Revert re-adding cert manager.. OLM handles certificates

cli/cmd/resources/instrumentor.go

@@ -19,9 +19,6 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
-
-	certv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
-	cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 )
 
 func NewInstrumentorServiceAccount(ns string) *corev1.ServiceAccount {
@@ -214,72 +211,6 @@ func NewInstrumentorClusterRoleBinding(ns string) *rbacv1.ClusterRoleBinding {
 	}
 }
 
-func isCertManagerInstalled(ctx context.Context, c *kube.Client) bool {
-	// Check if CRD is installed
-	_, err := c.ApiExtensions.ApiextensionsV1().CustomResourceDefinitions().Get(ctx, "issuers.cert-manager.io", metav1.GetOptions{})
-	if err != nil {
-		return false
-	}
-
-	return true
-}
-
-func NewInstrumentorIssuer(ns string) *certv1.Issuer {
-	return &certv1.Issuer{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       "Issuer",
-			APIVersion: "cert-manager.io/v1",
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "selfsigned-issuer",
-			Namespace: ns,
-			Labels: map[string]string{
-				"app.kubernetes.io/name":       "issuer",
-				"app.kubernetes.io/instance":   "selfsigned-issuer",
-				"app.kubernetes.io/component":  "certificate",
-				"app.kubernetes.io/created-by": "instrumentor",
-				"app.kubernetes.io/part-of":    "odigos",
-			},
-		},
-		Spec: certv1.IssuerSpec{
-			IssuerConfig: certv1.IssuerConfig{
-				SelfSigned: &certv1.SelfSignedIssuer{},
-			},
-		},
-	}
-}
-
-func NewInstrumentorCertificate(ns string) *certv1.Certificate {
-	return &certv1.Certificate{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       "Certificate",
-			APIVersion: "cert-manager.io/v1",
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      "serving-cert",
-			Namespace: ns,
-			Labels: map[string]string{
-				"app.kubernetes.io/name":       "instrumentor-cert",
-				"app.kubernetes.io/instance":   "instrumentor-cert",
-				"app.kubernetes.io/component":  "certificate",
-				"app.kubernetes.io/created-by": "instrumentor",
-				"app.kubernetes.io/part-of":    "odigos",
-			},
-		},
-		Spec: certv1.CertificateSpec{
-			DNSNames: []string{
-				fmt.Sprintf("odigos-instrumentor.%s.svc", ns),
-				fmt.Sprintf("odigos-instrumentor.%s.svc.cluster.local", ns),
-			},
-			IssuerRef: cmmeta.ObjectReference{
-				Kind: "Issuer",
-				Name: "selfsigned-issuer",
-			},
-			SecretName: k8sconsts.InstrumentorWebhookSecretName,
-		},
-	}
-}
-
 func NewInstrumentorService(ns string) *corev1.Service {
 	return &corev1.Service{
 		TypeMeta: metav1.TypeMeta{
@@ -725,7 +656,6 @@ func NewInstrumentorResourceManager(client *kube.Client, ns string, config *comm
 func (a *instrumentorResourceManager) Name() string { return "Instrumentor" }
 
 func (a *instrumentorResourceManager) InstallFromScratch(ctx context.Context) error {
-	certManagerInstalled := isCertManagerInstalled(ctx, a.client)
 	resources := []kube.Object{
 		NewInstrumentorServiceAccount(a.ns),
 		NewInstrumentorLeaderElectionRoleBinding(a.ns),
@@ -737,36 +667,27 @@ func (a *instrumentorResourceManager) InstallFromScratch(ctx context.Context) er
 		NewInstrumentorService(a.ns),
 	}
 
-	if certManagerInstalled && a.config.SkipWebhookIssuerCreation != true {
-		resources = append([]kube.Object{NewInstrumentorIssuer(a.ns),
-			NewInstrumentorCertificate(a.ns),
-			NewSourceMutatingWebhookConfiguration(a.ns, nil),
-			NewSourceValidatingWebhookConfiguration(a.ns, nil),
-		},
-			resources...)
-	} else {
-		ca, err := crypto.GenCA(k8sconsts.InstrumentorCertificateName, 365)
-		if err != nil {
-			return fmt.Errorf("failed to generate CA: %w", err)
-		}
-
-		altNames := []string{
-			fmt.Sprintf("%s.%s.svc", k8sconsts.InstrumentorServiceName, a.ns),
-			fmt.Sprintf("%s.%s.svc.cluster.local", k8sconsts.InstrumentorServiceName, a.ns),
-		}
+	ca, err := crypto.GenCA(k8sconsts.InstrumentorCertificateName, 365)
+	if err != nil {
+		return fmt.Errorf("failed to generate CA: %w", err)
+	}
 
-		cert, err := crypto.GenerateSignedCertificate("serving-cert", nil, altNames, 365, ca)
-		if err != nil {
-			return fmt.Errorf("failed to generate signed certificate: %w", err)
-		}
+	altNames := []string{
+		fmt.Sprintf("%s.%s.svc", k8sconsts.InstrumentorServiceName, a.ns),
+		fmt.Sprintf("%s.%s.svc.cluster.local", k8sconsts.InstrumentorServiceName, a.ns),
+	}
 
-		resources = append([]kube.Object{NewInstrumentorTLSSecret(a.ns, &cert),
-			NewPodMutatingWebhookConfiguration(a.ns, []byte(cert.Cert)),
-			NewSourceMutatingWebhookConfiguration(a.ns, []byte(cert.Cert)),
-			NewSourceValidatingWebhookConfiguration(a.ns, []byte(cert.Cert)),
-		},
-			resources...)
+	cert, err := crypto.GenerateSignedCertificate("serving-cert", nil, altNames, 365, ca)
+	if err != nil {
+		return fmt.Errorf("failed to generate signed certificate: %w", err)
 	}
 
+	resources = append([]kube.Object{NewInstrumentorTLSSecret(a.ns, &cert),
+		NewPodMutatingWebhookConfiguration(a.ns, []byte(cert.Cert)),
+		NewSourceMutatingWebhookConfiguration(a.ns, []byte(cert.Cert)),
+		NewSourceValidatingWebhookConfiguration(a.ns, []byte(cert.Cert)),
+	},
+		resources...)
+
 	return a.client.ApplyResources(ctx, a.config.ConfigVersion, resources)
 }

cli/go.mod

@@ -3,7 +3,6 @@ module github.com/odigos-io/odigos/cli
 go 1.23.0
 
 require (
-	github.com/cert-manager/cert-manager v1.16.3
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-version v1.7.0
 	github.com/odigos-io/odigos/api v0.0.0
@@ -33,7 +32,6 @@ require (
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	sigs.k8s.io/controller-runtime v0.20.0 // indirect
-	sigs.k8s.io/gateway-api v1.1.0 // indirect
 )
 
 require (

cli/go.sum

@@ -1,7 +1,5 @@
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/cert-manager/cert-manager v1.16.3 h1:seEF5eidFaeduaCuM85PFEuzH/1X/HOV5Y8zDQrHgpc=
-github.com/cert-manager/cert-manager v1.16.3/go.mod h1:6JQ/GAZ6dH+erqS1BbaqorPy8idJzCtWFUmJQBTjo6Q=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -195,8 +193,6 @@ k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6J
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.20.0 h1:jjkMo29xEXH+02Md9qaVXfEIaMESSpy3TBWPrsfQkQs=
 sigs.k8s.io/controller-runtime v0.20.0/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
-sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM=
-sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=

helm/odigos/templates/instrumentor/webhooks.yaml

@@ -1,4 +1,3 @@
-{{- $certManagerApiVersion := include "utils.certManagerApiVersion" . -}}
 {{- $altNames := list (printf "odigos-instrumentor.%s.svc" .Release.Namespace) (printf "odigos-instrumentor.%s.svc.cluster.local" .Release.Namespace) -}}
 {{- $ca := genCA "serving-cert" 365 -}}
 {{- $cert := genSignedCert "serving-cert" nil $altNames 365 $ca -}}
@@ -12,16 +11,10 @@ metadata:
     app.kubernetes.io/component: webhook
     app.kubernetes.io/created-by: instrumentor
     app.kubernetes.io/part-of: odigos
-{{- if $certManagerApiVersion }}
-  annotations:
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/serving-cert
-{{- end }}
 webhooks:
   - name: pod-mutating-webhook.odigos.io
     clientConfig:
-{{- if not $certManagerApiVersion }}
       caBundle: {{ $ca.Cert | b64enc }}
-{{- end }}
       service:
         name: odigos-instrumentor
         namespace: {{ .Release.Namespace }}
@@ -54,10 +47,8 @@ metadata:
     app.kubernetes.io/component: webhook
     app.kubernetes.io/created-by: instrumentor
     app.kubernetes.io/part-of: odigos
-{{- if $certManagerApiVersion }}
   annotations:
     cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/serving-cert
-{{- end }}
 webhooks:
   - name: source-mutating-webhook.odigos.io
     clientConfig:
@@ -93,16 +84,12 @@ metadata:
     app.kubernetes.io/component: webhook
     app.kubernetes.io/created-by: instrumentor
     app.kubernetes.io/part-of: odigos
-{{- if $certManagerApiVersion }}
   annotations:
     cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/serving-cert
-{{- end }}
 webhooks:
   - name: source-validating-webhook.odigos.io
     clientConfig:
-      {{- if not $certManagerApiVersion }}
       caBundle: {{ $ca.Cert | b64enc }}
-      {{- end }}
       service:
         name: odigos-instrumentor
         namespace: {{ .Release.Namespace }}
@@ -121,7 +108,6 @@ webhooks:
     timeoutSeconds: 10
     admissionReviewVersions: ["v1"]
 ---
-{{- if not $certManagerApiVersion }}
 apiVersion: v1
 kind: Secret
 type: kubernetes.io/tls
@@ -140,4 +126,3 @@ metadata:
 data:
   tls.crt: {{ $cert.Cert | b64enc }}
   tls.key: {{ $cert.Key | b64enc }}
-{{- end }}

scripts/cli-docgen/go.mod

@@ -8,7 +8,6 @@ require (
 )
 
 require (
-	github.com/cert-manager/cert-manager v1.16.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
@@ -70,7 +69,6 @@ require (
 	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
 	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
 	sigs.k8s.io/controller-runtime v0.20.0 // indirect
-	sigs.k8s.io/gateway-api v1.1.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect

scripts/cli-docgen/go.sum

@@ -1,7 +1,5 @@
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/cert-manager/cert-manager v1.16.3 h1:seEF5eidFaeduaCuM85PFEuzH/1X/HOV5Y8zDQrHgpc=
-github.com/cert-manager/cert-manager v1.16.3/go.mod h1:6JQ/GAZ6dH+erqS1BbaqorPy8idJzCtWFUmJQBTjo6Q=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -197,8 +195,6 @@ k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6J
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/controller-runtime v0.20.0 h1:jjkMo29xEXH+02Md9qaVXfEIaMESSpy3TBWPrsfQkQs=
 sigs.k8s.io/controller-runtime v0.20.0/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
-sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM=
-sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk=