diff --git a/charts/enterprise/clusterissuer/Chart.yaml b/charts/enterprise/clusterissuer/Chart.yaml index e04da90491f..cac31c4a984 100644 --- a/charts/enterprise/clusterissuer/Chart.yaml +++ b/charts/enterprise/clusterissuer/Chart.yaml @@ -21,7 +21,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer - https://cert-manager.io/ type: application -version: 4.0.2 +version: 4.1.0 annotations: truecharts.org/catagories: | - core diff --git a/charts/enterprise/clusterissuer/questions.yaml b/charts/enterprise/clusterissuer/questions.yaml index e6f06610d85..2ae5abf1af0 100644 --- a/charts/enterprise/clusterissuer/questions.yaml +++ b/charts/enterprise/clusterissuer/questions.yaml @@ -47,6 +47,8 @@ questions: description: rfc2136 (Advanced) - value: HTTP01 description: HTTP01 (Experimental) + - value: acmedns + description: ACME DNS (Advanced) - variable: server label: Server description: "Server for ACME, for example: letsencrypt" @@ -195,7 +197,64 @@ questions: type: string required: true default: "" - + - variable: acmednsHost + label: ACME DNS host + description: "ACME DNS API server address" + schema: + show_if: [["type", "=", "acmedns"]] + type: string + required: true + default: "https://auth.acme-dns.io" + - variable: acmednsConfig + label: ACME DNS config + description: "ACME DNS per-domain auth configuration" + schema: + show_if: [["type", "=", "acmedns"]] + type: list + default: [] + items: + - variable: acmednsEntry + label: 'ACME DNS entry' + schema: + type: dict + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + - variable: username + label: Username + schema: + type: string + required: true + - variable: password + label: Password + schema: + type: string + required: true + - variable: fulldomain + label: Full domain + schema: + type: string + required: true + - variable: subdomain + label: Subdomain + schema: + type: string + required: true + - variable: allowFrom + label: Allow from + schema: + type: list + default: [] + items: + - variable: cidr + label: CIDR + schema: + type: ipaddr + cidr: true + required: true - variable: CA label: Certificate Authority Issuer schema: diff --git a/charts/enterprise/clusterissuer/templates/clusterissuer/_ACME.tpl b/charts/enterprise/clusterissuer/templates/clusterissuer/_ACME.tpl index 0922452e79e..7f8b2aa451a 100644 --- a/charts/enterprise/clusterissuer/templates/clusterissuer/_ACME.tpl +++ b/charts/enterprise/clusterissuer/templates/clusterissuer/_ACME.tpl @@ -11,14 +11,21 @@ {{- end -}} {{- range .Values.clusterIssuer.ACME }} - {{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}} + {{- if or (not .name) (not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name)) -}} {{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}} {{- end -}} - {{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" -}} + {{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" "acmedns" -}} {{- if not (mustHas .type $validTypes) -}} {{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}} {{- end -}} {{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }} + {{- $acmednsDict := dict -}} + {{- if and (eq .type "acmedns") (not .acmednsConfigJson) }} + {{- range .acmednsConfig }} + {{/* Transform to a dict with domain as a key, also remove domain from the dict */}} + {{- $_ := set $acmednsDict .domain (omit . "domain") -}} + {{- end }} + {{- end -}} --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer @@ -85,6 +92,12 @@ spec: tsigSecretSecretRef: name: {{ $issuerSecretName }} key: rfctsigSecret + {{- else if eq .type "acmedns" }} + acmeDNS: + host: {{ .acmednsHost }} + accountSecretRef: + name: {{ $issuerSecretName }} + key: acmednsJson {{- end -}} {{- end }} --- @@ -103,5 +116,10 @@ stringData: akaccessToken: {{ .akaccessToken | default "" }} doaccessToken: {{ .doaccessToken | default "" }} rfctsigSecret: {{ $rfctsigSecret }} -{{- end }} +{{- if .acmednsConfigJson }} + acmednsJson: {{ .acmednsConfigJson }} +{{- else if $acmednsDict }} + acmednsJson: {{ toJson $acmednsDict }} +{{- end -}} + {{- end -}} {{- end -}} diff --git a/charts/enterprise/clusterissuer/values.yaml b/charts/enterprise/clusterissuer/values.yaml index 264f47ed254..4903d7a582f 100644 --- a/charts/enterprise/clusterissuer/values.yaml +++ b/charts/enterprise/clusterissuer/values.yaml @@ -59,7 +59,7 @@ clusterIssuer: # # Used primarily for the SCALE GUI # customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory' # email: "" -# # Options: HTTP01, cloudflare, route53 +# # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns # type: "" # # for cloudflare # cfapikey: "" @@ -82,3 +82,15 @@ clusterIssuer: # tsigKeyName: "" # tsigAlgorithm: "" # rfctsigSecret: "" +# # for acmedns +# name: sd +# acmednsHost: asdf +# # Pick one of the bellow acmednsConfig +# acmednsConfigJson: +# acmednsConfig: +# - domain: "" +# username: "" +# password: "" +# fulldomain: "" +# subdomain: "" +# allowFrom: []