Rollout cert

rbo · rbo · commit 60427c796214 · 2025-01-03T16:30:14.000+01:00
Part of * stormshift/support#227
diff --git a/configuration/overlays/stormshift-ocp4/kustomization.yaml b/configuration/overlays/stormshift-ocp4/kustomization.yaml
@@ -5,6 +5,7 @@ kind: Kustomization
 resources:
   - ../common/
   - cluster-scope/
+  - namespace/
   - ../../../apps/astra-trident/overlays/stormshift-ocp4/
 
   # Custom logo
diff --git a/configuration/overlays/stormshift-ocp4/namespace/kustomization.yaml b/configuration/overlays/stormshift-ocp4/namespace/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - openshift-ingress/
+ - openshift-ingress-operator/
diff --git a/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress-operator/IngressController/default.yaml b/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress-operator/IngressController/default.yaml
@@ -0,0 +1,10 @@
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+  annotations:
+    argocd.argoproj.io/sync-options: "ServerSideApply=true,Validate=false"
+spec:
+  defaultCertificate:
+    name: ocp-coe-cert
diff --git a/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress-operator/kustomization.yaml b/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress-operator/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - IngressController/default.yaml
diff --git a/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml b/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml
@@ -0,0 +1,24 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ocp-coe-cert
+spec:
+  data:
+  - remoteRef:
+      key: coe-lab/certificate/api.ocp4.stormshift.coe.muc.redhat.com
+      property: cert_and_intermediate_pem
+    secretKey: tls.crt
+  - remoteRef:
+      key: coe-lab/certificate/api.ocp4.stormshift.coe.muc.redhat.com
+      property: key
+    secretKey: tls.key
+  refreshInterval: 12h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: redhat-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: ocp-coe-cert
+    template:
+      type: kubernetes.io/tls
diff --git a/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress/kustomization.yaml b/configuration/overlays/stormshift-ocp4/namespace/openshift-ingress/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: openshift-ingress
+
+resources:
+- ExternalSecret/ocp-coe-cert.yaml 
