some reconcilation

Author: NautiluX

.gitignore

@@ -4,6 +4,7 @@
 *.dll
 *.so
 *.dylib
+bin/
 
 # Test binary, built with `go test -c`
 *.test

Makefile

@@ -29,7 +29,7 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 #
 # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
 # operatingopenshift.org/le-operator-bundle:$VERSION and operatingopenshift.org/le-operator-catalog:$VERSION.
-IMAGE_TAG_BASE ?= operatingopenshift.org/le-operator
+IMAGE_TAG_BASE ?= quay.io/mdewald/le-operator
 
 # BUNDLE_IMG defines the image:tag used for the bundle.
 # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
@@ -97,10 +97,10 @@ run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
 docker-build: test ## Build docker image with the manager.
-	docker build -t ${IMG} .
+	podman build -t ${IMG} .
 
 docker-push: ## Push docker image with the manager.
-	docker push ${IMG}
+	podman push ${IMG}
 
 ##@ Deployment
 
@@ -153,7 +153,7 @@ bundle: manifests kustomize ## Generate bundle manifests and metadata, then vali
 
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
-	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+	podman build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
 
 .PHONY: bundle-push
 bundle-push: ## Push the bundle image.
@@ -193,7 +193,7 @@ endif
 # https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator
 .PHONY: catalog-build
 catalog-build: opm ## Build a catalog image.
-	$(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
+	$(OPM) index add --container-tool podman --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
 
 # Push the catalog image.
 .PHONY: catalog-push

api/v1beta1/encrypteddomain_types.go

@@ -32,7 +32,10 @@ type EncryptedDomainSpec struct {
 	MatchingHostnames string `json:"matchingHostnames,omitempty"`
 
 	// CA directory Endpoint to use for certificate requests
-	CADir string `json:"acmeEndpoint,omitempty"`
+	CADir string `json:"caDir,omitempty"`
+
+	// Ignore invalid SSL certificate on CADir
+	CADirInsecureSSL bool `json:"caDirInsecureSSL,omitempty"`
 
 	// Mail address to use for registration with CA directory
 	RegistrationMail string `json:"registrationMail,omitempty"`

api/v1beta1/zz_generated.deepcopy.go

@@ -0,0 +1,2 @@
+resources:
+- service.yaml

bin/controller-gen

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: acme-challenge
+spec:
+  selector:
+    control-plane: controller-manager
+  ports:
+    - protocol: TCP
+      port: 5002
+      targetPort: 5002

bin/kustomize

@@ -36,13 +36,35 @@ spec:
           spec:
             description: EncryptedDomainSpec defines the desired state of EncryptedDomain
             properties:
-              foo:
-                description: Foo is an example field of EncryptedDomain. Edit encrypteddomain_types.go
-                  to remove/update
+              caDir:
+                description: CA directory Endpoint to use for certificate requests
+                type: string
+              caDirInsecureSSL:
+                description: Ignore invalid SSL certificate on CADir
+                type: boolean
+              matchingHostnames:
+                description: MatchingHostnames is a regex describing which hostnames
+                  to generate certificates for.
+                type: string
+              registrationMail:
+                description: Mail address to use for registration with CA directory
                 type: string
             type: object
           status:
             description: EncryptedDomainStatus defines the observed state of EncryptedDomain
+            properties:
+              generatedCertificate:
+                items:
+                  properties:
+                    certificate:
+                      format: byte
+                      type: string
+                    hostname:
+                      type: string
+                  type: object
+                type: array
+              privateKey:
+                type: string
             type: object
         type: object
     served: true

config/challenge/kustomization.yaml

@@ -16,6 +16,7 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
+- ../challenge
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook

config/challenge/service.yaml

@@ -5,6 +5,11 @@ generatorOptions:
   disableNameSuffixHash: true
 
 configMapGenerator:
-- name: manager-config
-  files:
+- files:
   - controller_manager_config.yaml
+  name: manager-config
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: quay.io/mdewald/le-operator

config/crd/bases/letsencrypt.operatingopenshift.org_encrypteddomains.yaml

@@ -32,3 +32,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

config/default/kustomization.yaml

@@ -2,5 +2,9 @@ apiVersion: letsencrypt.operatingopenshift.org/v1beta1
 kind: EncryptedDomain
 metadata:
   name: encrypteddomain-sample
+  namespace: default
 spec:
-  # Add fields here
+  matchingHostnames: "^highscore-default.apps-crc.testing$"
+  caDir: "https://pebble:14000/dir"
+  caDirInsecureSSL: true
+  RegistrationMail: "[email protected]"