create singleton recipe for Cert Manager

Signed-off-by: YuChen <[email protected]>

velero/spectrum-fusion/cert-manager/application.yaml

@@ -0,0 +1,11 @@
+apiVersion: application.isf.ibm.com/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager-application
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  enableDR: false
+  includedNamespaces:
+    - <cert manager namespace>
+    - openshift-marketplace    
+    - openshift-config

velero/spectrum-fusion/cert-manager/policy.yaml

@@ -0,0 +1,14 @@
+apiVersion: data-protection.isf.ibm.com/v1alpha1
+kind: BackupPolicy
+metadata:
+  name: cert-manager-backup-policy
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  backupStorageLocation: <storage_location>
+  provider: isf-backup-restore
+  retention:
+    number: 5
+    unit: days
+  schedule:
+    cron: '00 0  * * * '
+    timezone: America/New_York

velero/spectrum-fusion/cert-manager/policy_assignment.yaml

@@ -0,0 +1,13 @@
+apiVersion: data-protection.isf.ibm.com/v1alpha1
+kind: PolicyAssignment
+metadata:
+  name: cert-manager-policy-assignment
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  application: cert-manager-application
+  backupPolicy: cert-manager-backup-policy
+  runNow: false
+  recipe:
+    apiVersion: spp-data-protection.isf.ibm.com/v1alpha1
+    name: cert-manager-recipe
+    namespace: ibm-spectrum-fusion-ns

velero/spectrum-fusion/cert-manager/recipe.yaml

@@ -0,0 +1,111 @@
+apiVersion: spp-data-protection.isf.ibm.com/v1alpha1
+kind: Recipe
+metadata:
+  name: cert-manager-recipe
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  appType: cert-manager
+  groups:
+    - includeClusterResources: true
+      includedResourceTypes:
+        - certmanagerconfigs.operator.ibm.com
+        - customresourcedefinitions.apiextensions.k8s.io
+      labelSelector: foundationservices.cloudpak.ibm.com=cert-manager
+      name: cert-manager-resources
+      type: resource
+    - backupRef: cert-manager-resources
+      includeClusterResources: true
+      includedResourceTypes:
+        - customresourcedefinitions.apiextensions.k8s.io
+      name: cert-manager-config-crd
+      type: resource
+    - backupRef: cert-manager-resources
+      includeClusterResources: true
+      includedResourceTypes:
+        - certmanagerconfigs.operator.ibm.com
+      name: cert-manager-config-cr
+      type: resource
+    - includedResourceTypes:
+        - catalogsources.operators.coreos.com
+      labelSelector: foundationservices.cloudpak.ibm.com=catalog
+      name: common-services-catalogs
+      type: resource
+    - includedNamespaces:
+        - openshift-config
+      includedResourceTypes:
+        - secrets
+      labelSelector: foundationservices.cloudpak.ibm.com=pull-secret
+      name: pull-secret
+      type: resource
+    - backupRef: pull-secret
+      includedNamespaces:
+        - openshift-config
+      includedResourceTypes:
+        - secrets
+      labelSelector: foundationservices.cloudpak.ibm.com=pull-secret
+      name: ow-pull-secret
+      restoreOverwriteResources: true
+      type: resource
+    - includeClusterResources: true 
+      labelSelector: foundationservices.cloudpak.ibm.com=namespace
+      name: common-services-namespace
+      type: resource
+    - includedResourceTypes:
+        - operatorgroups.operators.coreos.com
+      labelSelector: foundationservices.cloudpak.ibm.com=operatorgroup
+      name: common-services-operatorgroups
+      type: resource
+    - includedResourceTypes:
+        - subscriptions.operators.coreos.com
+      labelSelector: foundationservices.cloudpak.ibm.com=cert-manager
+      name: cert-manager-subscription
+      type: resource
+  hooks:
+    - chks:
+        - condition: '{$.status.phase} == {"Running"}'
+          name: podReady
+          onError: fail
+          timeout: 600
+      labelSelector: app.kubernetes.io/name=cert-manager
+      name: cert-manager-operator-check
+      namespace: <cert manager namespace>
+      onError: fail
+      selectResource: pod
+      timeout: 600
+      type: check
+    - chks:
+        - condition: '{$.spec.replicas} == {$.status.readyReplicas}'
+          name: podReady
+          onError: fail
+          timeout: 600
+      name: cert-manager-webhook-check
+      nameSelector: cert-manager-webhook
+      namespace: <cert manager namespace>
+      onError: fail
+      selectResource: deployment
+      timeout: 600
+      type: check
+  workflows:
+    - failOn: any-error
+      name: backup
+      sequence:
+        - group: pull-secret
+        - group: common-services-namespace
+        - group: common-services-catalogs
+        - group: common-services-operatorgroups
+        - group: cert-manager-resources
+        - group: cert-manager-subscription
+    - failOn: any-error
+      name: restore
+      sequence:
+        - group: common-services-namespace
+        - group: pull-secret
+        - group: ow-pull-secret
+        - group: common-services-catalogs
+        - group: common-services-operatorgroups
+        - group: cert-manager-config-crd
+        - group: cert-manager-config-cr
+        - group: cert-manager-subscription
+        - hook: cert-manager-operator-check/podReady
+        - hook: cert-manager-webhook-check/podReady
+