Includes targets for:
- all "server" binaries, for all arches
- all containers for all server binaries for all arches
- all client binaries (kubectl plugin / cmctl) for all arches
- the cert-manager helm chart + signature
- the cert-manager static manifests + CRDs
- tools which bazel would download, with checksum verification
- (commented out) a signed SHA256SUM file for client binaries
Upgrades from the bazel flow include that:
- we use OS-specific base images rather than just using amd64 everywhere
- we easily add support for signing artifacts at build time
- we add ".exe" to the end of windows executables
- we add a zip file for windows executables, for easier consumption
- we concatenate YAML files more robustly
- staging a full release should be much faster
- hopefully, it's easier to change things!
- licenses are trimmed down to reduce bloat in images (the license
bundle was 1.4MB in size alone)
Changes from the bazel flow include:
- containers no longer have a symlink to the binary at an unusual
path, but instead just have the binary at a more predictable path
(e.g. /app/cmd/webhook/webhook instead of
/app/cmd/webhook/webhook.runfiles/com_github_jetstack_cert_manager/cmd/webhook/webhook_/webhook)
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
hash.sh returns just the sha256sum of its input file
checkhash.sh uses ha.sh to get the sha256sum of its first argument and
then validates that the checksum matches the value provided in its
second argument
hash.sh isn't currently fully portable since sha256sum isn't present
by default on macOS, but it provides a single point around which we can
do hashing to validate checksums
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
* Generate CRDs for the sample API types
* Allow alternative CRDs to be loaded into the envtest API server
* Override the conversion configuration of the CRDs
* Show webhook server logs in tests
* Simplify the loading of the test API CRDs
* Allow the ConversionHandler to be overridden in tests
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
the script will need to be manually updated if we want to add a new
k8s version, but it should be trivial to do that
the actual kind image SHAsums aren't updated, so that the addition of
the script can be separate from the act of updating the images
also adds a make target for creating a kind cluster with CI deps
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
Following the release of cert-manager v1.6.0, it was observed that an
update to the keystore-go library was backwards-incompatible; it
introduced a 6-character minimum length on passwords which wasn't
previously in force.
This led to https://github.com/pavel-v-chernykh/keystore-go/issues/30
which in turn led to https://github.com/pavel-v-chernykh/keystore-go/pull/31
This commit bumps to use the new version, which by default doesn't have
a min password length
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
So that we don't pull the same image for each test run.
Also run helm install with --debug so that it outputs more information.
Signed-off-by: irbekrm <irbekrm@gmail.com>
This is necessary because some CD tools don't accept resource configs with predefined status fields, but controllergen currently adds this field when a CRD yaml is generated
Signed-off-by: irbekrm <irbekrm@gmail.com>
