Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add cert-manager-setup chart, make dex + traefik use cert-manager issued certificates #123

Merged
merged 14 commits into from
Sep 19, 2019
Merged

Add cert-manager-setup chart, make dex + traefik use cert-manager issued certificates #123

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
a34c275
Add cert-manager-setup chart
Sep 12, 2019
42f6787
Refine cert-manager chart
Sep 13, 2019
dccb5cf
Better description
Sep 13, 2019
9c127bf
Add templating for ClusterIssuer
Sep 13, 2019
88f9c1b
Add jetstack repo
Sep 16, 2019
ce55e8d
Fix lint
Sep 16, 2019
366ada5
Passes linting
Sep 16, 2019
d11661e
Add README.md
Sep 16, 2019
8d63297
Improve README.md
Sep 16, 2019
a7f9aca
Reference cert-manager Issuer docs
Sep 16, 2019
9e9a66e
Align cert-manager with the design document
Sep 17, 2019
d55e8af
cert-manager integration
Sep 19, 2019
8da550c
Update chart versions
Sep 19, 2019
c083c9f
Use .Release.Namespace
Sep 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions staging/cert-manager-setup/.helmignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
5 changes: 5 additions & 0 deletions staging/cert-manager-setup/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: Install cert-manager + add Konvoy ClusterIssuer
name: cert-manager-setup
version: 0.1.0
Binary file added staging/cert-manager-setup/charts/cert-manager-v0.10.0.tgz
View file
Open in desktop
Binary file not shown.
6 changes: 6 additions & 0 deletions staging/cert-manager-setup/requirements.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v0.10.0
digest: sha256:28e79a359d2563500962b1791ffb542092daf6a6ee73e58b9681d21b9955974e
generated: "2019-09-13T12:14:07.505937281+02:00"
4 changes: 4 additions & 0 deletions staging/cert-manager-setup/requirements.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
dependencies:
- name: cert-manager
version: 0.10.0
repository: https://charts.jetstack.io
1 change: 1 addition & 0 deletions staging/cert-manager-setup/templates/NOTES.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Deploys cert-manager and submits the kubernetes-ca ClusterIssuer post installation.
45 changes: 45 additions & 0 deletions staging/cert-manager-setup/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "cert-manager-setup.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cert-manager-setup.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cert-manager-setup.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Common labels
*/}}
{{- define "cert-manager-setup.labels" -}}
app.kubernetes.io/name: {{ include "cert-manager-setup.name" . }}
helm.sh/chart: {{ include "cert-manager-setup.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
11 changes: 11 additions & 0 deletions staging/cert-manager-setup/templates/clusterissuer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{ if .Values.clusterissuer }}
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: {{ required "clusterissuer must have a name" .Values.clusterissuer.name }}
annotations:
"helm.sh/hook": "post-install"
"helm.sh/hook-weight": "-4"
spec:
{{ required "clusterissuer must have a spec" .Values.clusterissuer.spec | toYaml | indent 4 }}
{{ end }}
8 changes: 8 additions & 0 deletions staging/cert-manager-setup/templates/clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-apiservices
rules:
- apiGroups: ["apiregistration.k8s.io"]
resources: ["apiservices"]
verbs: ["get", "watch", "list"]
13 changes: 13 additions & 0 deletions staging/cert-manager-setup/templates/clusterrolebinding.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: read-apiservices-rolebinding
namespace: kubeaddons
subjects:
- kind: ServiceAccount
namespace: kubeaddons
name: default
roleRef:
kind: ClusterRole
name: read-apiservices
apiGroup: rbac.authorization.k8s.io
Loading