From fb0a7b8a5e0e439f6413b990bc6dafbb078333d3 Mon Sep 17 00:00:00 2001
From: YuChen <yuchen.shen@mail.utoronto.ca>
Date: Fri, 6 Dec 2024 14:02:24 -0800
Subject: [PATCH] create singleton recipe for Cert Manager

Signed-off-by: YuChen <yuchen.shen@mail.utoronto.ca>
---
 .../cert-manager/application.yaml             |  11 ++
 .../spectrum-fusion/cert-manager/policy.yaml  |  14 +++
 .../cert-manager/policy_assignment.yaml       |  13 ++
 .../spectrum-fusion/cert-manager/recipe.yaml  | 111 ++++++++++++++++++
 4 files changed, 149 insertions(+)
 create mode 100644 velero/spectrum-fusion/cert-manager/application.yaml
 create mode 100644 velero/spectrum-fusion/cert-manager/policy.yaml
 create mode 100644 velero/spectrum-fusion/cert-manager/policy_assignment.yaml
 create mode 100644 velero/spectrum-fusion/cert-manager/recipe.yaml

diff --git a/velero/spectrum-fusion/cert-manager/application.yaml b/velero/spectrum-fusion/cert-manager/application.yaml
new file mode 100644
index 000000000..03cba3a83
--- /dev/null
+++ b/velero/spectrum-fusion/cert-manager/application.yaml
@@ -0,0 +1,11 @@
+apiVersion: application.isf.ibm.com/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager-application
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  enableDR: false
+  includedNamespaces:
+    - <cert manager namespace>
+    - openshift-marketplace    
+    - openshift-config
diff --git a/velero/spectrum-fusion/cert-manager/policy.yaml b/velero/spectrum-fusion/cert-manager/policy.yaml
new file mode 100644
index 000000000..bf4022ba7
--- /dev/null
+++ b/velero/spectrum-fusion/cert-manager/policy.yaml
@@ -0,0 +1,14 @@
+apiVersion: data-protection.isf.ibm.com/v1alpha1
+kind: BackupPolicy
+metadata:
+  name: cert-manager-backup-policy
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  backupStorageLocation: <storage_location>
+  provider: isf-backup-restore
+  retention:
+    number: 5
+    unit: days
+  schedule:
+    cron: '00 0  * * * '
+    timezone: America/New_York
\ No newline at end of file
diff --git a/velero/spectrum-fusion/cert-manager/policy_assignment.yaml b/velero/spectrum-fusion/cert-manager/policy_assignment.yaml
new file mode 100644
index 000000000..2c792bfe1
--- /dev/null
+++ b/velero/spectrum-fusion/cert-manager/policy_assignment.yaml
@@ -0,0 +1,13 @@
+apiVersion: data-protection.isf.ibm.com/v1alpha1
+kind: PolicyAssignment
+metadata:
+  name: cert-manager-policy-assignment
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  application: cert-manager-application
+  backupPolicy: cert-manager-backup-policy
+  runNow: false
+  recipe:
+    apiVersion: spp-data-protection.isf.ibm.com/v1alpha1
+    name: cert-manager-recipe
+    namespace: ibm-spectrum-fusion-ns
\ No newline at end of file
diff --git a/velero/spectrum-fusion/cert-manager/recipe.yaml b/velero/spectrum-fusion/cert-manager/recipe.yaml
new file mode 100644
index 000000000..aeace8a52
--- /dev/null
+++ b/velero/spectrum-fusion/cert-manager/recipe.yaml
@@ -0,0 +1,111 @@
+apiVersion: spp-data-protection.isf.ibm.com/v1alpha1
+kind: Recipe
+metadata:
+  name: cert-manager-recipe
+  namespace: ibm-spectrum-fusion-ns
+spec:
+  appType: cert-manager
+  groups:
+    - includeClusterResources: true
+      includedResourceTypes:
+        - certmanagerconfigs.operator.ibm.com
+        - customresourcedefinitions.apiextensions.k8s.io
+      labelSelector: foundationservices.cloudpak.ibm.com=cert-manager
+      name: cert-manager-resources
+      type: resource
+    - backupRef: cert-manager-resources
+      includeClusterResources: true
+      includedResourceTypes:
+        - customresourcedefinitions.apiextensions.k8s.io
+      name: cert-manager-config-crd
+      type: resource
+    - backupRef: cert-manager-resources
+      includeClusterResources: true
+      includedResourceTypes:
+        - certmanagerconfigs.operator.ibm.com
+      name: cert-manager-config-cr
+      type: resource
+    - includedResourceTypes:
+        - catalogsources.operators.coreos.com
+      labelSelector: foundationservices.cloudpak.ibm.com=catalog
+      name: common-services-catalogs
+      type: resource
+    - includedNamespaces:
+        - openshift-config
+      includedResourceTypes:
+        - secrets
+      labelSelector: foundationservices.cloudpak.ibm.com=pull-secret
+      name: pull-secret
+      type: resource
+    - backupRef: pull-secret
+      includedNamespaces:
+        - openshift-config
+      includedResourceTypes:
+        - secrets
+      labelSelector: foundationservices.cloudpak.ibm.com=pull-secret
+      name: ow-pull-secret
+      restoreOverwriteResources: true
+      type: resource
+    - includeClusterResources: true 
+      labelSelector: foundationservices.cloudpak.ibm.com=namespace
+      name: common-services-namespace
+      type: resource
+    - includedResourceTypes:
+        - operatorgroups.operators.coreos.com
+      labelSelector: foundationservices.cloudpak.ibm.com=operatorgroup
+      name: common-services-operatorgroups
+      type: resource
+    - includedResourceTypes:
+        - subscriptions.operators.coreos.com
+      labelSelector: foundationservices.cloudpak.ibm.com=cert-manager
+      name: cert-manager-subscription
+      type: resource
+  hooks:
+    - chks:
+        - condition: '{$.status.phase} == {"Running"}'
+          name: podReady
+          onError: fail
+          timeout: 600
+      labelSelector: app.kubernetes.io/name=cert-manager
+      name: cert-manager-operator-check
+      namespace: <cert manager namespace>
+      onError: fail
+      selectResource: pod
+      timeout: 600
+      type: check
+    - chks:
+        - condition: '{$.spec.replicas} == {$.status.readyReplicas}'
+          name: podReady
+          onError: fail
+          timeout: 600
+      name: cert-manager-webhook-check
+      nameSelector: cert-manager-webhook
+      namespace: <cert manager namespace>
+      onError: fail
+      selectResource: deployment
+      timeout: 600
+      type: check
+  workflows:
+    - failOn: any-error
+      name: backup
+      sequence:
+        - group: pull-secret
+        - group: common-services-namespace
+        - group: common-services-catalogs
+        - group: common-services-operatorgroups
+        - group: cert-manager-resources
+        - group: cert-manager-subscription
+    - failOn: any-error
+      name: restore
+      sequence:
+        - group: common-services-namespace
+        - group: pull-secret
+        - group: ow-pull-secret
+        - group: common-services-catalogs
+        - group: common-services-operatorgroups
+        - group: cert-manager-config-crd
+        - group: cert-manager-config-cr
+        - group: cert-manager-subscription
+        - hook: cert-manager-operator-check/podReady
+        - hook: cert-manager-webhook-check/podReady
+