WIP(ingress-nginx): patch to enable proxy cache

This deployment and crd allow us to use https://operatorhub.io/
this source is very usefull for operator deployments

base/cert-manager/kustomization.yaml

@@ -3,6 +3,4 @@ kind: Kustomization
 namespace: cert-manager
 
 resources:
-- https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
-- ./resources/le-prod-issuer.yaml
-- ./resources/le-staging-issuer.yaml
+- https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml

base/cert-manager/resources/le-prod-issuer.yaml

@@ -1,18 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-prod
-spec:
-  acme:
-    # The ACME server URL
-    server: https://acme-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: adminfra@cadoles.com
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-prod
-    # Enable the HTTP-01 challenge provider
-    solvers:
-    - http01:
-        ingress:
-          ingressClassName: nginx

base/cert-manager/resources/le-staging-issuer.yaml

@@ -1,18 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-staging
-spec:
-  acme:
-    # The ACME server URL
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: adminfra@cadoles.com
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-staging
-    # Enable the HTTP-01 challenge provider
-    solvers:
-    - http01:
-        ingress:
-          ingressClassName: nginx

base/cloudnative-pg-operator/kustomization.yaml

@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.21.1/cnpg-1.21.1.yaml
+  - https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.24.1/cnpg-1.24.1.yaml
 
 configurations:
-  - ./configurations/cnpg-cluster.yaml
+  - ./configurations/cnpg-cluster.yaml

base/kustomization.yaml

@@ -1,13 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-bases:
-- ./metallb
+resources:
 - https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml
+- ./olm
+- ./metallb
 - ./rabbitmq
 - ./postgresql
 - ./redis
 - ./minio
 - ./metrics
 - ./nginx
-- ./cloudnative-pg-operator
+#- ./cloudnative-pg-operator

base/nginx/kustomization.yaml

@@ -1,2 +1,6 @@
 resources:
-  - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml
+  - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml
+
+patches:
+- path: patches/ingress-nginx-cm.yaml
+- path: patches/ingress-nginx-deploy.yaml

base/nginx/patches/ingress-nginx-cm.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+data:
+  allow-snippet-annotations: "true"
+  http-snippet: "proxy_cache_path /cache levels=1:2 keys_zone=nginx-cache:10m max_size=489m inactive=10m use_temp_path=off;"

base/nginx/patches/ingress-nginx-deploy.yaml

@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+spec:
+  template:
+    spec:
+      containers:
+      - name: controller
+        volumeMounts:
+        - mountPath: /cache
+          name: cache
+      volumes:
+      - name: cache
+        emptyDir:
+          sizeLimit: 500M

base/olm/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.27.0/olm.yaml
+- resources/mandatory-operators

base/olm/resources/mandatory-operators/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ./resources/redis-operator.yaml
+- ./resources/minio-operator.yaml
+- ./resources/cloudnative-pg.yaml
+- ./resources/rabbitmq-cluster-operator.yaml

base/olm/resources/mandatory-operators/patches/redis-operator-clusterrole.yaml

@@ -0,0 +1,90 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: redis-operator.*
+rules:
+- apiGroups:
+  - redis.redis.opstreelabs.in
+  resources:
+  - rediss
+  - redisclusters
+  - redis
+  - rediscluster
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - redis.redis.opstreelabs.in
+  resources:
+  - redis/finalizers
+  - rediscluster/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - redis.redis.opstreelabs.in
+  resources:
+  - redis/status
+  - rediscluster/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - pods/exec
+  - services
+  - configmaps
+  - pods
+  - persistentvolumes
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

base/olm/resources/mandatory-operators/resources/cloudnative-pg.yaml

@@ -0,0 +1,12 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: my-cloudnative-pg
+  namespace: operators
+spec:
+  channel: stable-v1
+  #startingCSV: 1.22.1
+  #installPlanApproval: Manual
+  name: cloudnative-pg
+  source: operatorhubio-catalog
+  sourceNamespace: olm

base/olm/resources/mandatory-operators/resources/minio-operator.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: my-minio-operator
+  namespace: operators
+spec:
+  channel: stable
+  startingCSV: "minio-operator.v5.0.3"
+  name: minio-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm

base/olm/resources/mandatory-operators/resources/rabbitmq-cluster-operator.yaml

@@ -0,0 +1,12 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: my-rabbitmq-cluster-operator
+  namespace: operators
+spec:
+  channel: stable
+  #  startingCSV: 2.7.0
+  #  installPlanApproval: Manual
+  name: rabbitmq-cluster-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm

base/olm/resources/mandatory-operators/resources/redis-operator.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: my-redis-operator
+  namespace: operators
+spec:
+  channel: stable
+  startingCSV: "redis-operator.v0.15.1"
+  name: redis-operator
+  source: operatorhubio-catalog
+  sourceNamespace: olm

crds/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.27.0/crds.yaml
+- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml

kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+bases:
+- ./crds
+- ./base