds:
# - Namespace
# names:
# - "*playground*"
# generate:
# apiVersion: clusterstack.x-k8s.io/v1alpha1
# kind: ClusterStack
# name: scs-cluster-stack-1-31
# namespace: "{{request.object.metadata.name}}"
# synchronize: true
# data:
# metadata:
# name: scs-cluster-stack-1-31
# namespace: "{{request.object.metadata.name}}"
# spec:
# autoSubscribe: false
# channel: stable
# kubernetesVersion: "1.31"
# name: scs
# provider: openstack
# providerRef:
# apiVersion: infrastructure.clusterstack.x-k8s.io/v1alpha1
# kind: OpenStackClusterStackReleaseTemplate
# name: cspotemplate
# versions:
# - v0-sha.ve8qmt7
#- name: generate-clusterstack-130
# match:
# any:
# - resources:
# kinds:
# - Namespace
# names:
# - "*playground*"
# generate:
# apiVersion: clusterstack.x-k8s.io/v1alpha1
# data:
# metadata:
# name: openstack-scs-130
# namespace: "{{request.object.metadata.name}}"
# spec:
# autoSubscribe: false
# channel: stable
# kubernetesVersion: "1.30"
# name: scs
# providerRef:
# apiVersion: infrastructure.clusterstack.x-k8s.io/v1alpha1
# kind: OpenStackClusterStackReleaseTemplate
# name: cspotemplate
# provider: openstack
# versions:
# - v0-sha.pxfmezw
# kind: ClusterStack
# name: openstack-scs-130
# namespace: "{{request.object.metadata.name}}"
# synchronize: true
- name: generate-rolebinding
match:
any:
- resources:
kinds:
- Namespace
names:
- '*playground*'
- "*playground*"
generate:
synchronize: true
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
name: scs-tenant-rolebinding
namespace: '{{request.object.metadata.name}}'
namespace: "{{request.object.metadata.name}}"
data:
metadata:
name: scs-tenant-rolebinding
namespace: '{{request.object.metadata.name}}'
namespace: "{{request.object.metadata.name}}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: scs-tenant-clusterrole
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: 'oidc:SovereignCloudStack:moin-cluster-all-playgrounds'
- name: generate-kamaji-clusterstack
match:
any:
- resources:
kinds:
- Namespace
names:
- '*playground*'
generate:
apiVersion: clusterstack.x-k8s.io/v1alpha1
data:
metadata:
name: kamaji
namespace: '{{request.object.metadata.name}}'
spec:
provider: openstack
name: kamaji
kubernetesVersion: "1.30"
channel: custom
autoSubscribe: false
providerRef:
apiVersion: infrastructure.clusterstack.x-k8s.io/v1alpha1
kind: OpenStackClusterStackReleaseTemplate
name: cspotemplate
versions:
- v0-sha.11930ee
kind: ClusterStack
name: kamaji
namespace: '{{request.object.metadata.name}}'
synchronize: true
name: "oidc:SovereignCloudStack:moin-cluster-all-playgrounds"
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: "oidc:sovereigncloudstack/moin-cluster"
#- name: generate-kamaji-clusterstack
# match:
# any:
# - resources:
# kinds:
# - Namespace
# names:
# - "*playground*"
# generate:
# apiVersion: clusterstack.x-k8s.io/v1alpha1
# data:
# metadata:
# name: kamaji
# namespace: "{{request.object.metadata.name}}"
# spec:
# provider: openstack
# name: kamaji
# kubernetesVersion: "1.30"
# channel: stable
# autoSubscribe: false
# providerRef:
# apiVersion: infrastructure.clusterstack.x-k8s.io/v1alpha1
# kind: OpenStackClusterStackReleaseTemplate
# name: cspotemplate
# versions:
# - v0-sha.frco630
# kind: ClusterStack
# name: kamaji
# namespace: "{{request.object.metadata.name}}"
# synchronize: true
76 changes: 39 additions & 37 deletions kyverno/installation/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
spec:
chart: kyverno
reconcileStrategy: ChartVersion
version: v3.2.2
version: v3.2.7
sourceRef:
kind: HelmRepository
name: kyverno
Expand All @@ -25,52 +25,54 @@ spec:
clusterRole:
extraResources:
- apiGroups:
- cluster.x-k8s.io
- cluster.x-k8s.io
resources:
- "*"
- "*"
verbs:
- get
- create
- update
- delete
- watch
- list
- patch
- get
- create
- update
- delete
- watch
- list
- patch
- apiGroups:
- ""
- ""
resources:
- "secrets"
- "secrets"
verbs:
- get
- create
- update
- delete
- watch
- list
- patch
- get
- create
- update
- delete
- watch
- list
- patch
- apiGroups:
- clusterstack.x-k8s.io
- clusterstack.x-k8s.io
resources:
- "*"
- "*"
verbs:
- get
- create
- update
- delete
- watch
- list
- patch
- get
- create
- update
- delete
- watch
- list
- patch
- apiGroups:
- infrastructure.clusterstack.x-k8s.io
- infrastructure.clusterstack.x-k8s.io
- infrastructure.cluster.x-k8s.io
- addons.cluster.x-k8s.io
resources:
- "*"
- "*"
verbs:
- get
- create
- update
- delete
- watch
- list
- patch
- get
- create
- update
- delete
- watch
- list
- patch
interval: 10s
targetNamespace: kyverno
2 changes: 1 addition & 1 deletion prod/cluster-gen/installation/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@ spec:
retries: -1
targetNamespace: cluster-gen
values:
image: registry.scs.community/cluster-gen/cluster-gen:v0.0.2
image: registry.scs.community/cluster-gen/cluster-gen:v0.0.8
Loading