Skip to content

Commit e23d444

Browse files
wallrjwallrj
committed
Deploy the preflight agent
Signed-off-by: Richard Wall <[email protected]>
1 parent aeb2f31 commit e23d444

File tree

5 files changed

+102
-11
lines changed

5 files changed

+102
-11
lines changed

README.md

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,19 +27,22 @@ docker pull quay.io/jetstack/cert-manager-controller:v1.1.0
2727
docker pull quay.io/jetstack/cert-manager-cainjector:v1.1.0
2828
docker pull quay.io/jetstack/cert-manager-webhook:v1.1.0
2929
docker pull quay.io/jetstack/cert-manager-google-cas-issuer:0.1.0
30-
docker tag quay.io/jetstack/cert-manager-controller:v1.1.0 $REGISTRY/$APP_NAME/cert-manager-controller:1.1.0
31-
docker tag quay.io/jetstack/cert-manager-cainjector:v1.1.0 $REGISTRY/$APP_NAME/cert-manager-cainjector:1.1.0
32-
docker tag quay.io/jetstack/cert-manager-webhook:v1.1.0 $REGISTRY/$APP_NAME/cert-manager-webhook:1.1.0
33-
docker tag quay.io/jetstack/cert-manager-google-cas-issuer:latest $REGISTRY/$APP_NAME/cert-manager-google-cas-issuer:0.1.0
34-
docker push $REGISTRY/$APP_NAME/cert-manager-controller:1.1.0
35-
docker push $REGISTRY/$APP_NAME/cert-manager-cainjector:1.1.0
36-
docker push $REGISTRY/$APP_NAME/cert-manager-webhook:1.1.0
37-
docker push $REGISTRY/$APP_NAME/cert-manager-google-cas-issuer:0.1.0
30+
docker pull quay.io/jetstack/preflight:0.1.27
31+
docker tag quay.io/jetstack/cert-manager-controller:v1.1.0 $REGISTRY/$APP_NAME/cert-manager-controller:1.0.0
32+
docker tag quay.io/jetstack/cert-manager-cainjector:v1.1.0 $REGISTRY/$APP_NAME/cert-manager-cainjector:1.0.0
33+
docker tag quay.io/jetstack/cert-manager-webhook:v1.1.0 $REGISTRY/$APP_NAME/cert-manager-webhook:1.0.0
34+
docker tag quay.io/jetstack/cert-manager-google-cas-issuer:latest $REGISTRY/$APP_NAME/cert-manager-google-cas-issuer:1.0.0
35+
docker tag quay.io/jetstack/preflight:latest $REGISTRY/$APP_NAME/cert-manager-preflight:1.0.0
36+
docker push $REGISTRY/$APP_NAME/cert-manager-controller:1.0.0
37+
docker push $REGISTRY/$APP_NAME/cert-manager-cainjector:1.0.0
38+
docker push $REGISTRY/$APP_NAME/cert-manager-webhook:1.0.0
39+
docker push $REGISTRY/$APP_NAME/cert-manager-google-cas-issuer:1.0.0
40+
docker push $REGISTRY/$APP_NAME/cert-manager-preflight:1.0.0
3841
```
3942

40-
> Note: although cert-manager's tags are of the form "v1.1.0", we chose to
41-
> use tags of the form "1.1.0" for the Google Marketplace for the sake of
42-
> consistency.
43+
> Note: although cert-manager's tags are of the form "v1.1.0", we
44+
> use the same JSP version tag for all the Google Marketplace images,
45+
> for consistency with other marketplace packages.
4346
4447
Then, build and push the deployer image:
4548

chart/jetstacksecure-mp/Chart.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,6 @@ dependencies:
1010
- name: google-cas-issuer
1111
appVersion: 0.1.0
1212
repository: ./charts/google-cas-issuer
13+
- name: preflight
14+
appVersion: 0.1.27
15+
repository: ../preflight

chart/jetstacksecure-mp/values.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,3 +22,9 @@ google-cas-issuer:
2222
installCRDs: true
2323
serviceAccount:
2424
create: false # see note (1)
25+
26+
preflight:
27+
serviceAccount:
28+
create: false # see note (1)
29+
rbac:
30+
create: false # see note (1)

cloudbuild.yaml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,32 @@ substitutions:
66
_APP_VERSION: 1.0.0
77
_CERT_MANAGER_VERSION: 1.1.0
88
_CAS_ISSUER_VERSION: 0.1.0
9+
_PREFLIGHT_VERSION: 0.1.27
910
steps:
11+
- id: pull-preflight
12+
name: gcr.io/cloud-builders/docker
13+
args:
14+
- pull
15+
- quay.io/jetstack/preflight:v${_PREFLIGHT_VERSION}
16+
waitFor: ["-"]
17+
18+
- id: tag-preflight
19+
name: gcr.io/cloud-builders/docker
20+
args:
21+
- tag
22+
- quay.io/jetstack/preflight:v${_PREFLIGHT_VERSION}
23+
- gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/cert-manager-preflight:${_APP_VERSION}
24+
waitFor:
25+
- pull-preflight
26+
27+
- id: push-preflight
28+
name: gcr.io/cloud-builders/docker
29+
args:
30+
- push
31+
- gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/cert-manager-preflight:${_APP_VERSION}
32+
waitFor:
33+
- tag-preflight
34+
1035
- id: pull-cas-issuer
1136
name: gcr.io/cloud-builders/docker
1237
args:
@@ -192,6 +217,7 @@ steps:
192217
- push-cainjector
193218
- push-webhook
194219
- push-cas-issuer
220+
- push-preflight
195221

196222
- id: publish
197223
name: gcr.io/cloud-marketplace-tools/k8s/dev
@@ -212,4 +238,5 @@ images:
212238
- gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/cert-manager-cainjector:${_APP_VERSION}
213239
- gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/cert-manager-webhook:${_APP_VERSION}
214240
- gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/cert-manager-google-cas-issuer:${_APP_VERSION}
241+
- gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/cert-manager-preflight:${_APP_VERSION}
215242
- gcr.io/$PROJECT_ID/${_SOLUTION_NAME}/deployer:${_APP_VERSION}

schema.yaml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,12 @@ x-google-marketplace:
5050
type: REPO_WITH_REGISTRY
5151
google-cas-issuer.image.tag:
5252
type: TAG
53+
cert-manager-preflight:
54+
properties:
55+
preflight.image.repository:
56+
type: REPO_WITH_REGISTRY
57+
preflight.image.tag:
58+
type: TAG
5359

5460
# Allow the deployer to create CRDs and webhook configurations
5561
# See https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools/blob/master/docs/schema.md#deployerserviceaccount
@@ -302,6 +308,52 @@ properties:
302308
resources: [certificaterequests/status]
303309
verbs: [get, patch, update]
304310

311+
preflight.serviceAccount.name:
312+
type: string
313+
x-google-marketplace:
314+
type: SERVICE_ACCOUNT
315+
serviceAccount:
316+
description: Service account used by preflight
317+
roles:
318+
- type: ClusterRole
319+
rulesType: CUSTOM
320+
rules:
321+
- apiGroups: [""]
322+
resources: ["nodes"]
323+
verbs: ["get", "list"]
324+
- type: ClusterRole
325+
rulesType: CUSTOM
326+
rules:
327+
- apiGroups: [""]
328+
resources: ["secrets"]
329+
verbs: ["get", "list"]
330+
- type: ClusterRole
331+
rulesType: CUSTOM
332+
rules:
333+
- apiGroups: ["cert-manager.io"]
334+
resources:
335+
- certificates
336+
- certificaterequests
337+
- issuers
338+
- clusterissuers
339+
verbs: ["get", "list"]
340+
- type: ClusterRole
341+
rulesType: CUSTOM
342+
rules:
343+
- apiGroups: ["cas-issuer.jetstack.io"]
344+
resources:
345+
- googlecasissuers
346+
- googlecasclusterissuers
347+
verbs: ["get", "list"]
348+
- type: ClusterRole
349+
rulesType: CUSTOM
350+
rules:
351+
- apiGroups: ["admissionregistration.k8s.io"]
352+
resources:
353+
- validatingwebhookconfigurations
354+
- mutatingwebhookconfigurations
355+
verbs: ["get", "list"]
356+
305357
required:
306358
- name
307359
- namespace

0 commit comments

Comments
 (0)