Add overlay for registry secret and configure kapp

Author: ThomasVitale

.github/workflows/release.yml

@@ -17,6 +17,6 @@ jobs:
       registry-server: ghcr.io
       registry-username: ${{ github.actor }}
       image: ${{ github.repository }}
-      version: 1.10.0
+      version: 1.10.0+kadras.1
     secrets:
       pull-request-token: ${{ secrets.GH_ORG_PAT }}

README.md

@@ -39,7 +39,7 @@ Either way, you can then install the Cert Manager package using [`kctrl`](https:
 ```shell
 kctrl package install -i cert-manager \
     -p cert-manager.packages.kadras.io \
-    -v 1.10.0 \
+    -v 1.10.0+kadras.1 \
     -n carvel-packages
 ```
 
@@ -74,7 +74,7 @@ Then, reference it from the `kctrl` command when installing or upgrading the pac
 ```shell
 kctrl package install -i cert-manager \
     -p cert-manager.packages.kadras.io \
-    -v 1.10.0 \
+    -v 1.10.0+kadras.1 \
     -n carvel-packages \
     --values-file values.yml
 ```

package/config/overlays/annotations.yaml

@@ -0,0 +1,16 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@overlay/match by=overlay.subset({"kind":"MutatingWebhookConfiguration"}), expects=1
+---
+metadata:
+  annotations:
+    #@overlay/match missing_ok=True
+    cert-manager.io/inject-ca-from-secret: #@ "{}/cert-manager-webhook-ca".format(data.values.namespace)
+
+#@overlay/match by=overlay.subset({"kind":"ValidatingWebhookConfiguration"}), expects=1
+---
+metadata:
+  annotations:
+    #@overlay/match missing_ok=True
+    cert-manager.io/inject-ca-from-secret: #@ "{}/cert-manager-webhook-ca".format(data.values.namespace)

package/config/overlays/overlay-namespace.yaml renamed to package/config/overlays/namespace.yaml

@@ -8,7 +8,7 @@ kind: Namespace
 metadata:
   name: #@ data.values.namespace
 
-#@overlay/match by=overlay.subset({"metadata": {"namespace": "cert-manager"}}), expects=11
+#@overlay/match by=overlay.subset({"metadata": {"namespace": "cert-manager"}}), expects=12
 ---
 metadata:
   namespace: #@ data.values.namespace

package/config/overlays/overlay-annotations.yaml

@@ -0,0 +1,27 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@ secret_name = "private-registry-secret"
+
+#! This Secret will be populated by secretgen-controller with the credentials
+#! to authenticate with the container registry (if authentication is required).
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: #@ secret_name
+  namespace: #@ data.values.namespace
+  annotations:
+    secretgen.carvel.dev/image-pull-secret: ""
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30K
+
+#@overlay/match by=overlay.subset({"kind":"Deployment","metadata":{"namespace":data.values.namespace}}),expects="3+"
+---
+spec:
+  template:
+    spec:
+      #@overlay/match missing_ok=True
+      imagePullSecrets:
+        - name: #@ secret_name

package/config/overlays/registry-secrets.yml

@@ -11,7 +11,11 @@ spec:
       app:
         spec:
           deploy:
-          - kapp: {}
+          - kapp:
+              rawOptions:
+              - --wait-timeout=5m
+              - --kube-api-qps=50
+              - --kube-api-burst=100
           template:
           - ytt:
               paths:

package/package-build.yml

@@ -12,7 +12,11 @@ spec:
   template:
     spec:
       deploy:
-      - kapp: {}
+      - kapp:
+          rawOptions:
+          - --wait-timeout=5m
+          - --kube-api-qps=50
+          - --kube-api-burst=100
       fetch:
       - git: {}
       template:

package/package-resources.yml

@@ -10,24 +10,12 @@ while [ $(kubectl get configmap --no-headers | wc -l) -eq 0 ] ; do
   sleep 3
 done
 
-echo -e "\n🔌 Installing test dependencies..."
-
-if [ -f test/test-dependencies ]; then
-kapp deploy -a test-dependencies -f test/test-dependencies -y
-fi
-
 echo -e "📦 Deploying Carvel package...\n"
 
 cd package
 kctrl dev -f package-resources.yml --local  -y
 cd ..
 
-echo -e "💾 Installing test data..."
-
-if [ -f test/test-data ]; then
-kapp deploy -a test-data -f test/test-data -y
-fi
-
 echo -e "🎮 Verifying package..."
 
 status=$(kapp inspect -a cert-manager.app --status --json | jq '.Lines[1]' -)