Merge pull request #29 from seagits/feat/kas-144

feat: added new helm chart to deploy cert manager issuers
seagits · Dec 29, 2024 · 654e889 · 654e889
2 parents ead3e0e + 1258aab
commit 654e889
Show file tree

Hide file tree

Showing 6 changed files with 128 additions and 0 deletions.
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -30,7 +30,18 @@ jobs:
           changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
           if [[ -n "$changed" ]]; then
             echo "::set-output name=changed::true"
+            echo "::set-output name=charts::$changed"
+            if echo "$changed" | grep -q "cert-manager-issuers"; then
+            echo "cert-ex-changed=true" >> "$GITHUB_ENV"
+            echo "::set-output name=cert-ex-changed::true"
+            else
+            echo "cert-ex-changed=false" >> "$GITHUB_ENV"
+            echo "::set-output name=cert-ex-changed::false"
+            fi
           fi
+          
+# echo "changed-charts=$changed" >> "$GITHUB_ENV"
+# if : env.cert-extension-changed == 'true'
 
       - name: Run chart-testing (lint)
         run: ct lint --target-branch ${{ github.event.repository.default_branch }}
@@ -39,6 +50,16 @@ jobs:
         uses: helm/kind-action@v1.9.0
         if: steps.list-changed.outputs.changed == 'true'
 
+      - name: cert-manager (install)
+        if: steps.list-changed.outputs.cert-ex-changed == 'true' 
+        run: |
+          helm repo add jetstack https://charts.jetstack.io
+          helm repo update
+          helm upgrade --install cert-manager jetstack/cert-manager \
+            --namespace cert-manager --create-namespace \
+            --set installCRDs=true \
+            --wait
+
       - name: Run chart-testing (install)
         run: ct install
 # https://github.com/marketplace/actions/helm-chart-testing
diff --git a/charts/cert-manager-issuers/.helmignore b/charts/cert-manager-issuers/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/cert-manager-issuers/Chart.yaml b/charts/cert-manager-issuers/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: cert-manager-issuers
+description: Create list of cert manager Issuers
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+appVersion: "0.1.0"
+maintainers:
+- name: Seagit
+  email: contact@seagit.com
+  url: https://charts.seagit.com
diff --git a/charts/cert-manager-issuers/templates/NOTES.txt b/charts/cert-manager-issuers/templates/NOTES.txt
@@ -0,0 +1,9 @@
+Get the Issuers by running these commands:
+
+{{- range .Values.issuers  }}
+{{- if eq .kind "Issuer" }}
+kubectl get --namespace {{ .namespace }} issuer {{ .name }}
+{{- else }}
+kubectl get clusterissuer {{ .name }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager-issuers/templates/issuers.yaml b/charts/cert-manager-issuers/templates/issuers.yaml
@@ -0,0 +1,35 @@
+{{- range .Values.issuers  }}
+apiVersion: cert-manager.io/v1
+kind: {{ .kind }}
+metadata:
+  name: {{ .name | default "issuer" }}
+  {{- if eq .kind "Issuer" }}
+  {{- if .namespace }}
+  namespace: {{  .namespace }}  
+  {{- else if and (.Release) (.Release.Namespace) }}
+  namespace: {{  .Release.Namespace }}  
+  {{- else }}
+  namespace: {{  "default" }}  
+  {{- end }}
+  {{- end }}
+spec:
+{{- if and (.acme) (.acme.server) (.acme.email) }} 
+  acme:
+    server: {{ .acme.server | default "https://acme-v02.api.letsencrypt.org/directory" }}
+    email: {{ .acme.email }}
+    privateKeySecretRef:
+    {{- if and (.acme.privateKeySecretRef) (.acme.privateKeySecretRef.name) }}
+      name: {{ .acme.privateKeySecretRef.name  }}
+    {{- else }}
+      name: {{ .name }}
+    {{- end }}
+    solvers: 
+      {{- toYaml .acme.solvers | nindent 6 }}
+{{- else if and (.ca) (.ca.secretName) }} 
+  ca:
+    secretName: {{ .ca.secretName }}
+{{- else }} 
+    selfSigned: {}
+{{- end }}
+---
+{{- end }}
diff --git a/charts/cert-manager-issuers/values.yaml b/charts/cert-manager-issuers/values.yaml
@@ -0,0 +1,26 @@
+# Default values for cert-manager-issuers.
+
+# This expects list of Issuers to be created for cert manager to use to issue certificates
+issuers:
+  - name: letsencrypt-staging
+    # can be "Issuer" or "ClusterIssuer"
+    kind: Issuer
+    namespace: "default"  # will be used only when the issuer's kind is "Issuer"
+    # Issuer types can be "acme" - "ca" - or "selfSigned" (todo: more to be added)
+    acme:
+      # The ACME server URL e.g. https://acme-staging-v02.api.letsencrypt.org/directory
+      server: ""
+      # Email address used for ACME registration e.g. admin@example.com
+      email: ""
+      # optional: if not set, defaulted to the name of the Issuer
+      privateKeySecretRef:
+        name: ""
+      solvers: []
+        # - http01:
+        #     ingress:
+        #       ingressClassName: nginx
+    # certificate authority provided secret values (expected data: ca.crt - tls.key - tls.crt)
+    ca:
+      secretName: ""
+    # self signed certificate
+    selfSigned: {}