Fixed issue StormShift OCP5 Certificate is expired

stormshift/support#225
stormshift · Dec 27, 2024 · e3b1e92 · e3b1e92
1 parent 835cf85
commit e3b1e92
Show file tree

Hide file tree

Showing 9 changed files with 66 additions and 0 deletions.
diff --git a/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/cluster.yaml b/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/cluster.yaml
@@ -0,0 +1,9 @@
+apiVersion: config.openshift.io/v1
+kind: Proxy
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: "ServerSideApply=true,Validate=false"
+  name: cluster
+spec:
+  trustedCA:
+    name: redhat-current-it-root-cas
diff --git a/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/kustomization.yaml b/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- cluster.yaml
diff --git a/configuration/overlays/stormshift-ocp5/cluster-scope/kustomization.yaml b/configuration/overlays/stormshift-ocp5/cluster-scope/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - MachineConfig/
+- Proxy/
diff --git a/configuration/overlays/stormshift-ocp5/kustomization.yaml b/configuration/overlays/stormshift-ocp5/kustomization.yaml
@@ -11,3 +11,4 @@ resources:
 
   - ../../../apps/astra-trident/overlays/stormshift-ocp5/
   - cluster-scope/
+  - namespace/
diff --git a/configuration/overlays/stormshift-ocp5/namespace/kustomization.yaml b/configuration/overlays/stormshift-ocp5/namespace/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - openshift-ingress/
+ - openshift-ingress-operator/
diff --git a/...rlays/stormshift-ocp5/namespace/openshift-ingress-operator/IngressController/default.yaml b/...rlays/stormshift-ocp5/namespace/openshift-ingress-operator/IngressController/default.yaml
@@ -0,0 +1,10 @@
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  name: default
+  namespace: openshift-ingress-operator
+  annotations:
+    argocd.argoproj.io/sync-options: "ServerSideApply=true,Validate=false"
+spec:
+  defaultCertificate:
+    name: ocp-coe-cert
diff --git a/...guration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/kustomization.yaml b/...guration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - IngressController/default.yaml
diff --git a/...ion/overlays/stormshift-ocp5/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml b/...ion/overlays/stormshift-ocp5/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml
@@ -0,0 +1,24 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ocp-coe-cert
+spec:
+  data:
+  - remoteRef:
+      key: coe-lab/certificate/api.ocp5.stormshift.coe.muc.redhat.com
+      property: cert_and_intermediate_pem
+    secretKey: tls.crt
+  - remoteRef:
+      key: coe-lab/certificate/api.ocp5.stormshift.coe.muc.redhat.com
+      property: key
+    secretKey: tls.key
+  refreshInterval: 12h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: redhat-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: ocp-coe-cert
+    template:
+      type: kubernetes.io/tls
diff --git a/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/kustomization.yaml b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: openshift-ingress
+
+resources:
+- ExternalSecret/ocp-coe-cert.yaml
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,3 +11,4 @@ resources:

		- ../../../apps/astra-trident/overlays/stormshift-ocp5/
		- cluster-scope/
		- namespace/