Skip to content

Commit 3d96c86

Browse files
fghanmifghanmi
committed
updates: Create Tree Jobs, enable TLS on Trillian, Rekor and Ctlog
1 parent b616626 commit 3d96c86

31 files changed

+1164
-395
lines changed

api/v1alpha1/ctlog_types.go

+4
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,9 @@ type CTlogSpec struct {
4242
// Trillian service configuration
4343
//+kubebuilder:default:={port: 8091}
4444
Trillian TrillianService `json:"trillian,omitempty"`
45+
// Reference to TLS server certificate, private key and CA certificate
46+
//+optional
47+
TLSCertificate TLSCert `json:"tls"`
4548
}
4649

4750
// CTlogStatus defines the observed state of CTlog component
@@ -51,6 +54,7 @@ type CTlogStatus struct {
5154
PrivateKeyPasswordRef *SecretKeySelector `json:"privateKeyPasswordRef,omitempty"`
5255
PublicKeyRef *SecretKeySelector `json:"publicKeyRef,omitempty"`
5356
RootCertificates []SecretKeySelector `json:"rootCertificates,omitempty"`
57+
TLSCertificate *TLSCert `json:"tls,omitempty"`
5458
// The ID of a Trillian tree that stores the log data.
5559
TreeID *int64 `json:"treeID,omitempty"`
5660
// +listType=map

api/v1alpha1/ctlog_types_test.go

+10
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,16 @@ var _ = Describe("CTlog", func() {
136136
Address: "trillian-system.default.svc",
137137
Port: &port,
138138
},
139+
TLSCertificate: TLSCert{
140+
CertRef: &SecretKeySelector{
141+
Key: "cert",
142+
LocalObjectReference: LocalObjectReference{Name: "secret"},
143+
},
144+
PrivateKeyRef: &SecretKeySelector{
145+
Key: "key",
146+
LocalObjectReference: LocalObjectReference{Name: "secret"},
147+
},
148+
},
139149
},
140150
}
141151

api/v1alpha1/zz_generated.deepcopy.go

+6
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

bundle/manifests/rhtas-operator.clusterserviceversion.yaml

+3-3
Original file line numberDiff line numberDiff line change
@@ -92,8 +92,8 @@ metadata:
9292
"OIDCIssuers": [
9393
{
9494
"ClientID": "trusted-artifact-signer",
95-
"Issuer": "https://your-oidc-issuer-url",
96-
"IssuerURL": "https://your-oidc-issuer-url",
95+
"Issuer": "https://keycloak-keycloak-system.apps.rosa.iduhn-ah6m6-dk9.o468.p3.openshiftapps.com/auth/realms/trusted-artifact-signer",
96+
"IssuerURL": "https://keycloak-keycloak-system.apps.rosa.iduhn-ah6m6-dk9.o468.p3.openshiftapps.com/auth/realms/trusted-artifact-signer",
9797
"Type": "email"
9898
}
9999
]
@@ -192,7 +192,7 @@ metadata:
192192
]
193193
capabilities: Seamless Upgrades
194194
containerImage: registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:a21f7128694a64989bf0d84a7a7da4c1ffc89edf62d594dc8bea7bcfe9ac08d3
195-
createdAt: "2024-07-09T08:45:46Z"
195+
createdAt: "2024-08-08T10:01:11Z"
196196
features.operators.openshift.io/cnf: "false"
197197
features.operators.openshift.io/cni: "false"
198198
features.operators.openshift.io/csi: "false"

bundle/manifests/rhtas.redhat.com_ctlogs.yaml

+111
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,62 @@ spec:
137137
type: object
138138
x-kubernetes-map-type: atomic
139139
type: array
140+
tls:
141+
description: Reference to TLS server certificate, private key and
142+
CA certificate
143+
properties:
144+
caCertRef:
145+
description: Reference to CA certificate
146+
properties:
147+
name:
148+
description: |-
149+
Name of the referent.
150+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
151+
type: string
152+
required:
153+
- name
154+
type: object
155+
x-kubernetes-map-type: atomic
156+
certRef:
157+
description: Reference to service certificate
158+
properties:
159+
key:
160+
description: The key of the secret to select from. Must be
161+
a valid secret key.
162+
pattern: ^[-._a-zA-Z0-9]+$
163+
type: string
164+
name:
165+
description: |-
166+
Name of the referent.
167+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
168+
type: string
169+
required:
170+
- key
171+
- name
172+
type: object
173+
x-kubernetes-map-type: atomic
174+
privateKeyRef:
175+
description: Reference to the private key
176+
properties:
177+
key:
178+
description: The key of the secret to select from. Must be
179+
a valid secret key.
180+
pattern: ^[-._a-zA-Z0-9]+$
181+
type: string
182+
name:
183+
description: |-
184+
Name of the referent.
185+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
186+
type: string
187+
required:
188+
- key
189+
- name
190+
type: object
191+
x-kubernetes-map-type: atomic
192+
type: object
193+
x-kubernetes-validations:
194+
- message: privateKeyRef cannot be empty
195+
rule: (!has(self.certRef) || has(self.privateKeyRef))
140196
treeID:
141197
description: |-
142198
The ID of a Trillian tree that stores the log data.
@@ -328,6 +384,61 @@ spec:
328384
- name
329385
type: object
330386
x-kubernetes-map-type: atomic
387+
tls:
388+
description: TLSCert defines fields for TLS certificate
389+
properties:
390+
caCertRef:
391+
description: Reference to CA certificate
392+
properties:
393+
name:
394+
description: |-
395+
Name of the referent.
396+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
397+
type: string
398+
required:
399+
- name
400+
type: object
401+
x-kubernetes-map-type: atomic
402+
certRef:
403+
description: Reference to service certificate
404+
properties:
405+
key:
406+
description: The key of the secret to select from. Must be
407+
a valid secret key.
408+
pattern: ^[-._a-zA-Z0-9]+$
409+
type: string
410+
name:
411+
description: |-
412+
Name of the referent.
413+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
414+
type: string
415+
required:
416+
- key
417+
- name
418+
type: object
419+
x-kubernetes-map-type: atomic
420+
privateKeyRef:
421+
description: Reference to the private key
422+
properties:
423+
key:
424+
description: The key of the secret to select from. Must be
425+
a valid secret key.
426+
pattern: ^[-._a-zA-Z0-9]+$
427+
type: string
428+
name:
429+
description: |-
430+
Name of the referent.
431+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
432+
type: string
433+
required:
434+
- key
435+
- name
436+
type: object
437+
x-kubernetes-map-type: atomic
438+
type: object
439+
x-kubernetes-validations:
440+
- message: privateKeyRef cannot be empty
441+
rule: (!has(self.certRef) || has(self.privateKeyRef))
331442
treeID:
332443
description: The ID of a Trillian tree that stores the log data.
333444
format: int64

bundle/manifests/rhtas.redhat.com_fulcios.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -230,11 +230,11 @@ spec:
230230
description: Address to Ctlog Log Server End point
231231
type: string
232232
port:
233-
default: 80
233+
default: 0
234234
description: Port of Ctlog Log Server End point
235235
format: int32
236236
maximum: 65535
237-
minimum: 1
237+
minimum: 0
238238
type: integer
239239
type: object
240240
externalAccess:

bundle/manifests/rhtas.redhat.com_securesigns.yaml

+58-63
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,62 @@ spec:
153153
type: object
154154
x-kubernetes-map-type: atomic
155155
type: array
156+
tls:
157+
description: Reference to TLS server certificate, private key
158+
and CA certificate
159+
properties:
160+
caCertRef:
161+
description: Reference to CA certificate
162+
properties:
163+
name:
164+
description: |-
165+
Name of the referent.
166+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
167+
type: string
168+
required:
169+
- name
170+
type: object
171+
x-kubernetes-map-type: atomic
172+
certRef:
173+
description: Reference to service certificate
174+
properties:
175+
key:
176+
description: The key of the secret to select from. Must
177+
be a valid secret key.
178+
pattern: ^[-._a-zA-Z0-9]+$
179+
type: string
180+
name:
181+
description: |-
182+
Name of the referent.
183+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
184+
type: string
185+
required:
186+
- key
187+
- name
188+
type: object
189+
x-kubernetes-map-type: atomic
190+
privateKeyRef:
191+
description: Reference to the private key
192+
properties:
193+
key:
194+
description: The key of the secret to select from. Must
195+
be a valid secret key.
196+
pattern: ^[-._a-zA-Z0-9]+$
197+
type: string
198+
name:
199+
description: |-
200+
Name of the referent.
201+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
202+
type: string
203+
required:
204+
- key
205+
- name
206+
type: object
207+
x-kubernetes-map-type: atomic
208+
type: object
209+
x-kubernetes-validations:
210+
- message: privateKeyRef cannot be empty
211+
rule: (!has(self.certRef) || has(self.privateKeyRef))
156212
treeID:
157213
description: |-
158214
The ID of a Trillian tree that stores the log data.
@@ -367,11 +423,11 @@ spec:
367423
description: Address to Ctlog Log Server End point
368424
type: string
369425
port:
370-
default: 80
426+
default: 0
371427
description: Port of Ctlog Log Server End point
372428
format: int32
373429
maximum: 65535
374-
minimum: 1
430+
minimum: 0
375431
type: integer
376432
type: object
377433
externalAccess:
@@ -844,67 +900,6 @@ spec:
844900
required:
845901
- tls
846902
type: object
847-
signer:
848-
properties:
849-
tls:
850-
description: Secret with TLS server certificate, private key
851-
and CA certificate
852-
properties:
853-
caCertRef:
854-
description: Reference to CA certificate
855-
properties:
856-
name:
857-
description: |-
858-
Name of the referent.
859-
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
860-
type: string
861-
required:
862-
- name
863-
type: object
864-
x-kubernetes-map-type: atomic
865-
certRef:
866-
description: Reference to service certificate
867-
properties:
868-
key:
869-
description: The key of the secret to select from.
870-
Must be a valid secret key.
871-
pattern: ^[-._a-zA-Z0-9]+$
872-
type: string
873-
name:
874-
description: |-
875-
Name of the referent.
876-
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
877-
type: string
878-
required:
879-
- key
880-
- name
881-
type: object
882-
x-kubernetes-map-type: atomic
883-
privateKeyRef:
884-
description: Reference to the private key
885-
properties:
886-
key:
887-
description: The key of the secret to select from.
888-
Must be a valid secret key.
889-
pattern: ^[-._a-zA-Z0-9]+$
890-
type: string
891-
name:
892-
description: |-
893-
Name of the referent.
894-
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
895-
type: string
896-
required:
897-
- key
898-
- name
899-
type: object
900-
x-kubernetes-map-type: atomic
901-
type: object
902-
x-kubernetes-validations:
903-
- message: privateKeyRef cannot be empty
904-
rule: (!has(self.certRef) || has(self.privateKeyRef))
905-
required:
906-
- tls
907-
type: object
908903
type: object
909904
tuf:
910905
default:

0 commit comments

Comments
 (0)