{"id":19039927,"url":"https://github.com/cert-manager/cert-manager-olm","last_synced_at":"2026-05-08T01:30:20.760Z","repository":{"id":40003462,"uuid":"256457589","full_name":"cert-manager/cert-manager-olm","owner":"cert-manager","description":"Definitions for the cert-manager operator published via Red Hat's Operator Lifecycle Manager (OLM)","archived":false,"fork":false,"pushed_at":"2024-02-14T16:50:47.000Z","size":570,"stargazers_count":14,"open_issues_count":5,"forks_count":11,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-04-14T02:23:09.208Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cert-manager.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-04-17T09:19:01.000Z","updated_at":"2024-02-13T01:57:00.000Z","dependencies_parsed_at":"2023-12-24T09:33:03.220Z","dependency_job_id":"c70aa981-af6a-417e-a078-547cd3c0dd00","html_url":"https://github.com/cert-manager/cert-manager-olm","commit_stats":{"total_commits":217,"total_committers":9,"mean_commits":24.11111111111111,"dds":"0.35944700460829493","last_synced_commit":"8d7ef81e3b314fa1dc9b605a748fc5f8c7b77c7b"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcert-manager-olm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcert-manager-olm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcert-manager-olm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcert-manager-olm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cert-manager","download_url":"https://codeload.github.com/cert-manager/cert-manager-olm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240100507,"owners_count":19747682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T22:19:40.494Z","updated_at":"2026-05-08T01:30:20.710Z","avatar_url":"https://github.com/cert-manager.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![lint](https://github.com/jetstack/cert-manager-olm/actions/workflows/lint.yaml/badge.svg)](https://github.com/jetstack/cert-manager-olm/actions/workflows/lint.yaml)\n\n# cert-manager packages for OLM\n\nThis repository contains scripts and files that are used to package cert-manager for Red Hat's [Operator Lifecycle Manager (OLM)][].\nThis allows users of [OpenShift][] and [OperatorHub][] to easily install cert-manager into their clusters.\nIt is currently an experimental deployment method.\n\n[Operator Lifecycle Manager (OLM)]: https://olm.operatorframework.io/\n[OpenShift]: https://www.okd.io/\n[OperatorHub]: https://operatorhub.io/\n\nThe package is called an [Operator Bundle][] and it is a container image that stores the Kubernetes manifests and metadata associated with an operator.\nA bundle is meant to represent a specific version of an operator.\n\nThe bundles are indexed in a [Catalog Image][] which is pulled by OLM in the Kubernetes cluster.\nClients such as `kubectl operator` then interact with the [OLM CRDs][] to \"subscribe\" to a particular release channel.\nOLM will then install the newest cert-manager bundle in that release channel and perform upgrades as newer versions are added to that release channel.\n\n[Operator Bundle]: https://github.com/operator-framework/operator-registry/blob/master/docs/design/operator-bundle.md\n[OLM CRDs]: https://olm.operatorframework.io/docs/concepts/crds/\n[Catalog Image]: https://olm.operatorframework.io/docs/glossary/#index\n\n## Installing\n\n📖 Read the [Operator Lifecycle Manager installation documentation for cert-manager](https://cert-manager.io/docs/installation/operator-lifecycle-manager/).\n\n## Release Process\n\nFor each release, we first publish one or more release candidates on\n[Kubernetes Community Operators Repository][] and\n[OpenShift Community Operators Repository][],\nin the \"candidate\" [channel](https://olm.operatorframework.io/docs/best-practices/channel-naming/).\n\nThis allows us to discover whether our latest \"bundle\" sources will pass RedHat's conformance scripts,\nwhich are automatically run in those two repositories.\nAnd it allows us test precisely the catalog entry that is generated by RedHat's release scripts,\nwhich are automatically run when PRs are merged in those two repositories.\n\n\u003e ℹ️ Why? It may seem long-winded, but before I started doing this, there were\n\u003e occasions when I didn't find bugs in the new version until after I'd published\n\u003e the broken packages to the community-operators catalog, despite my best local\n\u003e testing efforts with Kind + OLM + locally generated Catalog and Bundle images.\n\u003e And I never found a way to test a locally generated Catalog with a CRC OpenShift cluster.\n\u003e\n\u003e This RC process allows me to start CRC OpenShift and test the release\n\u003e candidate in the official RedHat catalogs.\n\n### Release Steps\n\n* Update `CERT_MANAGER_VERSION` at the top of the `Makefile`\n* (release candidate only)\n  * Add `-rc1` suffix to `BUNDLE_VERSION`\n* (final release only )\n  * Remove the `-rc1` suffix from `BUNDLE_VERSION`\n* Run `make bundle-generate`\n  * Inspect the changes\n  * *pause to investigate if there are unexpected changes\n* Run `make bundle-validate` to check the generated bundle files.\n  * Inspect warnings\n  * Consider whether the warnings can be easily fixed and if so fix them.\n* `git commit` the bundle changes.\n* [Preview the generated clusterserviceversion file on OperatorHub ](https://operatorhub.io/preview)\n* Test the generated bundle locally (See testing below)\n* Create a PR on the [Kubernetes Community Operators Repository][],\n  adding the new or updated bundle files to `operators/cert-manager/`\n  under a sub-directory named after the bundle version\n\n  `make update-community-operators`\n\n* Create a PR on the [OpenShift Community Operators Repository][],\n  adding the new or updated bundle files to `operators/cert-manager/`\n  under a sub-directory named after the bundle version\n\n  `make update-community-operators-prod`\n\n* Test the new release on the latest stable OpenShift (See [Testing on OpenShift][#testing-on-openshift]).\n\n[Kubernetes Community Operators Repository]: https://github.com/k8s-operatorhub/community-operators\n[OpenShift Community Operators Repository]: https://github.com/redhat-openshift-ecosystem/community-operators-prod\n[Where to contribute]: https://operator-framework.github.io/community-operators/contributing-where-to/\n\n## Testing\n\nThe bundle Docker image and a temporary catalog Docker image can be built and pushed to a temporary Docker registry.\nThese can then be used by OLM running on a Kubernetes cluster.\nRun `make bundle-test` to create the bundle and catalog then deploy them with OLM, installed on a local Kind cluster, for testing.\nThe test will wait for cert-manager to be installed and then print the version using `cmctl version`.\n\n```sh\nmake bundle-test\n```\n\nRun some of the cert-manager E2E conformance tests:\n\n```sh\ncd projects/cert-manager/cert-manager\ngit checkout $(CERT_MANAGER_VERSION)\nmake e2e-build\n_bin/test/e2e.test --repo-root=/dev/null --ginkgo.focus=\"Vault\\ Issuer\" --ginkgo.skip=\"Gateway\"\n```\n\n\u003e ⚠️ Requires cert-manager \u003e=v1.14.0.\n\u003e Older versions of the cert-manager E2E tests require a non-standard Vault OCI\n\u003e image to be preloaded into the Kubernetes clusters.\n\u003e See:\n\u003e - https://github.com/cert-manager/cert-manager/pull/6387\n\u003e - https://github.com/cert-manager/cert-manager/pull/6391\n\n\n## Testing on OpenShift\n\nThere are a few ways to create an OpenShift cluster for testing.\nHere we will describe using `crc` ([code-ready-containers][crc]) to install a single node local OpenShift cluster.\nAlternatives are:\n\n* [Initializing Red Hat OpenShift Service on AWS using `rosa`][rosa]: known to work but takes ~45min to create a multi-node OpenShift cluster.\n* [Install OpenShift on any cloud using OpenShift Installer][openshift-installer]: did not work on GCP at time of writing due to\n  [Installer can't get managedZones while service account and gcloud cli can on GCP #5300][openshift-installer-issue-5300].\n\n[`crc` requires: 4 virtual CPUs (vCPUs), 9 GiB of free memory, 35 GiB of storage space][crc-minimum-system-requirements]\nbut for [crc-v1.34.0][], this is insufficient and you will need 8 CPUs and 32GiB,\nwhich is more than is available on most laptops.\n\n### Automatically create a VM with crc installed\n\nDownload your pull secret from the [crc-download] page and supply the path in the command line below:\n\n```sh\nmake crc-instance OPENSHIFT_VERSION=4.17 PULL_SECRET=${PWD}/pull-secret\n```\n\nThis will create a VM and automatically install the chosen version of OpenShift, using a suitable version of `crc`.\nThe `crc` installation, setup and start are performed by a `startup-script` which is run when the VM boots.\nYou can monitor the progress of the script as follows:\n\n```sh\ngcloud compute instances tail-serial-port-output crc-4-17\n```\n\nYou can log in to the VM and interact with the cluster as follows:\n\n```sh\ngcloud compute ssh crc@crc-4-17 -- -D 8080\nsudo journalctl -u google-startup-scripts.service  --output cat\neval $(bin/crc-2.28.0 oc-env)\noc get pods -A\n```\n\n### Install cert-manager\n\nLog in to the VM using SSH and enable socks proxy forwarding so that you will be able to connect to the Web UI of `crc` when it starts.\n```\ngcloud compute ssh crc@crc-4-17 -- -D 8080\n```\n\nNow configure your web browser to use the socks5 proxy at `localhost:8080`.\nAlso configure it to use the socks proxy for DNS requests.\n\nWith this configuration you should now be able to visit the OpenShift web console page:\n\nhttps://console-openshift-console.apps-crc.testing\n\nYou will be presented with a couple of \"bad SSL certificate\" error pages,\nbecause the web console is using self-signed TLS certificiates.\nClick \"Acccept and proceed anyway\".\n\nNow click the \"Operators \u003e OperatorHub\" link on the left hand menu.\n\nSearch for \"cert-manager\" and click the \"community\" entry and then click \"install\".\n\n### Run E2E Tests on crc cluster\n\nOnce you have installed cert-manager on the `crc-instance` you can run the cert-manager E2E tests,\nto verify that cert-manager has been installed properly and is reconciling Certificates.\n\nFirst compile the cert-manager E2E test binary as follows:\n\n```sh\ncd projects/cert-manager/cert-manager\nmake e2e-build\n```\n\nAnd then upload the binary to the remote VM and run them against cert-manager installed in the crc OpenShift cluster:\n\n```sh\ncd projects/cert-manager/cert-manager-olm\nmake crc-e2e \\\n  OPENSHIFT_VERSION=4.13 \\\n  E2E_TEST=../cert-manager/_bin/test/e2e.test\n```\n\n### Manual Creation of a `crc` VM\n\nIf you can't use the automated script to create the `crc` VM\nyou can create one manually, as follows.\n\n#### Create a host machine\n\nCreate a powerful cloud VM on which to run `crc`, as follows:\n\n```sh\nGOOGLE_CLOUD_PROJECT_ID=$(gcloud config get-value project)\ngcloud compute instances create crc-4-9 \\\n    --enable-nested-virtualization \\\n    --min-cpu-platform=\"Intel Haswell\" \\\n    --custom-memory 32GiB \\\n    --custom-cpu 8 \\\n    --image-family=rhel-8 \\\n    --image-project=rhel-cloud \\\n    --boot-disk-size=200GiB \\\n    --boot-disk-type=pd-ssd\n```\n\nNOTE: The VM must support nested-virtualization because `crc` creates another VM using `libvirt`.\n\n#### Create a `crc` cluster\n\nNow log in to the VM using SSH and enable socks proxy forwarding so that you will be able to connect to the Web UI of `crc` when it starts.\n```\ngcloud compute ssh crc@crc-4-9 -- -D 8080\n```\n\n[Download `crc` and get a pull secret][crc-download] from the RedHat Console.\nThe latest version of `crc` will install the latest version of OpenShift (4.9 at time of writing).\nIf you want to test on an older version of OpenShift you will need to download an older version of `crc` which corresponds to the target OpenShift version.\n\nDownload the archive, extract it and move the `crc` binary to your system path:\n\n```\ncurl -SLO https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/1.34.0/crc-linux-amd64.tar.xz\ntar xf crc-linux-amd64.tar.xz\nsudo mv crc-linux-1.34.0-amd64/crc /usr/local/bin/\n```\n\nRun `crc setup` to prepare the system for running the `crc` VM:\n\n```\ncrc setup\n\n...\nINFO Uncompressing crc_libvirt_4.9.0.crcbundle\ncrc.qcow2: 11.50 GiB / 11.50 GiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00%\noc: 117.16 MiB / 117.16 MiB [--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00%\nYour system is correctly setup for using CodeReady Containers, you can now run 'crc start' to start the OpenShift cluster\n```\n\nRun `crc start` to create the VM and start OpenShift\n\n(Paste in the pull secret which you can copy from the [crc-download] page when prompted)\n\n```\ncrc start\n\n...\nCodeReady Containers requires a pull secret to download content from Red Hat.\nYou can copy it from the Pull Secret section of https://cloud.redhat.com/openshift/create/local.\n? Please enter the pull secret\n\n...\n\nStarted the OpenShift cluster.\n\nThe server is accessible via web console at:\n  https://console-openshift-console.apps-crc.testing\n\nLog in as administrator:\n  Username: kubeadmin\n  Password: ******\n\nLog in as user:\n  Username: developer\n  Password: *******\n\nUse the 'oc' command line interface:\n  $ eval $(crc oc-env)\n  $ oc login -u developer https://api.crc.testing:6443\n```\n\n[crc]: https://developers.redhat.com/products/codeready-containers/overview\n[rosa]: https://docs.openshift.com/rosa/rosa_cli/rosa-get-started-cli.html\n[openshift-installer]: https://github.com/openshift/installer/\n[openshift-installer-issue-5300]: https://github.com/openshift/installer/issues/5300#issuecomment-953937892\n[crc-download]: https://console.redhat.com/openshift/create/local\n[crc-minimum-system-requirements]: https://access.redhat.com/documentation/en-us/red_hat_codeready_containers/1.24/html/release_notes_and_known_issues/minimum-system-requirements_rn-ki\n[crc-v1.34.0]: https://github.com/code-ready/crc/releases/tag/v1.34.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Fcert-manager-olm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcert-manager%2Fcert-manager-olm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Fcert-manager-olm/lists"}