fix(cert-manager): Do validation earlier, and add missing `---` before PodMonitor, causing objects to merge (#7787)
* WIP fix secret of clusterissuer not found * bump * Whoooops
This commit is contained in:
parent
ee2146782a
commit
784a8346c0
|
@ -21,7 +21,7 @@ sources:
|
||||||
- https://github.com/truecharts/charts/tree/master/charts/enterprise/cert-manager
|
- https://github.com/truecharts/charts/tree/master/charts/enterprise/cert-manager
|
||||||
- https://cert-manager.io/
|
- https://cert-manager.io/
|
||||||
type: application
|
type: application
|
||||||
version: 1.0.8
|
version: 1.0.9
|
||||||
annotations:
|
annotations:
|
||||||
truecharts.org/catagories: |
|
truecharts.org/catagories: |
|
||||||
- core
|
- core
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{{- define "certmanager.metrics" -}}
|
{{- define "certmanager.metrics" -}}
|
||||||
{{- if .Values.customMetrics.enabled }}
|
{{- if .Values.customMetrics.enabled }}
|
||||||
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PodMonitor
|
kind: PodMonitor
|
||||||
metadata:
|
metadata:
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
{{- define "certmanager.clusterissuer.acme" -}}
|
{{- define "certmanager.clusterissuer.acme" -}}
|
||||||
{{- range .Values.clusterIssuer.ACME }}
|
{{- range .Values.clusterIssuer.ACME }}
|
||||||
|
|
||||||
|
{{- $validTypes := list "HTTP01" "cloudflare" "route53" -}}
|
||||||
|
{{- if not (mustHas .type $validTypes) -}}
|
||||||
|
{{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
|
||||||
---
|
---
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
|
@ -22,15 +28,15 @@ spec:
|
||||||
email: {{ .email }}
|
email: {{ .email }}
|
||||||
{{- if .cfapitoken }}
|
{{- if .cfapitoken }}
|
||||||
apiTokenSecretRef:
|
apiTokenSecretRef:
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
key: cf-api-token
|
key: cf-api-token
|
||||||
{{- else if .cfapikey }}
|
{{- else if .cfapikey }}
|
||||||
apiKeySecretRef:
|
apiKeySecretRef:
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
key: cf-api-key
|
key: cf-api-key
|
||||||
{{ else }}
|
{{- else -}}
|
||||||
{{- fail "A cloudflare API key or token is required" }}
|
{{- fail "A cloudflare API key or token is required" -}}
|
||||||
{{- end }}
|
{{- end -}}
|
||||||
{{- else if eq .type "route53" }}
|
{{- else if eq .type "route53" }}
|
||||||
route53:
|
route53:
|
||||||
region: {{ .region }}
|
region: {{ .region }}
|
||||||
|
@ -45,18 +51,18 @@ spec:
|
||||||
akamai:
|
akamai:
|
||||||
serviceConsumerDomain: {{ .serviceConsumerDomain }}
|
serviceConsumerDomain: {{ .serviceConsumerDomain }}
|
||||||
clientTokenSecretRef:
|
clientTokenSecretRef:
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
key: akclientToken
|
key: akclientToken
|
||||||
clientSecretSecretRef:
|
clientSecretSecretRef:
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
key: akclientSecret
|
key: akclientSecret
|
||||||
accessTokenSecretRef:
|
accessTokenSecretRef:
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
key: akaccessToken
|
key: akaccessToken
|
||||||
{{- else if eq .type "digitalocean" }}
|
{{- else if eq .type "digitalocean" }}
|
||||||
digitalocean:
|
digitalocean:
|
||||||
tokenSecretRef:
|
tokenSecretRef:
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
key: doaccessToken
|
key: doaccessToken
|
||||||
{{- else if eq .type "rfc2136" }}
|
{{- else if eq .type "rfc2136" }}
|
||||||
rfc2136:
|
rfc2136:
|
||||||
|
@ -64,18 +70,16 @@ spec:
|
||||||
tsigKeyName: {{ .tsigKeyName }}
|
tsigKeyName: {{ .tsigKeyName }}
|
||||||
tsigAlgorithm: {{ .tsigAlgorithm }}
|
tsigAlgorithm: {{ .tsigAlgorithm }}
|
||||||
tsigSecretSecretRef:
|
tsigSecretSecretRef:
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
key: rfctsigSecret
|
key: rfctsigSecret
|
||||||
{{- else }}
|
{{- end -}}
|
||||||
{{- fail "No correct ACME type entered..." }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
name: {{ .name }}-clusterissuer-secret
|
name: {{ $issuerSecretName }}
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
cf-api-token: {{ .cfapitoken | default "" }}
|
cf-api-token: {{ .cfapitoken | default "" }}
|
||||||
|
|
Loading…
Reference in New Issue