Control cert-manager installation with a separate config value (#972)

Co-authored-by: Rafał Krzewski <rafal.krzewski@caltha.eu> Co-authored-by: Luigi Operoso <40476330+brokenpip3@users.noreply.github.com> Co-authored-by: brokenpip3 <brokenpip3@gmail.com>
2024-03-16 17:28:15 +01:00 · 2024-03-16 17:28:15 +01:00 · cf49a4a28f
parent 6dd45eebf0
commit cf49a4a28f
12 changed files with 4743 additions and 16113 deletions
--- a/.github/workflows/auto-codespell.yml
+++ b/.github/workflows/auto-codespell.yml
@ -24,10 +24,17 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/setup-python@v5.0.0
+    - uses: DeterminateSystems/nix-installer-action@v10
+      with:
+        diagnostic-endpoint: ""
+    - uses: DeterminateSystems/magic-nix-cache-action@v4
+      with:
+        diagnostic-endpoint: ""
    - name: Checkout
      uses: actions/checkout@v4
    - id: files
      uses: tj-actions/changed-files@v43
-    - uses: pre-commit/action@v3.0.1
-      with:
-        extra_args: --files ${{ steps.files.outputs.all_changed_files }} --show-diff-on-failure
+    - name: nix checks
+      run: nix flake check
+    - name: nix pre-commit
+      run: nix develop . --command pre-commit run --files ${{ steps.files.outputs.all_changed_files }} --show-diff-on-failure
--- a/chart/jenkins-operator/Chart.lock
+++ b/chart/jenkins-operator/Chart.lock
@ -1,6 +1,6 @@
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: v1.5.1
-digest: sha256:3220f5584bd04a8c8d4b2a076d49cc046211a463bb9a12ebbbae752be9b70bb1
-generated: "2021-08-18T01:07:49.505353718+05:30"
+  version: v1.14.2
+digest: sha256:5f6f7c115d7b96e8c8e85515e087a9379473fd3d5262198a9e25c1a84d4ff9bd
+generated: "2024-02-15T23:08:28.352007672+01:00"
--- a/chart/jenkins-operator/Chart.yaml
+++ b/chart/jenkins-operator/Chart.yaml
@ -6,6 +6,9 @@ version: 0.8.0
 icon: https://raw.githubusercontent.com/jenkinsci/kubernetes-operator/master/assets/jenkins-operator-icon.png
 dependencies:
 - name: cert-manager
-  version: "1.5.1"
-  condition: webhook.enabled
-  repository: https://charts.jetstack.io
+  version: "1.14.2"
+  condition: cert-manager.enabled
+  repository: https://charts.jetstack.io
+- name: cert-manager-crds
+  version: "1.14.2"
+  condition: cert-manager.enabled
--- a/chart/jenkins-operator/README.md
+++ b/chart/jenkins-operator/README.md
@ -8,12 +8,14 @@ Kubernetes native operator which fully manages Jenkins on Kubernetes

 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.jetstack.io | cert-manager | 1.5.1 |
+|  | cert-manager-crds | 1.14.2 |
+| https://charts.jetstack.io | cert-manager | 1.14.2 |

 ## Values

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| cert-manager.enabled | bool | `false` |  |
 | cert-manager.startupapicheck.enabled | bool | `false` |  |
 | jenkins.annotations | object | `{}` |  |
 | jenkins.apiVersion | string | `"jenkins.io/v1alpha2"` |  |
--- a/chart/jenkins-operator/charts/cert-manager-crds/Chart.yaml
+++ b/chart/jenkins-operator/charts/cert-manager-crds/Chart.yaml
@ -0,0 +1,3 @@
+apiVersion: v2
+name: cert-manager-crds
+version: "1.14.2"
--- a/chart/jenkins-operator/charts/cert-manager-crds/crds/cert-manager.crds.yaml
+++ b/chart/jenkins-operator/charts/cert-manager-crds/crds/cert-manager.crds.yaml
--- a/chart/jenkins-operator/charts/cert-manager-v1.14.2.tgz
+++ b/chart/jenkins-operator/charts/cert-manager-v1.14.2.tgz
--- a/chart/jenkins-operator/charts/cert-manager-v1.5.1.tgz
+++ b/chart/jenkins-operator/charts/cert-manager-v1.5.1.tgz
--- a/chart/jenkins-operator/crds/cert-manager.crds.yaml
+++ b/chart/jenkins-operator/crds/cert-manager.crds.yaml
--- a/chart/jenkins-operator/values.yaml
+++ b/chart/jenkins-operator/values.yaml
@ -330,8 +330,11 @@ webhook:
  # enable or disable the validation webhook
  enabled: false

-# This startupapicheck is a Helm post-install hook that waits for the webhook
-# endpoints to become available.
 cert-manager:
+  # cert-manager is required to generate certificates for webhook. If you don't have cert-manager installed in your cluster,
+  # you can install it as a subordinate chart
+  enabled: false
+  # This startupapicheck is a Helm post-install hook that waits for the webhook
+  # endpoints to become available.
  startupapicheck:
    enabled: false
--- a/flake.nix
+++ b/flake.nix
@ -35,6 +35,7 @@
            pkgs.gnumake
            pkgs.wget
            pkgs.helm-docs
+            pkgs.pre-commit
            (pkgs.writeShellApplication {
              name = "make_matrix";
              runtimeInputs = with pkgs; [ bash gnugrep gawk ];
--- a/test/helm/helm_test.go
+++ b/test/helm/helm_test.go
@ -106,6 +106,7 @@ var _ = Describe("Jenkins Controller with security validator", func() {
 				"--set-string", fmt.Sprintf("operator.image=%s", *imageName),
 				"--set", fmt.Sprintf("jenkins.securityValidator=%t", true),
 				"--set", fmt.Sprintf("jenkins.enabled=%t", false),
+				"--set", fmt.Sprintf("cert-manager.enabled=%t", true),
 				"--set", fmt.Sprintf("webhook.enabled=%t", true), "--install")
 			output, err := cmd.CombinedOutput()
 			Expect(err).NotTo(HaveOccurred(), string(output))
@ -126,6 +127,7 @@ var _ = Describe("Jenkins Controller with security validator", func() {
 			cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug",
 				"--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name),
 				"--set-string", fmt.Sprintf("operator.image=%s", *imageName),
+				"--set", fmt.Sprintf("cert-manager.enabled=%t", true),
 				"--set", fmt.Sprintf("webhook.enabled=%t", true),
 				"--set", fmt.Sprintf("jenkins.latestPlugins=%t", true),
 				"--set", fmt.Sprintf("jenkins.enabled=%t", false), "--install")