truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit new Chart releases for TrueCharts 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2023-12-20 15:25:43 +00:00
parent e3a5b07f25
commit c1663caf86
16 changed files with 1082 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
enterprise/clusterissuer/5.0.0/CHANGELOG.md Normal file
View File

@ -0,0 +1,99 @@
**Important:**
*for the complete changelog, please refer to the website*
## [clusterissuer-5.0.0](https://github.com/truecharts/charts/compare/clusterissuer-4.2.14...clusterissuer-5.0.0) (2023-12-20)
### Chore
- BREAKING CHANGE adapt to common changes ([#15889](https://github.com/truecharts/charts/issues/15889))
## [clusterissuer-4.2.14](https://github.com/truecharts/charts/compare/clusterissuer-4.2.13...clusterissuer-4.2.14) (2023-12-20)
### Chore
- Bump everything to force min/max scale version update
## [clusterissuer-4.2.13](https://github.com/truecharts/charts/compare/clusterissuer-4.2.11...clusterissuer-4.2.13) (2023-12-16)
### Chore
- fix move mistake and cleanup metadata
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
## [clusterissuer-4.2.13](https://github.com/truecharts/charts/compare/clusterissuer-4.2.11...clusterissuer-4.2.13) (2023-12-16)
### Chore
- fix move mistake and cleanup metadata
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
## [clusterissuer-4.2.12](https://github.com/truecharts/charts/compare/clusterissuer-4.2.11...clusterissuer-4.2.12) (2023-12-16)
### Chore
- fix move mistake and cleanup metadata
## [clusterissuer-4.2.11](https://github.com/truecharts/charts/compare/clusterissuer-4.2.10...clusterissuer-4.2.11) (2023-12-03)
### Chore
- bump everything to ensure catalog has latest versions
- fix annotations again
- update annotations
- cleanup chart.yaml and add min-max scale version
- lint files ([#15238](https://github.com/truecharts/charts/issues/15238))
## [clusterissuer-4.2.10](https://github.com/truecharts/charts/compare/clusterissuer-4.2.9...clusterissuer-4.2.10) (2023-11-17)
## [clusterissuer-4.2.9](https://github.com/truecharts/charts/compare/clusterissuer-4.2.8...clusterissuer-4.2.9) (2023-11-08)
## [clusterissuer-4.2.8](https://github.com/truecharts/charts/compare/clusterissuer-4.2.7...clusterissuer-4.2.8) (2023-11-08)
## [clusterissuer-4.2.7](https://github.com/truecharts/charts/compare/clusterissuer-4.2.6...clusterissuer-4.2.7) (2023-11-08)
### Chore
- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454))
## [clusterissuer-4.2.6](https://github.com/truecharts/charts/compare/clusterissuer-4.2.5...clusterissuer-4.2.6) (2023-11-05)

37
enterprise/clusterissuer/5.0.0/Chart.yaml Normal file
View File

@ -0,0 +1,37 @@
kubeVersion: ">=1.24.0-0"
apiVersion: v2
name: clusterissuer
version: 5.0.0
appVersion: latest
description: Certificate management for Kubernetes
home: https://truecharts.org/charts/enterprise/clusterissuer
icon: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png
deprecated: false
sources:
- https://cert-manager.io/
- https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
- https://hub.docker.com/_/hello-world
maintainers:
- name: TrueCharts
email: info@truecharts.org
url: https://truecharts.org
keywords:
- cert-manager
- certificates
dependencies:
- name: common
version: 16.2.4
repository: https://library-charts.truecharts.org
condition: ""
alias: ""
tags: []
import-values: []
annotations:
max_scale_version: 23.10.2
min_scale_version: 23.10.0
truecharts.org/SCALE-support: "true"
truecharts.org/category: core
truecharts.org/max_helm_version: "3.13"
truecharts.org/min_helm_version: "3.12"
truecharts.org/train: enterprise
type: application

106
enterprise/clusterissuer/5.0.0/LICENSE Normal file
View File

@ -0,0 +1,106 @@
Business Source License 1.1
Parameters
Licensor: The TrueCharts Project, it's owner and it's contributors
Licensed Work: The TrueCharts "Cert-Manager" Helm Chart
Additional Use Grant: You may use the licensed work in production, as long
as it is directly sourced from a TrueCharts provided
official repository, catalog or source. You may also make private
modification to the directly sourced licenced work,
when used in production.
The following cases are, due to their nature, also
defined as 'production use' and explicitly prohibited:
- Bundling, including or displaying the licensed work
with(in) another work intended for production use,
with the apparent intend of facilitating and/or
promoting production use by third parties in
violation of this license.
Change Date: 2050-01-01
Change License: 3-clause BSD license
For information about alternative licensing arrangements for the Software,
please contact: legal@truecharts.org
Notice
The Business Source License (this document, or the “License”) is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
“Business Source License” is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark “Business Source License”,
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the “Business
Source License” name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where “compatible” means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text “None”.
3. To specify a Change Date.
4. Not to modify this License in any other way.

27
enterprise/clusterissuer/5.0.0/README.md Normal file
View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/clusterissuer)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

9
enterprise/clusterissuer/5.0.0/app-changelog.md Normal file
View File

@ -0,0 +1,9 @@
## [clusterissuer-5.0.0](https://github.com/truecharts/charts/compare/clusterissuer-4.2.14...clusterissuer-5.0.0) (2023-12-20)
### Chore
- BREAKING CHANGE adapt to common changes ([#15889](https://github.com/truecharts/charts/issues/15889))

8
enterprise/clusterissuer/5.0.0/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
Certificate management for Kubernetes
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/clusterissuer](https://truecharts.org/charts/enterprise/clusterissuer)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

BIN
enterprise/clusterissuer/5.0.0/charts/common-16.2.4.tgz Normal file
View File

Binary file not shown.

104
enterprise/clusterissuer/5.0.0/ix_values.yaml Normal file
View File

@ -0,0 +1,104 @@
image:
repository: hello-world
tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
pullPolicy: IfNotPresent
manifestManager:
enabled: true
workload:
main:
enabled: false
podSpec:
containers:
main:
enabled: false
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
service:
main:
enabled: false
ports:
main:
enabled: false
port: 9999
portal:
open:
enabled: false
operator:
verify:
additionalOperators:
- cert-manager
enabled: true
failOnError: false
clusterIssuer:
selfSigned:
enabled: true
name: "selfsigned"
CA: []
# - name: myca
# selfSigned: true
# selfSignedCommonName: "my-selfsigned-ca"
# # Used to manually define a CA-crt not used when selfSigned is enabled
# crt: ""
# key: ""
# # TODO: Add option to use SCALE CA certs
ACME: []
# - name: letsencrypt
# # Used for both logging in to the DNS provider AND ACME registration
# email: ""
# server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
# # Used primarily for the SCALE GUI
# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
# email: ""
# # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns
# type: ""
# # for cloudflare
# cfapikey: ""
# cfapitoken: ""
# # for route53
# region: ""
# accessKeyID: ""
# route53SecretAccessKey: ""
# # optional for route53
# role: ""
# # for akamai
# serviceConsumerDomain: ""
# akclientToken: ""
# akclientSecret: ""
# akaccessToken: ""
# # for digitalocean
# doaccessToken: ""
# # for rfc2136
# nameserver: ""
# tsigKeyName: ""
# tsigAlgorithm: ""
# rfctsigSecret: ""
# # for acmedns
# name: sd
# acmednsHost: asdf
# # Pick one of the bellow acmednsConfig
# acmednsConfigJson:
# acmednsConfig:
# - domain: ""
# username: ""
# password: ""
# fulldomain: ""
# subdomain: ""
# allowFrom: []
clusterCertificates:
# Namespaces in which the certificates must be available
# Accepts comma-separated regex expressions
# replicationNamespaces: 'ix-.*'
certificates: []
# - name: mycert
# enabled: true
# certificateIssuer: selfsigned
# hosts:
# - my.domain.com
# - '*.my.domain.com'

445
enterprise/clusterissuer/5.0.0/questions.yaml Normal file
View File

@ -0,0 +1,445 @@
groups:
- name: Container Image
description: Image to be used for container
- name: General Settings
description: General Deployment Settings
- name: Workload Settings
description: Workload Settings
- name: App Configuration
description: App Specific Config Options
- name: Networking and Services
description: Configure Network and Services for Container
- name: Storage and Persistence
description: Persist and Share Data that is Separate from the Container
- name: Ingress
description: Ingress Configuration
- name: Security and Permissions
description: Configure Security Context and Permissions
- name: Resources and Devices
description: "Specify Resources/Devices to be Allocated to Workload"
- name: Middlewares
description: Traefik Middlewares
- name: Metrics
description: Metrics
- name: Addons
description: Addon Configuration
- name: Advanced
description: Advanced Configuration
- name: Postgresql
description: Postgresql
- name: Documentation
description: Documentation
questions:
- variable: global
group: General Settings
label: "Global Settings"
schema:
additional_attrs: true
type: dict
attrs:
- variable: stopAll
label: Stop All
description: "Stops All Running pods and hibernates cnpg"
schema:
type: boolean
default: false
- variable: clusterIssuer
group: App Configuration
label: Cluster Certificate Issuer
schema:
additional_attrs: true
type: dict
attrs:
- variable: ACME
label: 'ACME Issuer'
schema:
type: list
default: []
items:
- variable: ACMEEntry
label: 'ACME Issuer Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: ""
- variable: type
label: Type or DNS-Provider
description: DNS Provider
schema:
type: string
default: cloudflare
enum:
- value: cloudflare
description: Cloudflare
- value: route53
description: Route53
- value: akamai
description: Akamai
- value: digitalocean
description: Digitalocean
- value: rfc2136
description: rfc2136 (Advanced)
- value: HTTP01
description: HTTP01 (Experimental)
- value: acmedns
description: ACME DNS (Advanced)
- variable: server
label: Server
description: "Server for ACME, for example: letsencrypt"
schema:
type: string
default: 'Letsencrypt-Production'
enum:
- value: 'https://acme-v02.api.letsencrypt.org/directory'
description: Letsencrypt-Production
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
description: Letsencrypt-Staging
- value: 'https://api.buypass.no/acme-v02/directory'
description: BuyPass-Production
- value: 'https://api.test4.buypass.no/acme-v02/directory'
description: BuyPass-Staging
- value: custom
description: Custom
- variable: customServer
label: Custom ACME Server (Advanced)
description: "This can be used to enter your own custom ACME server"
schema:
type: string
show_if: [["server", "=", "custom"]]
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
- variable: caBundle
label: Trusted CABundle for private ACME server
description: "Trusted CABundle for private ACME server, encoded in base64"
schema:
type: string
show_if: [["server", "=", "custom"]]
- variable: email
label: Email
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
schema:
type: string
required: true
default: "something@example.com"
- variable: cfapikey
label: CloudFlare API key
description: "CloudFlare API Key"
schema:
show_if: [["type", "=", "cloudflare"]]
type: string
default: ""
- variable: cfapitoken
label: CloudFlare API Token
description: "CloudFlare API Token"
schema:
show_if: [["type", "=", "cloudflare"]]
type: string
default: ""
- variable: region
label: Route53 Region
description: "Route 53 Region"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: "us-west-1"
- variable: accessKeyID
label: Route53 accessKeyID
description: "Route53 accessKeyID"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: ""
- variable: route53SecretAccessKey
label: Route53 Secret Access Key
description: "Route53 Secret Access Key"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: ""
- variable: role
label: Route53 Role (optional)
description: "Route53 Role"
schema:
show_if: [["type", "=", "route53"]]
type: string
default: ""
- variable: serviceConsumerDomain
label: Akamai Service Consumer Domain
description: "Akamai Service Consumer Domain"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akclientToken
label: Akamai Client Token
description: "Client Token"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akclientSecret
label: Akamai Client Secret
description: "Akamai Client Secret"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akaccessToken
label: Akamai Access Token
description: "Akamai Access Token"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: doaccessToken
label: Digitalocean Access Token
description: "Digitalocean Access Token"
schema:
show_if: [["type", "=", "digitalocean"]]
type: string
required: true
default: ""
- variable: nameserver
label: rfc2136 Namesever
description: "rfc2136 Namesever"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: tsigKeyName
label: rfc2136 tsig Key Name
description: "rfc2136 tsig Key Name"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: tsigAlgorithm
label: rfc2136 tsig Algorithm
description: "rfc2136 tsig Algorithm"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: rfctsigSecret
label: rfc2136 sig Secret
description: "rfc2136 sig Secret"
schema:
show_if: [["type", "=", "rfc2136"]]
type: string
required: true
default: ""
- variable: acmednsHost
label: ACME DNS host
description: "ACME DNS API server address"
schema:
show_if: [["type", "=", "acmedns"]]
type: string
required: true
default: "https://auth.acme-dns.io"
- variable: acmednsConfig
label: ACME DNS config
description: "ACME DNS per-domain auth configuration"
schema:
show_if: [["type", "=", "acmedns"]]
type: list
default: []
items:
- variable: acmednsEntry
label: 'ACME DNS entry'
schema:
type: dict
attrs:
- variable: domain
label: Domain
schema:
type: string
required: true
- variable: username
label: Username
schema:
type: string
required: true
- variable: password
label: Password
schema:
type: string
required: true
- variable: fulldomain
label: Full domain
schema:
type: string
required: true
- variable: subdomain
label: Subdomain
schema:
type: string
required: true
- variable: allowFrom
label: Allow from
schema:
type: list
default: []
items:
- variable: cidr
label: CIDR
schema:
type: ipaddr
cidr: true
required: true
- variable: CA
label: Certificate Authority Issuer
schema:
type: list
default: []
items:
- variable: CAEntry
label: 'CA Issuer Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: ""
- variable: selfSigned
label: selfSigned
description: "Create Self Signed CA cert"
schema:
type: boolean
default: true
- variable: selfSignedCommonName
label: selfSigned CommonName
description: "Common name for selfSigned Certiticate Authority"
schema:
type: string
required: true
show_if: [["selfSigned", "=", true]]
default: "my-selfsigned-ca"
- variable: crt
label: "Custom CA cert (experimental)"
description: "certificate for Certiticate Authority"
schema:
type: string
required: true
max_length: 10240
show_if: [["selfSigned", "=", false]]
default: ""
- variable: key
label: "Custom CA key (experimental)"
description: "key Certiticate Authority"
schema:
type: string
required: true
max_length: 10240
show_if: [["selfSigned", "=", false]]
default: ""
- variable: selfSigned
label: 'SelfSigned Issuer'
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
description: "Enable self-signed issuer"
schema:
type: boolean
default: true
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: "selfsigned"
- variable: clusterCertificates
group: App Configuration
label: Cluster Wide Certificates (Advanced)
description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates."
schema:
additional_attrs: true
type: dict
attrs:
- variable: certificates
label: Cluster Certificates
schema:
type: list
default: []
items:
- variable: CertEntry
label: 'Certificate Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
schema:
type: boolean
default: true
- variable: name
label: Certificate Name
schema:
type: string
required: true
default: ""
- variable: certificateIssuer
label: Cert-Manager clusterIssuer
description: "One of the Cert-Manager clusterIssuers defined above"
schema:
type: string
required: true
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
default: "selfsigned"
- variable: hosts
label: Certificate Hosts
description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up."
schema:
type: list
default: []
items:
- variable: host
label: Host
schema:
type: string
default: ""
required: true
- variable: customMetrics
group: Metrics
label: Prometheus Metrics
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable Prometheus Metrics
schema:
type: boolean
default: true

1
enterprise/clusterissuer/5.0.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}

128
enterprise/clusterissuer/5.0.0/templates/clusterissuer/_ACME.tpl Normal file
View File

@ -0,0 +1,128 @@
{{- define "certmanager.clusterissuer.acme" -}}
{{- $operator := index $.Values.operator "cert-manager" -}}
{{- $namespace := $operator.namespace | default "cert-manager" -}}
{{- $rfctsigSecret := .rfctsigSecret | default "" -}}
{{/* https://cert-manager.io/docs/configuration/acme/dns01/rfc2136/#troubleshooting */}}
{{- if $rfctsigSecret -}} {{/* If we try to decode and fail, go on and encode it. */}}
{{- if (contains "illegal base64" (b64dec $rfctsigSecret)) -}}
{{- $rfctsigSecret = b64enc $rfctsigSecret -}}
{{- end -}}
{{- end -}}
{{- range .Values.clusterIssuer.ACME }}
{{- if or (not .name) (not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name)) -}}
{{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
{{- end -}}
{{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" "acmedns" -}}
{{- if not (mustHas .type $validTypes) -}}
{{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
{{- end -}}
{{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
{{- $acmednsDict := dict -}}
{{- if and (eq .type "acmedns") (not .acmednsConfigJson) }}
{{- range .acmednsConfig }}
{{/* Transform to a dict with domain as a key, also remove domain from the dict */}}
{{- $_ := set $acmednsDict .domain (omit . "domain") -}}
{{- end }}
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .name }}
spec:
acme:
email: {{ .email }}
server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
{{- if .caBundle }}
caBundle: {{ .caBundle }}
{{- end }}
privateKeySecretRef:
name: {{ .name }}-acme-clusterissuer-account-key
solvers:
{{- if eq .type "HTTP01" }}
- http01:
ingress: {}
{{- else }}
- dns01:
{{- if eq .type "cloudflare" }}
cloudflare:
email: {{ .email }}
{{- if .cfapitoken }}
apiTokenSecretRef:
name: {{ $issuerSecretName }}
key: cf-api-token
{{- else if .cfapikey }}
apiKeySecretRef:
name: {{ $issuerSecretName }}
key: cf-api-key
{{- else -}}
{{- fail "A cloudflare API key or token is required" -}}
{{- end -}}
{{- else if eq .type "route53" }}
route53:
region: {{ .region }}
accessKeyID: {{ .accessKeyID }}
{{- if .role }}
role: {{ .role }}
{{- end }}
secretAccessKeySecretRef:
name: {{ $issuerSecretName }}
key: route53-secret-access-key
{{- else if eq .type "akamai" }}
akamai:
serviceConsumerDomain: {{ .serviceConsumerDomain }}
clientTokenSecretRef:
name: {{ $issuerSecretName }}
key: akclientToken
clientSecretSecretRef:
name: {{ $issuerSecretName }}
key: akclientSecret
accessTokenSecretRef:
name: {{ $issuerSecretName }}
key: akaccessToken
{{- else if eq .type "digitalocean" }}
digitalocean:
tokenSecretRef:
name: {{ $issuerSecretName }}
key: doaccessToken
{{- else if eq .type "rfc2136" }}
rfc2136:
nameserver: {{ .nameserver }}
tsigKeyName: {{ .tsigKeyName }}
tsigAlgorithm: {{ .tsigAlgorithm }}
tsigSecretSecretRef:
name: {{ $issuerSecretName }}
key: rfctsigSecret
{{- else if eq .type "acmedns" }}
acmeDNS:
host: {{ .acmednsHost }}
accountSecretRef:
name: {{ $issuerSecretName }}
key: acmednsJson
{{- end -}}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
namespace: {{ $namespace }}
name: {{ $issuerSecretName }}
type: Opaque
stringData:
cf-api-token: {{ .cfapitoken | default "" }}
cf-api-key: {{ .cfapikey | default "" }}
route53-secret-access-key: {{ .route53SecretAccessKey | default "" }}
akclientToken: {{ .akclientToken | default "" }}
akclientSecret: {{ .akclientSecret | default "" }}
akaccessToken: {{ .akaccessToken | default "" }}
doaccessToken: {{ .doaccessToken | default "" }}
rfctsigSecret: {{ $rfctsigSecret }}
{{- if .acmednsConfigJson }}
acmednsJson: {{ .acmednsConfigJson }}
{{- else if $acmednsDict }}
acmednsJson: {{ toJson $acmednsDict }}
{{- end -}}
{{- end -}}
{{- end -}}

54
enterprise/clusterissuer/5.0.0/templates/clusterissuer/_CA.tpl Normal file
View File

@ -0,0 +1,54 @@
{{- define "certmanager.clusterissuer.ca" -}}
{{- $operator := index $.Values.operator "cert-manager" -}}
{{- $namespace := $operator.namespace | default "cert-manager" -}}
{{- range .Values.clusterIssuer.CA }}
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}}
{{- fail "CA - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
{{- end -}}
{{- if .selfSigned }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .name }}-selfsigned-ca-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .name }}-selfsigned-ca
namespace: {{ $namespace }}
spec:
isCA: true
commonName: {{ .selfSignedCommonName }}
secretName: {{ .name }}-ca
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: {{ .name }}-selfsigned-ca-issuer
kind: ClusterIssuer
group: cert-manager.io
{{- else }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}-ca
namespace: {{ $namespace }}
data:
tls.crt: {{ .crt | b64enc }}
tls.key: {{ .key | b64enc }}
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .name }}
spec:
ca:
secretName: {{ .name }}-ca
{{- end }}
{{- end -}}

34
enterprise/clusterissuer/5.0.0/templates/clusterissuer/_clusterCertificates.tpl Normal file
View File

@ -0,0 +1,34 @@
{{- define "certmanager.clusterissuer.clusterCertificates" -}}
{{- if .Values.clusterCertificates -}}
{{- $secretTemplates := dict -}}
{{- $certNamespace := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" dict "caller" "ClusterCertificates")) -}}
{{- $replicationNamespaces := ".*" -}}
{{- if .Values.clusterCertificates.replicationNamespaces -}}
{{- $replicationNamespaces = .Values.clusterCertificates.replicationNamespaces -}}
{{- else if .Values.ixChartContext -}}
{{- $replicationNamespaces = "ix-.*" -}}
{{- end -}}
{{- $reflectorAnnotations := (dict
"reflector.v1.k8s.emberstack.com/reflection-allowed" "true"
"reflector.v1.k8s.emberstack.com/reflection-auto-enabled" "true"
"reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" (printf "%v,%v" $certNamespace $replicationNamespaces)
"reflector.v1.k8s.emberstack.com/reflection-auto-namespaces" $replicationNamespaces ) -}}
{{- $certAnnotations := (mustMerge ($reflectorAnnotations) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
{{- $_ := set $secretTemplates "annotations" $certAnnotations -}}
{{- if not $.Values.certificate -}}
{{- $_ := set $.Values "certificate" dict -}}
{{- end -}}
{{- range .Values.clusterCertificates.certificates -}}
{{- $_ := set $.Values.certificate .name (dict
"enabled" .enabled
"hosts" .hosts
"certificateIssuer" .certificateIssuer
"certificateSecretTemplate" $secretTemplates
) -}}
{{- end -}}
{{- end -}}
{{- end -}}

14
enterprise/clusterissuer/5.0.0/templates/clusterissuer/_selfSigned.tpl Normal file
View File

@ -0,0 +1,14 @@
{{- define "certmanager.clusterissuer.selfsigned" -}}
{{- if .Values.clusterIssuer.selfSigned.enabled -}}
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .Values.clusterIssuer.selfSigned.name) -}}
{{- fail "Self Singed Issuer - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .Values.clusterIssuer.selfSigned.name }}
spec:
selfSigned: {}
{{- end }}
{{- end -}}

16
enterprise/clusterissuer/5.0.0/templates/common.yaml Normal file
View File

@ -0,0 +1,16 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.v1.common.loader.init" . }}
{{/*
Generate certificate data and set them to $.Values.ceritificate
Let common handle the creation of the objects
*/}}
{{- include "certmanager.clusterissuer.clusterCertificates" . }}
{{/* Render the templates */}}
{{ include "tc.v1.common.loader.apply" . }}
{{/* Generate the cluster issuers */}}
{{- include "certmanager.clusterissuer.acme" . }}
{{- include "certmanager.clusterissuer.selfsigned" . }}
{{- include "certmanager.clusterissuer.ca" . }}

0
enterprise/clusterissuer/5.0.0/values.yaml Normal file
View File