From 52246e155c84ed316967eeffff3f50f73a3c47ef Mon Sep 17 00:00:00 2001 From: Todd Short Date: Mon, 9 Sep 2024 12:49:53 -0400 Subject: [PATCH] Force a rename of the catalogd certificate (#386) This will cause the catalogd deployment to restart, meaning that the catalogd will update quicker (rather than waiting on k8s to update the certificates via the volume) Signed-off-by: Todd Short --- Makefile | 4 ++-- config/components/tls/patches/manager_deployment_certs.yaml | 4 ++-- config/components/tls/resources/certificate.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 5ee12212..543064af 100644 --- a/Makefile +++ b/Makefile @@ -207,7 +207,7 @@ deploy: export MANIFEST="./catalogd.yaml" deploy: export DEFAULT_CATALOGS="./config/base/default/clustercatalogs/default-catalogs.yaml" deploy: $(KUSTOMIZE) ## Deploy Catalogd to the K8s cluster specified in ~/.kube/config with cert-manager and default clustercatalogs cd config/base/manager && $(KUSTOMIZE) edit set image controller=$(IMAGE) && cd ../../.. - $(KUSTOMIZE) build config/overlays/cert-manager > catalogd.yaml + $(KUSTOMIZE) build config/overlays/cert-manager | sed "s/cert-git-version/cert-$(GIT_VERSION)/g" > catalogd.yaml envsubst '$$CERT_MGR_VERSION,$$MANIFEST,$$DEFAULT_CATALOGS' < scripts/install.tpl.sh | bash -s .PHONY: only-deploy-manifest @@ -242,7 +242,7 @@ release: $(GORELEASER) ## Runs goreleaser for catalogd. By default, this will ru quickstart: export MANIFEST := https://github.com/operator-framework/catalogd/releases/download/$(VERSION)/catalogd.yaml quickstart: export DEFAULT_CATALOGS := https://github.com/operator-framework/catalogd/releases/download/$(VERSION)/default-catalogs.yaml quickstart: $(KUSTOMIZE) generate ## Generate the installation release manifests and scripts - $(KUSTOMIZE) build config/overlays/cert-manager | sed "s/:devel/:$(GIT_VERSION)/g" > catalogd.yaml + $(KUSTOMIZE) build config/overlays/cert-manager | sed "s/:devel/:$(GIT_VERSION)/g" | sed "s/cert-git-version/cert-$(GIT_VERSION)/g" > catalogd.yaml envsubst '$$CERT_MGR_VERSION,$$MANIFEST,$$DEFAULT_CATALOGS' < scripts/install.tpl.sh > install.sh .PHONY: demo-update diff --git a/config/components/tls/patches/manager_deployment_certs.yaml b/config/components/tls/patches/manager_deployment_certs.yaml index 37ef4173..b0005f1c 100644 --- a/config/components/tls/patches/manager_deployment_certs.yaml +++ b/config/components/tls/patches/manager_deployment_certs.yaml @@ -1,6 +1,6 @@ - op: add path: /spec/template/spec/volumes/- - value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-catalogserver-cert"}} + value: {"name":"catalogserver-certs", "secret":{"secretName":"catalogd-catalogserver-cert-git-version"}} - op: add path: /spec/template/spec/containers/1/volumeMounts/- value: {"name":"catalogserver-certs", "mountPath":"/var/certs"} @@ -9,4 +9,4 @@ value: "--tls-cert=/var/certs/tls.crt" - op: add path: /spec/template/spec/containers/1/args/- - value: "--tls-key=/var/certs/tls.key" \ No newline at end of file + value: "--tls-key=/var/certs/tls.key" diff --git a/config/components/tls/resources/certificate.yaml b/config/components/tls/resources/certificate.yaml index bf661480..793d7037 100644 --- a/config/components/tls/resources/certificate.yaml +++ b/config/components/tls/resources/certificate.yaml @@ -5,7 +5,7 @@ metadata: name: catalogserver-cert namespace: system spec: - secretName: catalogd-catalogserver-cert + secretName: catalogd-catalogserver-cert-git-version dnsNames: - localhost - catalogd-catalogserver.olmv1-system.svc