Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot
2023-01-17 23:09:24 +00:00
parent 7427154efb
commit 8c686a6717
17 changed files with 5228 additions and 0 deletions

View File

@@ -0,0 +1,13 @@
**Important:**
*for the complete changelog, please refer to the website*
## [cert-manager-0.0.1]cert-manager-0.0.1 (2023-01-17)
### Feat
- add Cert-Manager configuration App ([#6378](https://github.com/truecharts/charts/issues/6378))

View File

@@ -0,0 +1,28 @@
apiVersion: v2
appVersion: "upstream"
deprecated: false
description: Certificate management for Kubernetes
home: https://truecharts.org/charts/enterprise/cert-manager
icon: https://truecharts.org/img/hotlink-ok/chart-icons/cert-manager.png
keywords:
- metallb
- loadbalancer
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: cert-manager
sources:
- https://cert-manager.io/
type: application
version: 0.0.1
annotations:
truecharts.org/catagories: |
- core
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

View File

@@ -0,0 +1,9 @@
## [cert-manager-0.0.1]cert-manager-0.0.1 (2023-01-17)
### Feat
- add Cert-Manager configuration App ([#6378](https://github.com/truecharts/charts/issues/6378))

View File

@@ -0,0 +1,8 @@
Certificate management for Kubernetes
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/cert-manager](https://truecharts.org/charts/enterprise/cert-manager)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

Binary file not shown.

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,74 @@
image:
repository: placeholder
tag: upstream
pullPolicy: IfNotPresent
controller:
enabled: false
service:
main:
enabled: false
ports:
main:
enabled: false
port: 9999
portal:
enabled: false
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
clusterIssuer:
selfSigned:
enabled: true
name: "selfsigned"
CA: []
# - name: myca
# selfSigned: true
# selfSignedCommonName: "my-selfsigned-ca"
# # Used to manually define a CA-crt not used when selfSigned is enabled
# crt: ""
# key: ""
# # TODO: Add option to use SCALE CA certs
ACME: []
# - name: letsencrypt
# # Used for both logging in to the DNS provider AND ACME registration
# email: ""
# server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
# # Used primarily for the SCALE GUI
# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
# email: ""
# # Options: HTTP01, cloudflare, route53
# type: ""
# # for cloudflare
# cfapikey: ""
# cfapitoken: ""
# # for route53
# region: ""
# accessKeyID: ""
# route53SecretAccessKey: ""
# # optional for route53
# role: ""
# # for akamai
# serviceConsumerDomain: ""
# akclientToken: ""
# akclientSecret: ""
# akaccessToken: ""
# # for digitalocean
# doaccessToken: ""
# # for rfc2136
# nameserver: ""
# tsigKeyName: ""
# tsigAlgorithm: ""
# rfctsigSecret: ""
metrics:
enabled: true

View File

@@ -0,0 +1,375 @@
groups:
- name: Container Image
description: Image to be used for container
- name: General Settings
description: General Deployment Settings
- name: App Configuration
description: App Specific Config Options
- name: Networking and Services
description: Configure Network and Services for Container
- name: Storage and Persistence
description: Persist and Share Data that is Separate from the Container
- name: Ingress
description: Ingress Configuration
- name: Security and Permissions
description: Configure Security Context and Permissions
- name: Resources and Devices
description: "Specify Resources/Devices to be Allocated to Workload"
- name: Middlewares
description: Traefik Middlewares
- name: Metrics
description: Metrics
- name: VPN
description: VPN
- name: Addons
description: Addon Configuration
- name: Advanced
description: Advanced Configuration
- name: Documentation
description: Documentation
questions:
- variable: global
label: Global Settings
group: "General Settings"
schema:
type: dict
hidden: true
attrs:
- variable: isSCALE
label: Flag this is SCALE
schema:
type: boolean
default: true
hidden: true
- variable: clusterIssuer
group: App Configuration
label: Cluster Certificate Issuer
schema:
additional_attrs: true
type: dict
attrs:
- variable: selfSigned
label: 'SelfSigned Issuer'
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: enabled
description: "Enable self-signed issuer"
schema:
type: boolean
default: true
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
default: "selfSigned"
- variable: ACME
label: ACME Issuer
schema:
type: list
default: []
items:
- variable: ACMEEntry
label: 'ACME Issuer Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
default: ""
- variable: server
label: Server
description: "Server for ACME, for example: letsencrypt"
schema:
type: string
show_if: [["type", "!=", "HTTP01"]]
default: 'Letsencrypt-Production'
enum:
- value: 'https://acme-v02.api.letsencrypt.org/directory'
description: Letsencrypt-Production
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
description: Letsencrypt-Staging
- value: 'https://api.buypass.no/acme-v02/directory'
description: BuyPass-Production
- value: 'https://api.test4.buypass.no/acme-v02/directory'
description: BuyPass-Staging
- value: custom
description: Custom
- variable: customServer
label: Custom ACME Server (Advanced)
description: "This can be used to enter your own custom ACME server"
schema:
type: string
show_if: [["server", "=", "custom"]]
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
- variable: email
label: Email
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
schema:
type: string
required: true
show_if: [["type", "!=", "HTTP01"]]
default: "something@example.com"
- variable: type
label: Type or DNS-Provider
description: DNS Provider
schema:
type: string
required: true
default: cloudflare
enum:
- value: cloudflare
description: Cloudflare
- value: route53
description: Route53
- value: akamai
description: Akamai
- value: digitalocean
description: Digitalocean
- value: rfc2136
description: rfc2136 (Advanced)
- value: HTTP01
description: HTTP01 (Experimental)
- variable: cfapikey
label: CloudFlare API key
description: "CloudFlare API Key"
schema:
show_if: [["type", "=", "cloudflare"]]
type: string
default: ""
- variable: cfapitoken
label: CloudFlare API Token
description: "CloudFlare API Token"
schema:
show_if: [["type", "=", "cloudflare"]]
type: string
default: ""
- variable: region
label: Route53 Region
description: "Route 53 Region"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: "us-west-1"
- variable: accessKeyID
label: Route53 accessKeyID
description: "Route53 accessKeyID"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: ""
- variable: route53SecretAccessKey
label: Route53 Secret Access Key
description: "Route53 Secret Access Key"
schema:
show_if: [["type", "=", "route53"]]
type: string
required: true
default: ""
- variable: role
label: Route53 Role (optional)
description: "Route53 Role"
schema:
show_if: [["type", "=", "route53"]]
type: string
default: ""
- variable: serviceConsumerDomain
label: Akamai Service Consumer Domain
description: "Akamai Service Consumer Domain"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akclientToken
label: Akamai Client Token
description: "Client Token"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akclientSecret
label: Akamai Client Secret
description: "Akamai Client Secret"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: akaccessToken
label: Akamai Access Token
description: "Akamai Access Token"
schema:
show_if: [["type", "=", "akamai"]]
type: string
required: true
default: ""
- variable: doaccessToken
label: Digitalocean Access Token
description: "Digitalocean Access Token"
schema:
show_if: [["type", "=", "digitalocean"]]
type: string
required: true
default: ""
- variable: nameserver
label: rfc2136 Namesever
description: "rfc2136 Namesever"
schema:
show_if: [["type", "=", "digitalocean"]]
type: string
required: true
default: ""
- variable: tsigKeyName
label: rfc2136 tsig Key Name
description: "rfc2136 tsig Key Name"
schema:
show_if: [["type", "=", "digitalocean"]]
type: string
required: true
default: ""
- variable: tsigAlgorithm
label: rfc2136 tsig Algorithm
description: "rfc2136 tsig Algorithm"
schema:
show_if: [["type", "=", "digitalocean"]]
type: string
required: true
default: ""
- variable: rfctsigSecret
label: rfc2136 sig Secret
description: "rfc2136 sig Secret"
schema:
show_if: [["type", "=", "digitalocean"]]
type: string
required: true
default: ""
- variable: CA
label: Certiticate Authority Issuer
schema:
type: list
default: []
items:
- variable: CAEntry
label: 'CA Issuer Entry'
schema:
additional_attrs: true
type: dict
attrs:
- variable: name
label: Name
description: "Name to give the issuer"
schema:
type: string
required: true
default: ""
- variable: selfSigned
label: selfSigned
description: "Create Self Signed CA cert"
schema:
type: boolean
default: true
- variable: selfSignedCommonName
label: selfSigned CommonName
description: "Common name for selfSigned Certiticate Authority"
schema:
type: string
required: true
show_if: [["selfSigned", "=", "true"]]
default: "my-selfsigned-ca"
- variable: crt
label: "Custom CA cert (experimental)"
description: "certificate for Certiticate Authority"
schema:
type: string
required: true
show_if: [["selfSigned", "=", "false"]]
default: ""
- variable: key
label: "Custom CA key (experimental)"
description: "key Certiticate Authority"
schema:
type: string
required: true
show_if: [["selfSigned", "=", "false"]]
default: ""
- variable: metrics
group: Metrics
label: Prometheus Metrics
schema:
additional_attrs: true
type: dict
attrs:
- variable: enabled
label: Enabled
description: Enable Prometheus Metrics
schema:
type: boolean
default: true
show_subquestions_if: true
subquestions:
- variable: serviceMonitor
label: Service Monitor Settings
schema:
additional_attrs: true
type: dict
attrs:
- variable: interval
label: Scrape Interval
description: Scrape interval time
schema:
type: string
default: 1m
required: true
- variable: scrapeTimeout
label: Scrape Timeout
description: Scrape timeout Time
schema:
type: string
default: 30s
required: true
- variable: docs
group: Documentation
label: Please read the documentation at https://truecharts.org
description: Please read the documentation at
<br /><a href="https://truecharts.org">https://truecharts.org</a>
schema:
additional_attrs: true
type: dict
attrs:
- variable: confirmDocs
label: I have checked the documentation
schema:
type: boolean
default: true
- variable: donateNag
group: Documentation
label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
description: Please consider supporting TrueCharts, see
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
schema:
additional_attrs: true
type: dict
attrs:
- variable: confirmDonate
label: I have considered donating
schema:
type: boolean
default: true
hidden: true

View File

@@ -0,0 +1,25 @@
{{- define "certmanager.metrics" -}}
{{- if .Values.metrics.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: cert-manager
namespace: cert-manager
labels:
app: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
spec:
jobLabel: app.kubernetes.io/name
selector:
matchLabels:
app: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: "controller"
podMetricsEndpoints:
- port: http
honorLabels: true
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,85 @@
{{- define "certmanager.wait" }}
{{- $fullName := include "tc.common.names.fullname" . }}
---
apiVersion: batch/v1
kind: Job
metadata:
namespace: {{ .Release.Namespace }}
name: {{ $fullName }}-wait
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-1"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
template:
spec:
serviceAccountName: {{ $fullName }}-wait
containers:
- name: {{ $fullName }}-wait
image: {{ .Values.kubectlImage.repository }}:v1.26.0
securityContext:
runAsUser: 568
runAsGroup: 568
readOnlyRootFilesystem: true
runAsNonRoot: true
command:
- "/bin/sh"
- "-c"
- |
/bin/sh <<'EOF'
kubectl wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s || echo "metallb-system wait failed..."
kubectl wait --namespace cert-manager --for=condition=ready pod --selector=app=cert-manager --timeout=90s || echo "cert-manager wait failed..."
cmctl check api --wait=2m || echo "cmctl wait failed..."
EOF
volumeMounts:
- name: {{ $fullName }}-manifests-temp
mountPath: /tmp
- name: {{ $fullName }}-manifests-home
mountPath: /home/apps/
restartPolicy: Never
volumes:
- name: {{ $fullName }}-manifests-temp
emptyDir: {}
- name: {{ $fullName }}-manifests-home
emptyDir: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $fullName }}-wait
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $fullName }}-wait
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $fullName }}-wait
subjects:
- kind: ServiceAccount
name: {{ $fullName }}-wait
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $fullName }}-wait
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install, pre-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- end }}

View File

@@ -0,0 +1,88 @@
{{- define "certmanager.clusterissuer.acme" -}}
{{- range .Values.clusterIssuer.acme }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .name }}
spec:
acme:
email: {{ .email }}
server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
privateKeySecretRef:
name: {{ .name }}-acme-clusterissuer-account-key
solvers:
{{- if eq .type "HTTP01" }}
- http01:
ingress:
{{- else }}
- dns01:
{{- if eq .type "cloudflare" }}
cloudflare:
email: {{ .email }}
{{- if .cfapitoken }}
apiTokenSecretRef:
name: {{ .name }}-clusterissuer-secret
key: cf-api-token
{{- else if .cfapikey }}
name: {{ .name }}-clusterissuer-secret
key: cf-api-key
{{ else }}
{{- fail "A cloudflare API key or token is required" }}
{{- end }}
{{- else if eq .type "route53" }}
route53:
region: {{ .region }}
accessKeyID: {{ .accessKeyID }}
{{- if .role }}
role: {{ .role }}
{{- end }}
secretAccessKeySecretRef:
name: prod-route53-credentials-secret
key: route53-secret-access-key
{{- else if eq .type "akamai" }}
akamai:
serviceConsumerDomain: {{ .serviceConsumerDomain }}
clientTokenSecretRef:
name: {{ .name }}-clusterissuer-secret
key: akclientToken
clientSecretSecretRef:
name: {{ .name }}-clusterissuer-secret
key: akclientSecret
accessTokenSecretRef:
name: {{ .name }}-clusterissuer-secret
key: akaccessToken
{{- else if eq .type "digitalocean" }}
digitalocean:
tokenSecretRef:
name: {{ .name }}-clusterissuer-secret
key: doaccessToken
{{- else if eq .type "rfc2136" }}
rfc2136:
nameserver: {{ .nameserver }}
tsigKeyName: {{ .tsigKeyName }}
tsigAlgorithm: {{ .tsigAlgorithm }}
tsigSecretSecretRef:
name: {{ .name }}-clusterissuer-secret
key: rfctsigSecret
{{- else }}
{{- fail "No correct ACME type entered..." }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}-clusterissuer-secret
type: Opaque
stringData:
cf-api-token: {{ .cfapitoken | default "" }}
cf-api-key: {{ .cfapikey | default "" }}
route53-secret-access-key: {{ .route53SecretAccessKey | default "" }}
akclientToken: {{ .akclientToken | default "" }}
akclientSecret: {{ .akclientSecret | default "" }}
akaccessToken: {{ .akaccessToken | default "" }}
doaccessToken: {{ .doaccessToken | default "" }}
rfctsigSecret: {{ .rfctsigSecret | default "" }}
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,48 @@
{{- define "certmanager.clusterissuer.ca" -}}
{{- range .Values.clusterIssuer.CA }}
{{- if .selfSigned }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .name }}-selfsigned-ca-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .name }}-selfsigned-ca
namespace: cert-manager
spec:
isCA: true
commonName: {{ .selfSignedCommonName }}
secretName: {{ .name }}-ca
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: selfsigned-ca-issuer
kind: ClusterIssuer
group: cert-manager.io
{{- else }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}-ca
namespace: cert-manager
data:
tls.crt: {{ .crt | b64enc }}
tls.key: {{ .key | b64enc }}
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .name }}
spec:
ca:
secretName: {{ .name }}-ca
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,11 @@
{{- define "certmanager.clusterissuer.selfsigned" -}}
{{- if .Values.clusterIssuer.selfSigned.enabled }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .Values.clusterIssuer.selfSigned.name }}
spec:
selfSigned: {}
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,11 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{- include "certmanager.clusterissuer.acme" . }}
{{- include "certmanager.clusterissuer.selfsigned" . }}
{{- include "certmanager.clusterissuer.ca" . }}
{{- include "certmanager.metrics" . }}
{{- include "certmanager.wait" . }}

View File

@@ -0,0 +1,4 @@
icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/cert-manager.png
categories:
- core