Merge pull request #85 from wallrj/cert-manager-v1.10.0-fix-webhook-t…

…ls-arguments

cert-manager v1.10.0 / OLM bundle v1.10.1 -  fix webhook tls arguments

Makefile

@@ -7,7 +7,10 @@ SHELL := bash
 .ONESHELL:
 
 CERT_MANAGER_VERSION ?= 1.10.0
-export BUNDLE_VERSION ?= ${CERT_MANAGER_VERSION}
+# Decoupled the BUNDLE_VERSION from the CERT_MANAGER_VERSION so that I can do a
+# patch release containing the fix for:
+# https://github.com/cert-manager/cert-manager/issues/5551
+export BUNDLE_VERSION ?= 1.10.1-rc1
 BUNDLE_CHANNELS ?= $(strip candidate $(if $(subst ${CERT_MANAGER_VERSION},${empty},${BUNDLE_VERSION}),,stable))
 STABLE_CHANNEL ?= stable
 CATALOG_VERSION ?= $(shell git describe --tags --always --dirty)

bundle/bundle.Dockerfile

@@ -5,8 +5,7 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=cert-manager
-LABEL operators.operatorframework.io.bundle.channels.v1=candidate,stable
-LABEL operators.operatorframework.io.bundle.channel.default.v1=stable
+LABEL operators.operatorframework.io.bundle.channels.v1=candidate
 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.0
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=unknown

bundle/manifests/cert-manager.clusterserviceversion.yaml

@@ -68,7 +68,8 @@ metadata:
     capabilities: Full Lifecycle
     categories: Security
     containerImage: quay.io/jetstack/cert-manager-controller:v1.10.0
-    createdAt: '2022-11-02T14:25:05'
+    createdAt: '2022-11-03T15:27:18'
+    olm.skipRange: '>=1.10.0 <1.10.1-rc1'
     operators.operatorframework.io/builder: operator-sdk-v1.25.0
     operators.operatorframework.io/internal-objects: |-
       [
@@ -83,7 +84,7 @@ metadata:
     operatorframework.io/arch.arm64: supported
     operatorframework.io/arch.ppc64le: supported
     operatorframework.io/arch.s390x: supported
-  name: cert-manager.v1.10.0
+  name: cert-manager.v1.10.1-rc1
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -749,9 +750,9 @@ spec:
                 - --secure-port=10250
                 - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
                 - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
-                - --dynamic-serving-dns-names=cert-manager-webhook
-                - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)
-                - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc
+                - --dynamic-serving-dns-names=cert-manager-webhook-service.$(POD_NAMESPACE).svc
+                - --tls-cert-file=/apiserver.local.config/certificates/apiserver.crt
+                - --tls-private-key-file=/apiserver.local.config/certificates/apiserver.key
                 env:
                 - name: POD_NAMESPACE
                   valueFrom:
@@ -885,7 +886,7 @@ spec:
   provider:
     name: The cert-manager maintainers
     url: https://cert-manager.io/
-  version: 1.10.0
+  version: 1.10.1-rc1
   webhookdefinitions:
   - admissionReviewVersions:
     - v1

bundle/metadata/annotations.yaml

@@ -4,8 +4,7 @@ annotations:
   operators.operatorframework.io.bundle.manifests.v1: manifests/
   operators.operatorframework.io.bundle.metadata.v1: metadata/
   operators.operatorframework.io.bundle.package.v1: cert-manager
-  operators.operatorframework.io.bundle.channels.v1: candidate,stable
-  operators.operatorframework.io.bundle.channel.default.v1: stable
+  operators.operatorframework.io.bundle.channels.v1: candidate
   operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.0
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: unknown

hack/fixup-csv

@@ -140,7 +140,7 @@ def main():
         if deployment["name"] != "cert-manager-webhook":
             continue
         for container in deployment["spec"]["template"]["spec"]["containers"]:
-            if container["name"] != "cert-manager":
+            if container["name"] != "cert-manager-webhook":
                 continue
             # Filter out the arguments we're about to change
             args = [
@@ -160,6 +160,9 @@ def main():
                 "--tls-private-key-file=/apiserver.local.config/certificates/apiserver.key",
             ])
             container["args"] = args
+            break
+        else:
+            raise Exception("webhook container not found")
 
     yaml.dump(doc, sys.stdout)