Skip to content

Commit b1937c0

Browse files
committed
feat: remove cert manager
this commit will likely break CI, but not exactly how, will address in later commit
1 parent aa06443 commit b1937c0

32 files changed

+793
-524
lines changed

.github/workflows/agent-ci.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -98,11 +98,12 @@ jobs:
9898
apt-get update && apt-get install -y make git jq
9999
cd agent
100100
# if this is a tag build, use the tag as the version, otherwise use the sha
101-
TAGS="-t ${REGISTRY@L}/${{env.IMAGE_NAME}}/agent:${{ github.sha }}"
101+
export GIT_SHA=$(git rev-parse --short ${{ github.sha }})
102+
TAGS="-t ${REGISTRY@L}/${{env.IMAGE_NAME}}/agent:${GIT_SHA}"
102103
case ${{ github.ref_type }} in
103104
branch)
104105
# The last tag + current git sha
105-
export AGENT_VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo "0.0.0")+${{ github.sha }}
106+
export AGENT_VERSION=$(git tag --list 'agent*' --sort=-v:refname | head -n 1 | cut -d/ -f2 || echo "0.0.0")+${GIT_SHA}
106107
;;
107108
tag)
108109
# The version part of the tag

.github/workflows/operator-ci.yaml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -131,11 +131,12 @@ jobs:
131131
apt-get update && apt-get install -y make git jq
132132
cd operator
133133
# if this is a tag build, use the tag as the version, otherwise use the sha
134-
TAGS="-t ${REGISTRY@L}/${{env.IMAGE_NAME}}/operator:${{ github.sha }}"
134+
export GIT_SHA=$(git rev-parse --short ${{ github.sha }})
135+
TAGS="-t ${REGISTRY@L}/${{env.IMAGE_NAME}}/operator:${GIT_SHA}"
135136
case ${{ github.ref_type }} in
136137
branch)
137138
# The last tag + current git sha
138-
export OPERATOR_VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo "0.0.0")+${{ github.sha }}
139+
export OPERATOR_VERSION=$(git tag --list 'operator*' --sort=-v:refname | head -n 1 | cut -d/ -f2 || echo "0.0.0")+${GIT_SHA}
139140
;;
140141
tag)
141142
# The version part of the tag
@@ -149,7 +150,7 @@ jobs:
149150
esac
150151
set -x
151152
docker buildx build \
152-
--build-arg GIT_SHA=$${{ github.sha }} \
153+
--build-arg GIT_SHA=${GIT_SHA} \
153154
--build-arg VERSION=${OPERATOR_VERSION} \
154155
--build-arg GO_VERSION=${GO_VERSION} \
155156
--push \

.vscode/launch.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
"request": "launch",
1111
"mode": "debug",
1212
"program": "${workspaceRoot}/operator/cmd/main.go",
13+
"cwd": "${workspaceRoot}/operator",
1314
"buildFlags": "--ldflags '-X github.com/NVIDIA/skyhook/internal/version.GIT_SHA=foobars -X github.com/NVIDIA/skyhook/internal/version.VERSION=v0.5.0'",
1415
"env": {
1516
"ENABLE_WEBHOOKS": "false",

README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,6 @@ There are a few pre-built generalist packages available at [NVIDIA/skyhook-packa
5050
## Quick Start
5151

5252
### Install the operator
53-
1. Install cert-manager `kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.2/cert-manager.yaml`
5453
1. Create a secret for the operator to pull images `kubectl create secret generic node-init-secret --from-file=.dockerconfigjson=${HOME}/.config/containers/auth.json --type=kubernetes.io/dockerconfigjson -n skyhook`
5554
1. Install the operator `helm install skyhook ./chart --namespace skyhook`
5655

chart/templates/deployment.yaml

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -108,10 +108,6 @@ spec:
108108
{{- end }}
109109
securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext
110110
| nindent 10 }}
111-
volumeMounts:
112-
- mountPath: /tmp/k8s-webhook-server/serving-certs
113-
name: cert
114-
readOnly: true
115111
- args: {{- toYaml .Values.controllerManager.kubeRbacProxy.args | nindent 8 }}
116112
env:
117113
- name: KUBERNETES_CLUSTER_DOMAIN
@@ -132,11 +128,6 @@ spec:
132128
runAsNonRoot: true
133129
serviceAccountName: {{ include "chart.fullname" . }}-controller-manager
134130
terminationGracePeriodSeconds: 10
135-
volumes:
136-
- name: cert
137-
secret:
138-
defaultMode: 420
139-
secretName: webhook-server-cert
140131
{{ if ((.Values.controllerManager.podDisruptionBudget).minAvailable) }}
141132
{{ if ge .Values.controllerManager.podDisruptionBudget.minAvailable .Values.controllerManager.replicas }}
142133
{{- $_ := required "minAvailable to be less than replicas" .nil }}

chart/templates/manager-rbac.yaml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,17 @@ metadata:
55
labels:
66
{{- include "chart.labels" . | nindent 4 }}
77
rules:
8+
- apiGroups:
9+
- admissionregistration.k8s.io
10+
resources:
11+
- mutatingwebhookconfigurations
12+
- validatingwebhookconfigurations
13+
verbs:
14+
- create
15+
- delete
16+
- get
17+
- patch
18+
- update
819
- apiGroups:
920
- ""
1021
resources:
@@ -66,6 +77,16 @@ rules:
6677
- pods/status
6778
verbs:
6879
- get
80+
- apiGroups:
81+
- ""
82+
resources:
83+
- secrets
84+
verbs:
85+
- create
86+
- delete
87+
- get
88+
- patch
89+
- update
6990
- apiGroups:
7091
- skyhook.nvidia.com
7192
resources:

chart/templates/mutating-webhook-configuration.yaml

Lines changed: 0 additions & 29 deletions
This file was deleted.

chart/templates/selfsigned-issuer.yaml

Lines changed: 0 additions & 8 deletions
This file was deleted.

chart/templates/serving-cert.yaml

Lines changed: 0 additions & 14 deletions
This file was deleted.

chart/templates/skyhook-crd.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,6 @@ kind: CustomResourceDefinition
33
metadata:
44
name: skyhooks.skyhook.nvidia.com
55
annotations:
6-
cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "chart.fullname"
7-
. }}-serving-cert'
86
controller-gen.kubebuilder.io/version: v0.15.0
97
labels:
108
{{- include "chart.labels" . | nindent 4 }}

0 commit comments

Comments
 (0)