Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
13
enterprise/cert-manager/0.0.1/CHANGELOG.md
Normal file
13
enterprise/cert-manager/0.0.1/CHANGELOG.md
Normal file
@@ -0,0 +1,13 @@
|
||||
**Important:**
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
|
||||
|
||||
|
||||
## [cert-manager-0.0.1]cert-manager-0.0.1 (2023-01-17)
|
||||
|
||||
### Feat
|
||||
|
||||
- add Cert-Manager configuration App ([#6378](https://github.com/truecharts/charts/issues/6378))
|
||||
|
||||
|
||||
28
enterprise/cert-manager/0.0.1/Chart.yaml
Normal file
28
enterprise/cert-manager/0.0.1/Chart.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: v2
|
||||
appVersion: "upstream"
|
||||
deprecated: false
|
||||
description: Certificate management for Kubernetes
|
||||
home: https://truecharts.org/charts/enterprise/cert-manager
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/cert-manager.png
|
||||
keywords:
|
||||
- metallb
|
||||
- loadbalancer
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: cert-manager
|
||||
sources:
|
||||
- https://cert-manager.io/
|
||||
type: application
|
||||
version: 0.0.1
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- core
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
27
enterprise/cert-manager/0.0.1/README.md
Normal file
27
enterprise/cert-manager/0.0.1/README.md
Normal file
@@ -0,0 +1,27 @@
|
||||
# README
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
*All Rights Reserved - The TrueCharts Project*
|
||||
9
enterprise/cert-manager/0.0.1/app-changelog.md
Normal file
9
enterprise/cert-manager/0.0.1/app-changelog.md
Normal file
@@ -0,0 +1,9 @@
|
||||
|
||||
|
||||
## [cert-manager-0.0.1]cert-manager-0.0.1 (2023-01-17)
|
||||
|
||||
### Feat
|
||||
|
||||
- add Cert-Manager configuration App ([#6378](https://github.com/truecharts/charts/issues/6378))
|
||||
|
||||
|
||||
8
enterprise/cert-manager/0.0.1/app-readme.md
Normal file
8
enterprise/cert-manager/0.0.1/app-readme.md
Normal file
@@ -0,0 +1,8 @@
|
||||
Certificate management for Kubernetes
|
||||
|
||||
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/cert-manager](https://truecharts.org/charts/enterprise/cert-manager)
|
||||
|
||||
---
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
BIN
enterprise/cert-manager/0.0.1/charts/common-11.1.2.tgz
Normal file
BIN
enterprise/cert-manager/0.0.1/charts/common-11.1.2.tgz
Normal file
Binary file not shown.
4422
enterprise/cert-manager/0.0.1/crds/cert-manager.yaml
Normal file
4422
enterprise/cert-manager/0.0.1/crds/cert-manager.yaml
Normal file
File diff suppressed because it is too large
Load Diff
74
enterprise/cert-manager/0.0.1/ix_values.yaml
Normal file
74
enterprise/cert-manager/0.0.1/ix_values.yaml
Normal file
@@ -0,0 +1,74 @@
|
||||
image:
|
||||
repository: placeholder
|
||||
tag: upstream
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
controller:
|
||||
enabled: false
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
ports:
|
||||
main:
|
||||
enabled: false
|
||||
port: 9999
|
||||
|
||||
portal:
|
||||
enabled: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
clusterIssuer:
|
||||
selfSigned:
|
||||
enabled: true
|
||||
name: "selfsigned"
|
||||
CA: []
|
||||
# - name: myca
|
||||
# selfSigned: true
|
||||
# selfSignedCommonName: "my-selfsigned-ca"
|
||||
# # Used to manually define a CA-crt not used when selfSigned is enabled
|
||||
# crt: ""
|
||||
# key: ""
|
||||
# # TODO: Add option to use SCALE CA certs
|
||||
|
||||
ACME: []
|
||||
# - name: letsencrypt
|
||||
# # Used for both logging in to the DNS provider AND ACME registration
|
||||
# email: ""
|
||||
# server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
# # Used primarily for the SCALE GUI
|
||||
# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
# email: ""
|
||||
# # Options: HTTP01, cloudflare, route53
|
||||
# type: ""
|
||||
# # for cloudflare
|
||||
# cfapikey: ""
|
||||
# cfapitoken: ""
|
||||
# # for route53
|
||||
# region: ""
|
||||
# accessKeyID: ""
|
||||
# route53SecretAccessKey: ""
|
||||
# # optional for route53
|
||||
# role: ""
|
||||
# # for akamai
|
||||
# serviceConsumerDomain: ""
|
||||
# akclientToken: ""
|
||||
# akclientSecret: ""
|
||||
# akaccessToken: ""
|
||||
# # for digitalocean
|
||||
# doaccessToken: ""
|
||||
# # for rfc2136
|
||||
# nameserver: ""
|
||||
# tsigKeyName: ""
|
||||
# tsigAlgorithm: ""
|
||||
# rfctsigSecret: ""
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
375
enterprise/cert-manager/0.0.1/questions.yaml
Normal file
375
enterprise/cert-manager/0.0.1/questions.yaml
Normal file
@@ -0,0 +1,375 @@
|
||||
groups:
|
||||
- name: Container Image
|
||||
description: Image to be used for container
|
||||
- name: General Settings
|
||||
description: General Deployment Settings
|
||||
- name: App Configuration
|
||||
description: App Specific Config Options
|
||||
- name: Networking and Services
|
||||
description: Configure Network and Services for Container
|
||||
- name: Storage and Persistence
|
||||
description: Persist and Share Data that is Separate from the Container
|
||||
- name: Ingress
|
||||
description: Ingress Configuration
|
||||
- name: Security and Permissions
|
||||
description: Configure Security Context and Permissions
|
||||
- name: Resources and Devices
|
||||
description: "Specify Resources/Devices to be Allocated to Workload"
|
||||
- name: Middlewares
|
||||
description: Traefik Middlewares
|
||||
- name: Metrics
|
||||
description: Metrics
|
||||
- name: VPN
|
||||
description: VPN
|
||||
- name: Addons
|
||||
description: Addon Configuration
|
||||
- name: Advanced
|
||||
description: Advanced Configuration
|
||||
- name: Documentation
|
||||
description: Documentation
|
||||
questions:
|
||||
- variable: global
|
||||
label: Global Settings
|
||||
group: "General Settings"
|
||||
schema:
|
||||
type: dict
|
||||
hidden: true
|
||||
attrs:
|
||||
- variable: isSCALE
|
||||
label: Flag this is SCALE
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
hidden: true
|
||||
- variable: clusterIssuer
|
||||
group: App Configuration
|
||||
label: Cluster Certificate Issuer
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: selfSigned
|
||||
label: 'SelfSigned Issuer'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: enabled
|
||||
description: "Enable self-signed issuer"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "selfSigned"
|
||||
- variable: ACME
|
||||
label: ACME Issuer
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: ACMEEntry
|
||||
label: 'ACME Issuer Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: server
|
||||
label: Server
|
||||
description: "Server for ACME, for example: letsencrypt"
|
||||
schema:
|
||||
type: string
|
||||
show_if: [["type", "!=", "HTTP01"]]
|
||||
default: 'Letsencrypt-Production'
|
||||
enum:
|
||||
- value: 'https://acme-v02.api.letsencrypt.org/directory'
|
||||
description: Letsencrypt-Production
|
||||
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
description: Letsencrypt-Staging
|
||||
- value: 'https://api.buypass.no/acme-v02/directory'
|
||||
description: BuyPass-Production
|
||||
- value: 'https://api.test4.buypass.no/acme-v02/directory'
|
||||
description: BuyPass-Staging
|
||||
- value: custom
|
||||
description: Custom
|
||||
- variable: customServer
|
||||
label: Custom ACME Server (Advanced)
|
||||
description: "This can be used to enter your own custom ACME server"
|
||||
schema:
|
||||
type: string
|
||||
show_if: [["server", "=", "custom"]]
|
||||
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
- variable: email
|
||||
label: Email
|
||||
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
show_if: [["type", "!=", "HTTP01"]]
|
||||
default: "something@example.com"
|
||||
- variable: type
|
||||
label: Type or DNS-Provider
|
||||
description: DNS Provider
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: cloudflare
|
||||
enum:
|
||||
- value: cloudflare
|
||||
description: Cloudflare
|
||||
- value: route53
|
||||
description: Route53
|
||||
- value: akamai
|
||||
description: Akamai
|
||||
- value: digitalocean
|
||||
description: Digitalocean
|
||||
- value: rfc2136
|
||||
description: rfc2136 (Advanced)
|
||||
- value: HTTP01
|
||||
description: HTTP01 (Experimental)
|
||||
- variable: cfapikey
|
||||
label: CloudFlare API key
|
||||
description: "CloudFlare API Key"
|
||||
schema:
|
||||
show_if: [["type", "=", "cloudflare"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: cfapitoken
|
||||
label: CloudFlare API Token
|
||||
description: "CloudFlare API Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "cloudflare"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: region
|
||||
label: Route53 Region
|
||||
description: "Route 53 Region"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: "us-west-1"
|
||||
- variable: accessKeyID
|
||||
label: Route53 accessKeyID
|
||||
description: "Route53 accessKeyID"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: route53SecretAccessKey
|
||||
label: Route53 Secret Access Key
|
||||
description: "Route53 Secret Access Key"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: role
|
||||
label: Route53 Role (optional)
|
||||
description: "Route53 Role"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: serviceConsumerDomain
|
||||
label: Akamai Service Consumer Domain
|
||||
description: "Akamai Service Consumer Domain"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akclientToken
|
||||
label: Akamai Client Token
|
||||
description: "Client Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akclientSecret
|
||||
label: Akamai Client Secret
|
||||
description: "Akamai Client Secret"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akaccessToken
|
||||
label: Akamai Access Token
|
||||
description: "Akamai Access Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: doaccessToken
|
||||
label: Digitalocean Access Token
|
||||
description: "Digitalocean Access Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "digitalocean"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: nameserver
|
||||
label: rfc2136 Namesever
|
||||
description: "rfc2136 Namesever"
|
||||
schema:
|
||||
show_if: [["type", "=", "digitalocean"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: tsigKeyName
|
||||
label: rfc2136 tsig Key Name
|
||||
description: "rfc2136 tsig Key Name"
|
||||
schema:
|
||||
show_if: [["type", "=", "digitalocean"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: tsigAlgorithm
|
||||
label: rfc2136 tsig Algorithm
|
||||
description: "rfc2136 tsig Algorithm"
|
||||
schema:
|
||||
show_if: [["type", "=", "digitalocean"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: rfctsigSecret
|
||||
label: rfc2136 sig Secret
|
||||
description: "rfc2136 sig Secret"
|
||||
schema:
|
||||
show_if: [["type", "=", "digitalocean"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
|
||||
- variable: CA
|
||||
label: Certiticate Authority Issuer
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: CAEntry
|
||||
label: 'CA Issuer Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: selfSigned
|
||||
label: selfSigned
|
||||
description: "Create Self Signed CA cert"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: selfSignedCommonName
|
||||
label: selfSigned CommonName
|
||||
description: "Common name for selfSigned Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
show_if: [["selfSigned", "=", "true"]]
|
||||
default: "my-selfsigned-ca"
|
||||
- variable: crt
|
||||
label: "Custom CA cert (experimental)"
|
||||
description: "certificate for Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
show_if: [["selfSigned", "=", "false"]]
|
||||
default: ""
|
||||
- variable: key
|
||||
label: "Custom CA key (experimental)"
|
||||
description: "key Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
show_if: [["selfSigned", "=", "false"]]
|
||||
default: ""
|
||||
|
||||
|
||||
|
||||
- variable: metrics
|
||||
group: Metrics
|
||||
label: Prometheus Metrics
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enabled
|
||||
description: Enable Prometheus Metrics
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: serviceMonitor
|
||||
label: Service Monitor Settings
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: interval
|
||||
label: Scrape Interval
|
||||
description: Scrape interval time
|
||||
schema:
|
||||
type: string
|
||||
default: 1m
|
||||
required: true
|
||||
- variable: scrapeTimeout
|
||||
label: Scrape Timeout
|
||||
description: Scrape timeout Time
|
||||
schema:
|
||||
type: string
|
||||
default: 30s
|
||||
required: true
|
||||
- variable: docs
|
||||
group: Documentation
|
||||
label: Please read the documentation at https://truecharts.org
|
||||
description: Please read the documentation at
|
||||
<br /><a href="https://truecharts.org">https://truecharts.org</a>
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: confirmDocs
|
||||
label: I have checked the documentation
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: donateNag
|
||||
group: Documentation
|
||||
label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
|
||||
description: Please consider supporting TrueCharts, see
|
||||
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: confirmDonate
|
||||
label: I have considered donating
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
hidden: true
|
||||
25
enterprise/cert-manager/0.0.1/templates/_metrics.tpl
Normal file
25
enterprise/cert-manager/0.0.1/templates/_metrics.tpl
Normal file
@@ -0,0 +1,25 @@
|
||||
{{- define "certmanager.metrics" -}}
|
||||
{{- if .Values.metrics.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
metadata:
|
||||
name: cert-manager
|
||||
namespace: cert-manager
|
||||
labels:
|
||||
app: cert-manager
|
||||
app.kubernetes.io/name: cert-manager
|
||||
app.kubernetes.io/instance: cert-manager
|
||||
app.kubernetes.io/component: "controller"
|
||||
spec:
|
||||
jobLabel: app.kubernetes.io/name
|
||||
selector:
|
||||
matchLabels:
|
||||
app: cert-manager
|
||||
app.kubernetes.io/name: cert-manager
|
||||
app.kubernetes.io/instance: cert-manager
|
||||
app.kubernetes.io/component: "controller"
|
||||
podMetricsEndpoints:
|
||||
- port: http
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
85
enterprise/cert-manager/0.0.1/templates/_wait.tpl
Normal file
85
enterprise/cert-manager/0.0.1/templates/_wait.tpl
Normal file
@@ -0,0 +1,85 @@
|
||||
{{- define "certmanager.wait" }}
|
||||
{{- $fullName := include "tc.common.names.fullname" . }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: {{ $fullName }}-wait
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install, pre-upgrade
|
||||
"helm.sh/hook-weight": "-1"
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ $fullName }}-wait
|
||||
containers:
|
||||
- name: {{ $fullName }}-wait
|
||||
image: {{ .Values.kubectlImage.repository }}:v1.26.0
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
/bin/sh <<'EOF'
|
||||
kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s || echo "metallb-system wait failed..."
|
||||
kubectl wait --namespace cert-manager --for=condition=ready pod --selector=app=cert-manager --timeout=90s || echo "cert-manager wait failed..."
|
||||
cmctl check api --wait=2m || echo "cmctl wait failed..."
|
||||
EOF
|
||||
volumeMounts:
|
||||
- name: {{ $fullName }}-manifests-temp
|
||||
mountPath: /tmp
|
||||
- name: {{ $fullName }}-manifests-home
|
||||
mountPath: /home/apps/
|
||||
restartPolicy: Never
|
||||
volumes:
|
||||
- name: {{ $fullName }}-manifests-temp
|
||||
emptyDir: {}
|
||||
- name: {{ $fullName }}-manifests-home
|
||||
emptyDir: {}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ $fullName }}-wait
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install, pre-upgrade
|
||||
"helm.sh/hook-weight": "-2"
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
||||
rules:
|
||||
- apiGroups: ["*"]
|
||||
resources: ["*"]
|
||||
verbs: ["*"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ $fullName }}-wait
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install, pre-upgrade
|
||||
"helm.sh/hook-weight": "-2"
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ $fullName }}-wait
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $fullName }}-wait
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ $fullName }}-wait
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install, pre-upgrade
|
||||
"helm.sh/hook-weight": "-2"
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
|
||||
{{- end }}
|
||||
@@ -0,0 +1,88 @@
|
||||
{{- define "certmanager.clusterissuer.acme" -}}
|
||||
{{- range .Values.clusterIssuer.acme }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
acme:
|
||||
email: {{ .email }}
|
||||
server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
|
||||
privateKeySecretRef:
|
||||
name: {{ .name }}-acme-clusterissuer-account-key
|
||||
solvers:
|
||||
{{- if eq .type "HTTP01" }}
|
||||
- http01:
|
||||
ingress:
|
||||
{{- else }}
|
||||
- dns01:
|
||||
{{- if eq .type "cloudflare" }}
|
||||
cloudflare:
|
||||
email: {{ .email }}
|
||||
{{- if .cfapitoken }}
|
||||
apiTokenSecretRef:
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
key: cf-api-token
|
||||
{{- else if .cfapikey }}
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
key: cf-api-key
|
||||
{{ else }}
|
||||
{{- fail "A cloudflare API key or token is required" }}
|
||||
{{- end }}
|
||||
{{- else if eq .type "route53" }}
|
||||
route53:
|
||||
region: {{ .region }}
|
||||
accessKeyID: {{ .accessKeyID }}
|
||||
{{- if .role }}
|
||||
role: {{ .role }}
|
||||
{{- end }}
|
||||
secretAccessKeySecretRef:
|
||||
name: prod-route53-credentials-secret
|
||||
key: route53-secret-access-key
|
||||
{{- else if eq .type "akamai" }}
|
||||
akamai:
|
||||
serviceConsumerDomain: {{ .serviceConsumerDomain }}
|
||||
clientTokenSecretRef:
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
key: akclientToken
|
||||
clientSecretSecretRef:
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
key: akclientSecret
|
||||
accessTokenSecretRef:
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
key: akaccessToken
|
||||
{{- else if eq .type "digitalocean" }}
|
||||
digitalocean:
|
||||
tokenSecretRef:
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
key: doaccessToken
|
||||
{{- else if eq .type "rfc2136" }}
|
||||
rfc2136:
|
||||
nameserver: {{ .nameserver }}
|
||||
tsigKeyName: {{ .tsigKeyName }}
|
||||
tsigAlgorithm: {{ .tsigAlgorithm }}
|
||||
tsigSecretSecretRef:
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
key: rfctsigSecret
|
||||
{{- else }}
|
||||
{{- fail "No correct ACME type entered..." }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .name }}-clusterissuer-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
cf-api-token: {{ .cfapitoken | default "" }}
|
||||
cf-api-key: {{ .cfapikey | default "" }}
|
||||
route53-secret-access-key: {{ .route53SecretAccessKey | default "" }}
|
||||
akclientToken: {{ .akclientToken | default "" }}
|
||||
akclientSecret: {{ .akclientSecret | default "" }}
|
||||
akaccessToken: {{ .akaccessToken | default "" }}
|
||||
doaccessToken: {{ .doaccessToken | default "" }}
|
||||
rfctsigSecret: {{ .rfctsigSecret | default "" }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,48 @@
|
||||
{{- define "certmanager.clusterissuer.ca" -}}
|
||||
{{- range .Values.clusterIssuer.CA }}
|
||||
{{- if .selfSigned }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}-selfsigned-ca-issuer
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ .name }}-selfsigned-ca
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
isCA: true
|
||||
commonName: {{ .selfSignedCommonName }}
|
||||
secretName: {{ .name }}-ca
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
size: 256
|
||||
issuerRef:
|
||||
name: selfsigned-ca-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
{{- else }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .name }}-ca
|
||||
namespace: cert-manager
|
||||
data:
|
||||
tls.crt: {{ .crt | b64enc }}
|
||||
tls.key: {{ .key | b64enc }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: {{ .name }}-ca
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,11 @@
|
||||
{{- define "certmanager.clusterissuer.selfsigned" -}}
|
||||
{{- if .Values.clusterIssuer.selfSigned.enabled }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .Values.clusterIssuer.selfSigned.name }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
11
enterprise/cert-manager/0.0.1/templates/common.yaml
Normal file
11
enterprise/cert-manager/0.0.1/templates/common.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
|
||||
{{- include "certmanager.clusterissuer.acme" . }}
|
||||
{{- include "certmanager.clusterissuer.selfsigned" . }}
|
||||
{{- include "certmanager.clusterissuer.ca" . }}
|
||||
{{- include "certmanager.metrics" . }}
|
||||
{{- include "certmanager.wait" . }}
|
||||
0
enterprise/cert-manager/0.0.1/values.yaml
Normal file
0
enterprise/cert-manager/0.0.1/values.yaml
Normal file
4
enterprise/cert-manager/item.yaml
Normal file
4
enterprise/cert-manager/item.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/cert-manager.png
|
||||
categories:
|
||||
- core
|
||||
|
||||
Reference in New Issue
Block a user