Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
e3a5b07f25
commit
c1663caf86
|
@ -0,0 +1,99 @@
|
|||
**Important:**
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-5.0.0](https://github.com/truecharts/charts/compare/clusterissuer-4.2.14...clusterissuer-5.0.0) (2023-12-20)
|
||||
|
||||
### Chore
|
||||
|
||||
- BREAKING CHANGE adapt to common changes ([#15889](https://github.com/truecharts/charts/issues/15889))
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.14](https://github.com/truecharts/charts/compare/clusterissuer-4.2.13...clusterissuer-4.2.14) (2023-12-20)
|
||||
|
||||
### Chore
|
||||
|
||||
- Bump everything to force min/max scale version update
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.13](https://github.com/truecharts/charts/compare/clusterissuer-4.2.11...clusterissuer-4.2.13) (2023-12-16)
|
||||
|
||||
### Chore
|
||||
|
||||
- fix move mistake and cleanup metadata
|
||||
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.13](https://github.com/truecharts/charts/compare/clusterissuer-4.2.11...clusterissuer-4.2.13) (2023-12-16)
|
||||
|
||||
### Chore
|
||||
|
||||
- fix move mistake and cleanup metadata
|
||||
- update helm general non-major ([#14784](https://github.com/truecharts/charts/issues/14784))
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.12](https://github.com/truecharts/charts/compare/clusterissuer-4.2.11...clusterissuer-4.2.12) (2023-12-16)
|
||||
|
||||
### Chore
|
||||
|
||||
- fix move mistake and cleanup metadata
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.11](https://github.com/truecharts/charts/compare/clusterissuer-4.2.10...clusterissuer-4.2.11) (2023-12-03)
|
||||
|
||||
### Chore
|
||||
|
||||
- bump everything to ensure catalog has latest versions
|
||||
- fix annotations again
|
||||
- update annotations
|
||||
- cleanup chart.yaml and add min-max scale version
|
||||
- lint files ([#15238](https://github.com/truecharts/charts/issues/15238))
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.10](https://github.com/truecharts/charts/compare/clusterissuer-4.2.9...clusterissuer-4.2.10) (2023-11-17)
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.9](https://github.com/truecharts/charts/compare/clusterissuer-4.2.8...clusterissuer-4.2.9) (2023-11-08)
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.8](https://github.com/truecharts/charts/compare/clusterissuer-4.2.7...clusterissuer-4.2.8) (2023-11-08)
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.7](https://github.com/truecharts/charts/compare/clusterissuer-4.2.6...clusterissuer-4.2.7) (2023-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454))
|
||||
|
||||
|
||||
|
||||
|
||||
## [clusterissuer-4.2.6](https://github.com/truecharts/charts/compare/clusterissuer-4.2.5...clusterissuer-4.2.6) (2023-11-05)
|
|
@ -0,0 +1,37 @@
|
|||
kubeVersion: ">=1.24.0-0"
|
||||
apiVersion: v2
|
||||
name: clusterissuer
|
||||
version: 5.0.0
|
||||
appVersion: latest
|
||||
description: Certificate management for Kubernetes
|
||||
home: https://truecharts.org/charts/enterprise/clusterissuer
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png
|
||||
deprecated: false
|
||||
sources:
|
||||
- https://cert-manager.io/
|
||||
- https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
|
||||
- https://hub.docker.com/_/hello-world
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
keywords:
|
||||
- cert-manager
|
||||
- certificates
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 16.2.4
|
||||
repository: https://library-charts.truecharts.org
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
annotations:
|
||||
max_scale_version: 23.10.2
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: core
|
||||
truecharts.org/max_helm_version: "3.13"
|
||||
truecharts.org/min_helm_version: "3.12"
|
||||
truecharts.org/train: enterprise
|
||||
type: application
|
|
@ -0,0 +1,106 @@
|
|||
Business Source License 1.1
|
||||
|
||||
Parameters
|
||||
|
||||
Licensor: The TrueCharts Project, it's owner and it's contributors
|
||||
Licensed Work: The TrueCharts "Cert-Manager" Helm Chart
|
||||
Additional Use Grant: You may use the licensed work in production, as long
|
||||
as it is directly sourced from a TrueCharts provided
|
||||
official repository, catalog or source. You may also make private
|
||||
modification to the directly sourced licenced work,
|
||||
when used in production.
|
||||
|
||||
The following cases are, due to their nature, also
|
||||
defined as 'production use' and explicitly prohibited:
|
||||
- Bundling, including or displaying the licensed work
|
||||
with(in) another work intended for production use,
|
||||
with the apparent intend of facilitating and/or
|
||||
promoting production use by third parties in
|
||||
violation of this license.
|
||||
|
||||
Change Date: 2050-01-01
|
||||
|
||||
Change License: 3-clause BSD license
|
||||
|
||||
For information about alternative licensing arrangements for the Software,
|
||||
please contact: legal@truecharts.org
|
||||
|
||||
Notice
|
||||
|
||||
The Business Source License (this document, or the “License”) is not an Open
|
||||
Source license. However, the Licensed Work will eventually be made available
|
||||
under an Open Source License, as stated in this License.
|
||||
|
||||
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
||||
“Business Source License” is a trademark of MariaDB Corporation Ab.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
Business Source License 1.1
|
||||
|
||||
Terms
|
||||
|
||||
The Licensor hereby grants you the right to copy, modify, create derivative
|
||||
works, redistribute, and make non-production use of the Licensed Work. The
|
||||
Licensor may make an Additional Use Grant, above, permitting limited
|
||||
production use.
|
||||
|
||||
Effective on the Change Date, or the fourth anniversary of the first publicly
|
||||
available distribution of a specific version of the Licensed Work under this
|
||||
License, whichever comes first, the Licensor hereby grants you rights under
|
||||
the terms of the Change License, and the rights granted in the paragraph
|
||||
above terminate.
|
||||
|
||||
If your use of the Licensed Work does not comply with the requirements
|
||||
currently in effect as described in this License, you must purchase a
|
||||
commercial license from the Licensor, its affiliated entities, or authorized
|
||||
resellers, or you must refrain from using the Licensed Work.
|
||||
|
||||
All copies of the original and modified Licensed Work, and derivative works
|
||||
of the Licensed Work, are subject to this License. This License applies
|
||||
separately for each version of the Licensed Work and the Change Date may vary
|
||||
for each version of the Licensed Work released by Licensor.
|
||||
|
||||
You must conspicuously display this License on each original or modified copy
|
||||
of the Licensed Work. If you receive the Licensed Work in original or
|
||||
modified form from a third party, the terms and conditions set forth in this
|
||||
License apply to your use of that work.
|
||||
|
||||
Any use of the Licensed Work in violation of this License will automatically
|
||||
terminate your rights under this License for the current and all other
|
||||
versions of the Licensed Work.
|
||||
|
||||
This License does not grant you any right in any trademark or logo of
|
||||
Licensor or its affiliates (provided that you may use a trademark or logo of
|
||||
Licensor as expressly required by this License).
|
||||
|
||||
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
||||
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
||||
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
||||
TITLE.
|
||||
|
||||
MariaDB hereby grants you permission to use this License’s text to license
|
||||
your works, and to refer to it using the trademark “Business Source License”,
|
||||
as long as you comply with the Covenants of Licensor below.
|
||||
|
||||
Covenants of Licensor
|
||||
|
||||
In consideration of the right to use this License’s text and the “Business
|
||||
Source License” name and trademark, Licensor covenants to MariaDB, and to all
|
||||
other recipients of the licensed work to be provided by Licensor:
|
||||
|
||||
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
||||
or a license that is compatible with GPL Version 2.0 or a later version,
|
||||
where “compatible” means that software provided under the Change License can
|
||||
be included in a program with software provided under GPL Version 2.0 or a
|
||||
later version. Licensor may specify additional Change Licenses without
|
||||
limitation.
|
||||
|
||||
2. To either: (a) specify an additional grant of rights to use that does not
|
||||
impose any additional restriction on the right granted in this License, as
|
||||
the Additional Use Grant; or (b) insert the text “None”.
|
||||
|
||||
3. To specify a Change Date.
|
||||
|
||||
4. Not to modify this License in any other way.
|
|
@ -0,0 +1,27 @@
|
|||
# README
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/clusterissuer)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
*All Rights Reserved - The TrueCharts Project*
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
|
||||
## [clusterissuer-5.0.0](https://github.com/truecharts/charts/compare/clusterissuer-4.2.14...clusterissuer-5.0.0) (2023-12-20)
|
||||
|
||||
### Chore
|
||||
|
||||
- BREAKING CHANGE adapt to common changes ([#15889](https://github.com/truecharts/charts/issues/15889))
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
Certificate management for Kubernetes
|
||||
|
||||
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/clusterissuer](https://truecharts.org/charts/enterprise/clusterissuer)
|
||||
|
||||
---
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,104 @@
|
|||
image:
|
||||
repository: hello-world
|
||||
tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
|
||||
pullPolicy: IfNotPresent
|
||||
manifestManager:
|
||||
enabled: true
|
||||
workload:
|
||||
main:
|
||||
enabled: false
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
enabled: false
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
ports:
|
||||
main:
|
||||
enabled: false
|
||||
port: 9999
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
operator:
|
||||
verify:
|
||||
additionalOperators:
|
||||
- cert-manager
|
||||
enabled: true
|
||||
failOnError: false
|
||||
clusterIssuer:
|
||||
selfSigned:
|
||||
enabled: true
|
||||
name: "selfsigned"
|
||||
CA: []
|
||||
# - name: myca
|
||||
# selfSigned: true
|
||||
# selfSignedCommonName: "my-selfsigned-ca"
|
||||
# # Used to manually define a CA-crt not used when selfSigned is enabled
|
||||
# crt: ""
|
||||
# key: ""
|
||||
# # TODO: Add option to use SCALE CA certs
|
||||
|
||||
ACME: []
|
||||
# - name: letsencrypt
|
||||
# # Used for both logging in to the DNS provider AND ACME registration
|
||||
# email: ""
|
||||
# server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
# # Used primarily for the SCALE GUI
|
||||
# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
# email: ""
|
||||
# # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns
|
||||
# type: ""
|
||||
# # for cloudflare
|
||||
# cfapikey: ""
|
||||
# cfapitoken: ""
|
||||
# # for route53
|
||||
# region: ""
|
||||
# accessKeyID: ""
|
||||
# route53SecretAccessKey: ""
|
||||
# # optional for route53
|
||||
# role: ""
|
||||
# # for akamai
|
||||
# serviceConsumerDomain: ""
|
||||
# akclientToken: ""
|
||||
# akclientSecret: ""
|
||||
# akaccessToken: ""
|
||||
# # for digitalocean
|
||||
# doaccessToken: ""
|
||||
# # for rfc2136
|
||||
# nameserver: ""
|
||||
# tsigKeyName: ""
|
||||
# tsigAlgorithm: ""
|
||||
# rfctsigSecret: ""
|
||||
# # for acmedns
|
||||
# name: sd
|
||||
# acmednsHost: asdf
|
||||
# # Pick one of the bellow acmednsConfig
|
||||
# acmednsConfigJson:
|
||||
# acmednsConfig:
|
||||
# - domain: ""
|
||||
# username: ""
|
||||
# password: ""
|
||||
# fulldomain: ""
|
||||
# subdomain: ""
|
||||
# allowFrom: []
|
||||
|
||||
clusterCertificates:
|
||||
# Namespaces in which the certificates must be available
|
||||
# Accepts comma-separated regex expressions
|
||||
# replicationNamespaces: 'ix-.*'
|
||||
certificates: []
|
||||
# - name: mycert
|
||||
# enabled: true
|
||||
# certificateIssuer: selfsigned
|
||||
# hosts:
|
||||
# - my.domain.com
|
||||
# - '*.my.domain.com'
|
|
@ -0,0 +1,445 @@
|
|||
groups:
|
||||
- name: Container Image
|
||||
description: Image to be used for container
|
||||
- name: General Settings
|
||||
description: General Deployment Settings
|
||||
- name: Workload Settings
|
||||
description: Workload Settings
|
||||
- name: App Configuration
|
||||
description: App Specific Config Options
|
||||
- name: Networking and Services
|
||||
description: Configure Network and Services for Container
|
||||
- name: Storage and Persistence
|
||||
description: Persist and Share Data that is Separate from the Container
|
||||
- name: Ingress
|
||||
description: Ingress Configuration
|
||||
- name: Security and Permissions
|
||||
description: Configure Security Context and Permissions
|
||||
- name: Resources and Devices
|
||||
description: "Specify Resources/Devices to be Allocated to Workload"
|
||||
- name: Middlewares
|
||||
description: Traefik Middlewares
|
||||
- name: Metrics
|
||||
description: Metrics
|
||||
- name: Addons
|
||||
description: Addon Configuration
|
||||
- name: Advanced
|
||||
description: Advanced Configuration
|
||||
- name: Postgresql
|
||||
description: Postgresql
|
||||
- name: Documentation
|
||||
description: Documentation
|
||||
questions:
|
||||
- variable: global
|
||||
group: General Settings
|
||||
label: "Global Settings"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: stopAll
|
||||
label: Stop All
|
||||
description: "Stops All Running pods and hibernates cnpg"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: clusterIssuer
|
||||
group: App Configuration
|
||||
label: Cluster Certificate Issuer
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: ACME
|
||||
label: 'ACME Issuer'
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: ACMEEntry
|
||||
label: 'ACME Issuer Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: ""
|
||||
- variable: type
|
||||
label: Type or DNS-Provider
|
||||
description: DNS Provider
|
||||
schema:
|
||||
type: string
|
||||
default: cloudflare
|
||||
enum:
|
||||
- value: cloudflare
|
||||
description: Cloudflare
|
||||
- value: route53
|
||||
description: Route53
|
||||
- value: akamai
|
||||
description: Akamai
|
||||
- value: digitalocean
|
||||
description: Digitalocean
|
||||
- value: rfc2136
|
||||
description: rfc2136 (Advanced)
|
||||
- value: HTTP01
|
||||
description: HTTP01 (Experimental)
|
||||
- value: acmedns
|
||||
description: ACME DNS (Advanced)
|
||||
- variable: server
|
||||
label: Server
|
||||
description: "Server for ACME, for example: letsencrypt"
|
||||
schema:
|
||||
type: string
|
||||
default: 'Letsencrypt-Production'
|
||||
enum:
|
||||
- value: 'https://acme-v02.api.letsencrypt.org/directory'
|
||||
description: Letsencrypt-Production
|
||||
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
description: Letsencrypt-Staging
|
||||
- value: 'https://api.buypass.no/acme-v02/directory'
|
||||
description: BuyPass-Production
|
||||
- value: 'https://api.test4.buypass.no/acme-v02/directory'
|
||||
description: BuyPass-Staging
|
||||
- value: custom
|
||||
description: Custom
|
||||
- variable: customServer
|
||||
label: Custom ACME Server (Advanced)
|
||||
description: "This can be used to enter your own custom ACME server"
|
||||
schema:
|
||||
type: string
|
||||
show_if: [["server", "=", "custom"]]
|
||||
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
- variable: caBundle
|
||||
label: Trusted CABundle for private ACME server
|
||||
description: "Trusted CABundle for private ACME server, encoded in base64"
|
||||
schema:
|
||||
type: string
|
||||
show_if: [["server", "=", "custom"]]
|
||||
- variable: email
|
||||
label: Email
|
||||
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "something@example.com"
|
||||
- variable: cfapikey
|
||||
label: CloudFlare API key
|
||||
description: "CloudFlare API Key"
|
||||
schema:
|
||||
show_if: [["type", "=", "cloudflare"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: cfapitoken
|
||||
label: CloudFlare API Token
|
||||
description: "CloudFlare API Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "cloudflare"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: region
|
||||
label: Route53 Region
|
||||
description: "Route 53 Region"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: "us-west-1"
|
||||
- variable: accessKeyID
|
||||
label: Route53 accessKeyID
|
||||
description: "Route53 accessKeyID"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: route53SecretAccessKey
|
||||
label: Route53 Secret Access Key
|
||||
description: "Route53 Secret Access Key"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: role
|
||||
label: Route53 Role (optional)
|
||||
description: "Route53 Role"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: serviceConsumerDomain
|
||||
label: Akamai Service Consumer Domain
|
||||
description: "Akamai Service Consumer Domain"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akclientToken
|
||||
label: Akamai Client Token
|
||||
description: "Client Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akclientSecret
|
||||
label: Akamai Client Secret
|
||||
description: "Akamai Client Secret"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akaccessToken
|
||||
label: Akamai Access Token
|
||||
description: "Akamai Access Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: doaccessToken
|
||||
label: Digitalocean Access Token
|
||||
description: "Digitalocean Access Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "digitalocean"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: nameserver
|
||||
label: rfc2136 Namesever
|
||||
description: "rfc2136 Namesever"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: tsigKeyName
|
||||
label: rfc2136 tsig Key Name
|
||||
description: "rfc2136 tsig Key Name"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: tsigAlgorithm
|
||||
label: rfc2136 tsig Algorithm
|
||||
description: "rfc2136 tsig Algorithm"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: rfctsigSecret
|
||||
label: rfc2136 sig Secret
|
||||
description: "rfc2136 sig Secret"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: acmednsHost
|
||||
label: ACME DNS host
|
||||
description: "ACME DNS API server address"
|
||||
schema:
|
||||
show_if: [["type", "=", "acmedns"]]
|
||||
type: string
|
||||
required: true
|
||||
default: "https://auth.acme-dns.io"
|
||||
- variable: acmednsConfig
|
||||
label: ACME DNS config
|
||||
description: "ACME DNS per-domain auth configuration"
|
||||
schema:
|
||||
show_if: [["type", "=", "acmedns"]]
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: acmednsEntry
|
||||
label: 'ACME DNS entry'
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: domain
|
||||
label: Domain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: username
|
||||
label: Username
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: password
|
||||
label: Password
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: fulldomain
|
||||
label: Full domain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: subdomain
|
||||
label: Subdomain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: allowFrom
|
||||
label: Allow from
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: cidr
|
||||
label: CIDR
|
||||
schema:
|
||||
type: ipaddr
|
||||
cidr: true
|
||||
required: true
|
||||
- variable: CA
|
||||
label: Certificate Authority Issuer
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: CAEntry
|
||||
label: 'CA Issuer Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: ""
|
||||
- variable: selfSigned
|
||||
label: selfSigned
|
||||
description: "Create Self Signed CA cert"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: selfSignedCommonName
|
||||
label: selfSigned CommonName
|
||||
description: "Common name for selfSigned Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
show_if: [["selfSigned", "=", true]]
|
||||
default: "my-selfsigned-ca"
|
||||
- variable: crt
|
||||
label: "Custom CA cert (experimental)"
|
||||
description: "certificate for Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
max_length: 10240
|
||||
show_if: [["selfSigned", "=", false]]
|
||||
default: ""
|
||||
- variable: key
|
||||
label: "Custom CA key (experimental)"
|
||||
description: "key Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
max_length: 10240
|
||||
show_if: [["selfSigned", "=", false]]
|
||||
default: ""
|
||||
|
||||
- variable: selfSigned
|
||||
label: 'SelfSigned Issuer'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: enabled
|
||||
description: "Enable self-signed issuer"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: "selfsigned"
|
||||
|
||||
- variable: clusterCertificates
|
||||
group: App Configuration
|
||||
label: Cluster Wide Certificates (Advanced)
|
||||
description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: certificates
|
||||
label: Cluster Certificates
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: CertEntry
|
||||
label: 'Certificate Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enabled
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: name
|
||||
label: Certificate Name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: certificateIssuer
|
||||
label: Cert-Manager clusterIssuer
|
||||
description: "One of the Cert-Manager clusterIssuers defined above"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: "selfsigned"
|
||||
- variable: hosts
|
||||
label: Certificate Hosts
|
||||
description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up."
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: host
|
||||
label: Host
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
|
||||
- variable: customMetrics
|
||||
group: Metrics
|
||||
label: Prometheus Metrics
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enabled
|
||||
description: Enable Prometheus Metrics
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
|
@ -0,0 +1 @@
|
|||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
|
@ -0,0 +1,128 @@
|
|||
{{- define "certmanager.clusterissuer.acme" -}}
|
||||
{{- $operator := index $.Values.operator "cert-manager" -}}
|
||||
{{- $namespace := $operator.namespace | default "cert-manager" -}}
|
||||
|
||||
{{- $rfctsigSecret := .rfctsigSecret | default "" -}}
|
||||
{{/* https://cert-manager.io/docs/configuration/acme/dns01/rfc2136/#troubleshooting */}}
|
||||
{{- if $rfctsigSecret -}} {{/* If we try to decode and fail, go on and encode it. */}}
|
||||
{{- if (contains "illegal base64" (b64dec $rfctsigSecret)) -}}
|
||||
{{- $rfctsigSecret = b64enc $rfctsigSecret -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range .Values.clusterIssuer.ACME }}
|
||||
{{- if or (not .name) (not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name)) -}}
|
||||
{{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||
{{- end -}}
|
||||
{{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" "acmedns" -}}
|
||||
{{- if not (mustHas .type $validTypes) -}}
|
||||
{{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
|
||||
{{- end -}}
|
||||
{{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
|
||||
{{- $acmednsDict := dict -}}
|
||||
{{- if and (eq .type "acmedns") (not .acmednsConfigJson) }}
|
||||
{{- range .acmednsConfig }}
|
||||
{{/* Transform to a dict with domain as a key, also remove domain from the dict */}}
|
||||
{{- $_ := set $acmednsDict .domain (omit . "domain") -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
acme:
|
||||
email: {{ .email }}
|
||||
server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
|
||||
{{- if .caBundle }}
|
||||
caBundle: {{ .caBundle }}
|
||||
{{- end }}
|
||||
privateKeySecretRef:
|
||||
name: {{ .name }}-acme-clusterissuer-account-key
|
||||
solvers:
|
||||
{{- if eq .type "HTTP01" }}
|
||||
- http01:
|
||||
ingress: {}
|
||||
{{- else }}
|
||||
- dns01:
|
||||
{{- if eq .type "cloudflare" }}
|
||||
cloudflare:
|
||||
email: {{ .email }}
|
||||
{{- if .cfapitoken }}
|
||||
apiTokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: cf-api-token
|
||||
{{- else if .cfapikey }}
|
||||
apiKeySecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: cf-api-key
|
||||
{{- else -}}
|
||||
{{- fail "A cloudflare API key or token is required" -}}
|
||||
{{- end -}}
|
||||
{{- else if eq .type "route53" }}
|
||||
route53:
|
||||
region: {{ .region }}
|
||||
accessKeyID: {{ .accessKeyID }}
|
||||
{{- if .role }}
|
||||
role: {{ .role }}
|
||||
{{- end }}
|
||||
secretAccessKeySecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: route53-secret-access-key
|
||||
{{- else if eq .type "akamai" }}
|
||||
akamai:
|
||||
serviceConsumerDomain: {{ .serviceConsumerDomain }}
|
||||
clientTokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: akclientToken
|
||||
clientSecretSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: akclientSecret
|
||||
accessTokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: akaccessToken
|
||||
{{- else if eq .type "digitalocean" }}
|
||||
digitalocean:
|
||||
tokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: doaccessToken
|
||||
{{- else if eq .type "rfc2136" }}
|
||||
rfc2136:
|
||||
nameserver: {{ .nameserver }}
|
||||
tsigKeyName: {{ .tsigKeyName }}
|
||||
tsigAlgorithm: {{ .tsigAlgorithm }}
|
||||
tsigSecretSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: rfctsigSecret
|
||||
{{- else if eq .type "acmedns" }}
|
||||
acmeDNS:
|
||||
host: {{ .acmednsHost }}
|
||||
accountSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: acmednsJson
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
namespace: {{ $namespace }}
|
||||
name: {{ $issuerSecretName }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
cf-api-token: {{ .cfapitoken | default "" }}
|
||||
cf-api-key: {{ .cfapikey | default "" }}
|
||||
route53-secret-access-key: {{ .route53SecretAccessKey | default "" }}
|
||||
akclientToken: {{ .akclientToken | default "" }}
|
||||
akclientSecret: {{ .akclientSecret | default "" }}
|
||||
akaccessToken: {{ .akaccessToken | default "" }}
|
||||
doaccessToken: {{ .doaccessToken | default "" }}
|
||||
rfctsigSecret: {{ $rfctsigSecret }}
|
||||
{{- if .acmednsConfigJson }}
|
||||
acmednsJson: {{ .acmednsConfigJson }}
|
||||
{{- else if $acmednsDict }}
|
||||
acmednsJson: {{ toJson $acmednsDict }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,54 @@
|
|||
{{- define "certmanager.clusterissuer.ca" -}}
|
||||
{{- $operator := index $.Values.operator "cert-manager" -}}
|
||||
{{- $namespace := $operator.namespace | default "cert-manager" -}}
|
||||
|
||||
{{- range .Values.clusterIssuer.CA }}
|
||||
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}}
|
||||
{{- fail "CA - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||
{{- end -}}
|
||||
{{- if .selfSigned }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}-selfsigned-ca-issuer
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ .name }}-selfsigned-ca
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
isCA: true
|
||||
commonName: {{ .selfSignedCommonName }}
|
||||
secretName: {{ .name }}-ca
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
size: 256
|
||||
issuerRef:
|
||||
name: {{ .name }}-selfsigned-ca-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
{{- else }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .name }}-ca
|
||||
namespace: {{ $namespace }}
|
||||
data:
|
||||
tls.crt: {{ .crt | b64enc }}
|
||||
tls.key: {{ .key | b64enc }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: {{ .name }}-ca
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,34 @@
|
|||
{{- define "certmanager.clusterissuer.clusterCertificates" -}}
|
||||
{{- if .Values.clusterCertificates -}}
|
||||
{{- $secretTemplates := dict -}}
|
||||
{{- $certNamespace := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" dict "caller" "ClusterCertificates")) -}}
|
||||
{{- $replicationNamespaces := ".*" -}}
|
||||
{{- if .Values.clusterCertificates.replicationNamespaces -}}
|
||||
{{- $replicationNamespaces = .Values.clusterCertificates.replicationNamespaces -}}
|
||||
{{- else if .Values.ixChartContext -}}
|
||||
{{- $replicationNamespaces = "ix-.*" -}}
|
||||
{{- end -}}
|
||||
{{- $reflectorAnnotations := (dict
|
||||
"reflector.v1.k8s.emberstack.com/reflection-allowed" "true"
|
||||
"reflector.v1.k8s.emberstack.com/reflection-auto-enabled" "true"
|
||||
"reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" (printf "%v,%v" $certNamespace $replicationNamespaces)
|
||||
"reflector.v1.k8s.emberstack.com/reflection-auto-namespaces" $replicationNamespaces ) -}}
|
||||
{{- $certAnnotations := (mustMerge ($reflectorAnnotations) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
|
||||
{{- $_ := set $secretTemplates "annotations" $certAnnotations -}}
|
||||
|
||||
{{- if not $.Values.certificate -}}
|
||||
{{- $_ := set $.Values "certificate" dict -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range .Values.clusterCertificates.certificates -}}
|
||||
{{- $_ := set $.Values.certificate .name (dict
|
||||
"enabled" .enabled
|
||||
"hosts" .hosts
|
||||
"certificateIssuer" .certificateIssuer
|
||||
"certificateSecretTemplate" $secretTemplates
|
||||
) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
|||
{{- define "certmanager.clusterissuer.selfsigned" -}}
|
||||
{{- if .Values.clusterIssuer.selfSigned.enabled -}}
|
||||
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .Values.clusterIssuer.selfSigned.name) -}}
|
||||
{{- fail "Self Singed Issuer - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .Values.clusterIssuer.selfSigned.name }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,16 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{/*
|
||||
Generate certificate data and set them to $.Values.ceritificate
|
||||
Let common handle the creation of the objects
|
||||
*/}}
|
||||
{{- include "certmanager.clusterissuer.clusterCertificates" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
||||
|
||||
{{/* Generate the cluster issuers */}}
|
||||
{{- include "certmanager.clusterissuer.acme" . }}
|
||||
{{- include "certmanager.clusterissuer.selfsigned" . }}
|
||||
{{- include "certmanager.clusterissuer.ca" . }}
|
Loading…
Reference in New Issue