From e3b1e926f87357dafa8f5c03ba5081da01c67bd8 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 27 Dec 2024 21:23:05 +0100 Subject: [PATCH] Fixed issue StormShift OCP5 Certificate is expired https://github.com/stormshift/support/issues/225 --- .../cluster-scope/Proxy/cluster.yaml | 9 +++++++ .../cluster-scope/Proxy/kustomization.yaml | 4 ++++ .../cluster-scope/kustomization.yaml | 1 + .../stormshift-ocp5/kustomization.yaml | 1 + .../namespace/kustomization.yaml | 5 ++++ .../IngressController/default.yaml | 10 ++++++++ .../kustomization.yaml | 5 ++++ .../ExternalSecret/ocp-coe-cert.yaml | 24 +++++++++++++++++++ .../openshift-ingress/kustomization.yaml | 7 ++++++ 9 files changed, 66 insertions(+) create mode 100644 configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/cluster.yaml create mode 100644 configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/kustomization.yaml create mode 100644 configuration/overlays/stormshift-ocp5/namespace/kustomization.yaml create mode 100644 configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/IngressController/default.yaml create mode 100644 configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/kustomization.yaml create mode 100644 configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml create mode 100644 configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/kustomization.yaml diff --git a/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/cluster.yaml b/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/cluster.yaml new file mode 100644 index 0000000..3b15d35 --- /dev/null +++ b/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/cluster.yaml @@ -0,0 +1,9 @@ +apiVersion: config.openshift.io/v1 +kind: Proxy +metadata: + annotations: + argocd.argoproj.io/sync-options: "ServerSideApply=true,Validate=false" + name: cluster +spec: + trustedCA: + name: redhat-current-it-root-cas diff --git a/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/kustomization.yaml b/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/kustomization.yaml new file mode 100644 index 0000000..a589202 --- /dev/null +++ b/configuration/overlays/stormshift-ocp5/cluster-scope/Proxy/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster.yaml diff --git a/configuration/overlays/stormshift-ocp5/cluster-scope/kustomization.yaml b/configuration/overlays/stormshift-ocp5/cluster-scope/kustomization.yaml index 1eeb2e0..3a54f2b 100644 --- a/configuration/overlays/stormshift-ocp5/cluster-scope/kustomization.yaml +++ b/configuration/overlays/stormshift-ocp5/cluster-scope/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - MachineConfig/ +- Proxy/ diff --git a/configuration/overlays/stormshift-ocp5/kustomization.yaml b/configuration/overlays/stormshift-ocp5/kustomization.yaml index e3fa938..b5a4d9f 100644 --- a/configuration/overlays/stormshift-ocp5/kustomization.yaml +++ b/configuration/overlays/stormshift-ocp5/kustomization.yaml @@ -11,3 +11,4 @@ resources: - ../../../apps/astra-trident/overlays/stormshift-ocp5/ - cluster-scope/ + - namespace/ diff --git a/configuration/overlays/stormshift-ocp5/namespace/kustomization.yaml b/configuration/overlays/stormshift-ocp5/namespace/kustomization.yaml new file mode 100644 index 0000000..c16f0a3 --- /dev/null +++ b/configuration/overlays/stormshift-ocp5/namespace/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - openshift-ingress/ + - openshift-ingress-operator/ diff --git a/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/IngressController/default.yaml b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/IngressController/default.yaml new file mode 100644 index 0000000..c21c732 --- /dev/null +++ b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/IngressController/default.yaml @@ -0,0 +1,10 @@ +apiVersion: operator.openshift.io/v1 +kind: IngressController +metadata: + name: default + namespace: openshift-ingress-operator + annotations: + argocd.argoproj.io/sync-options: "ServerSideApply=true,Validate=false" +spec: + defaultCertificate: + name: ocp-coe-cert diff --git a/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/kustomization.yaml b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/kustomization.yaml new file mode 100644 index 0000000..335a0eb --- /dev/null +++ b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress-operator/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - IngressController/default.yaml diff --git a/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml new file mode 100644 index 0000000..2a68214 --- /dev/null +++ b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/ExternalSecret/ocp-coe-cert.yaml @@ -0,0 +1,24 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ocp-coe-cert +spec: + data: + - remoteRef: + key: coe-lab/certificate/api.ocp5.stormshift.coe.muc.redhat.com + property: cert_and_intermediate_pem + secretKey: tls.crt + - remoteRef: + key: coe-lab/certificate/api.ocp5.stormshift.coe.muc.redhat.com + property: key + secretKey: tls.key + refreshInterval: 12h + secretStoreRef: + kind: ClusterSecretStore + name: redhat-vault + target: + creationPolicy: Owner + deletionPolicy: Retain + name: ocp-coe-cert + template: + type: kubernetes.io/tls diff --git a/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/kustomization.yaml b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/kustomization.yaml new file mode 100644 index 0000000..dd7c805 --- /dev/null +++ b/configuration/overlays/stormshift-ocp5/namespace/openshift-ingress/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: openshift-ingress + +resources: +- ExternalSecret/ocp-coe-cert.yaml