helm chart (cert-manager) does not support wildcards

[ppodevlabs]

Bug description

When enabling cert-manager for certificates, if you add a wildcard to the dns extra configuration it fails with

Error: YAML parse error on capsule-proxy/templates/certmanager.yaml: error converting YAML to JSON: yaml: line 8: did not find expected alphabetic or numeric character
helm.go:84: [debug] error converting YAML to JSON: yaml: line 8: did not find expected alphabetic or numeric character
YAML parse error on capsule-proxy/templates/certmanager.yaml
helm.sh/helm/v3/pkg/releaseutil.(*manifestFile).sort
	helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:146
helm.sh/helm/v3/pkg/releaseutil.SortManifests
	helm.sh/helm/v3/pkg/releaseutil/manifest_sorter.go:106
helm.sh/helm/v3/pkg/action.(*Configuration).renderResources
	helm.sh/helm/v3/pkg/action/action.go:168
helm.sh/helm/v3/pkg/action.(*Install).RunWithContext
	helm.sh/helm/v3/pkg/action/install.go:312
main.runInstall
	helm.sh/helm/v3/cmd/helm/install.go:314
main.newTemplateCmd.func2
	helm.sh/helm/v3/cmd/helm/template.go:95
github.com/spf13/cobra.(*Command).execute
	github.com/spf13/cobra@v1.8.0/command.go:983
github.com/spf13/cobra.(*Command).ExecuteC
	github.com/spf13/cobra@v1.8.0/command.go:1115
github.com/spf13/cobra.(*Command).Execute
	github.com/spf13/cobra@v1.8.0/command.go:1039
main.main
	helm.sh/helm/v3/cmd/helm/helm.go:83
runtime.main
	runtime/proc.go:271
runtime.goexit
	runtime/asm_arm64.s:1222

How to reproduce

use values:

certManager:
  generateCertificates: true
  issuer:
    kind: Issuer
  certificate:
    includeInternalServiceNames: true
    dnsNames:
    - "*-proxy.capsule-system.svc"

Expected behavior

It shoudl generate the certificate object with the proper wildcard in there

Additional context

• Capsule-Proxy version: 0.7.1
• Helm Chart version: 0.7.1
• Kubernetes version: 1.28.9

[prometherion]

I think this is not supported in Cert Manager, since the wildcard support is allowed only for DNS01 challenges.

[ppodevlabs]

I think this is not supported in Cert Manager, since the wildcard support is allowed only for DNS01 challenges.

Hi!
i think quoting won't break any dns name, eitherway i did a test with a certificate and it works as expected

Issuer

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: self-signed
spec:
  selfSigned: {}

Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test-serving-cert
spec:
  dnsNames:
  - capsule-proxy
  - capsule-proxy.capsule-system.svc
  - '*-proxy.capsule-system.svc'
  issuerRef:
    kind: ClusterIssuer
    name: self-signed
  secretName: test-cert
  subject:
    organizations:
    - clastix.io
status:
  conditions:
  - lastTransitionTime: "2024-09-13T06:20:01Z"
    message: Certificate is up to date and has not expired
    observedGeneration: 1
    reason: Ready
    status: "True"
    type: Ready
  notAfter: "2024-12-12T06:20:01Z"
  notBefore: "2024-09-13T06:20:01Z"
  renewalTime: "2024-11-12T06:20:01Z"
  revision: 1

[prometherion]

Thanks for testing it! 🚀