feat: add awspca issuers (#1333)

adfinis · Nov 11, 2024 · 95215e2 · 95215e2
1 parent 83eea95
commit 95215e2
Show file tree

Hide file tree

Showing 15 changed files with 139 additions and 24 deletions.
diff --git a/charts/cert-manager-issuers/Chart.yaml b/charts/cert-manager-issuers/Chart.yaml
@@ -2,9 +2,9 @@ apiVersion: v2
 name: cert-manager-issuers
 description: Configure cert-manager Issuers and ClusterIssuers via Helm
 type: application
-version: 0.2.5
+version: 0.3.0
 # matches apiVersion: cert-manager.io/v1
-appVersion: "1"
+appVersion: '1'
 keywords:
   - cert-manager
   - tls
@@ -20,3 +20,10 @@ dependencies:
   - name: common
     repository: https://charts.adfinis.com
     version: 0.0.7
+annotations:
+  artifacthub.io/changes: |
+    - kind: changed
+      description: "cert-manager-issuers: add AWSPCAClusterIssuer and AWSPCAIssuer"
+      links:
+        - name: GitHub PR
+          url: https://github.com/adfinis/helm-charts/pull/1333
diff --git a/charts/cert-manager-issuers/README.md b/charts/cert-manager-issuers/README.md
diff --git a/charts/cert-manager-issuers/examples/awspcaclusterissuer.yaml b/charts/cert-manager-issuers/examples/awspcaclusterissuer.yaml
@@ -0,0 +1,8 @@
+awspcaIssuers:
+  - name: example
+    spec:
+      arn: <some-pca-arn>
+      region: eu-west-1
+      secretRef:
+        namespace: default
+        name: example
diff --git a/charts/cert-manager-issuers/examples/awspcaissuer.yaml b/charts/cert-manager-issuers/examples/awspcaissuer.yaml
@@ -0,0 +1,4 @@
+awspcaClusterIssuers:
+  - name: example
+    spec:
+      arn: <some-pca-arn>
diff --git a/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml b/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml
@@ -4,8 +4,8 @@
 # using a http01 solver that will work well with nginx-ingress. This is what
 # most small single-tenant clusters start with.
 
-_: &email user@example.com
-_: &solvers
+_1: &email user@example.com
+_2: &solvers
 - http01:
     ingress:
       class: nginx

diff --git a/charts/cert-manager-issuers/templates/NOTES.txt b/charts/cert-manager-issuers/templates/NOTES.txt
@@ -10,3 +10,15 @@ Deployed ClusterIssuers:
 * {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }}
 {{- end }}
 {{- end }}
+{{- if .Values.awspcaIssuers }}
+Deployed AWSPCAIssuers:
+{{- range .Values.awspcaIssuers }}
+* {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }}
+{{- end }}
+{{- end }}
+{{- if .Values.awspcaClusterIssuers }}
+Deployed AWSPCAClusterIssuers:
+{{- range .Values.awspcaClusterIssuers }}
+* {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager-issuers/templates/awspcaclusterissuers.yaml b/charts/cert-manager-issuers/templates/awspcaclusterissuers.yaml
@@ -0,0 +1,13 @@
+{{- range .Values.awspcaClusterIssuers }}
+---
+# raw issuer: {{ . | toJson }}
+{{- $enabled := printf "%t" .enabled }}
+{{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }}
+{{- if (eq $enabled "true") }}
+apiVersion: awspca.cert-manager.io/v1beta1
+kind: AWSPCAClusterIssuer
+{{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }}
+spec:
+  {{- .spec | toYaml | nindent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager-issuers/templates/awspcaissuers.yaml b/charts/cert-manager-issuers/templates/awspcaissuers.yaml
@@ -0,0 +1,13 @@
+{{- range .Values.awspcaIssuers }}
+---
+# raw issuer: {{ . | toJson }}
+{{- $enabled := printf "%t" .enabled }}
+{{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }}
+{{- if (eq $enabled "true") }}
+apiVersion: awspca.cert-manager.io/v1beta1
+kind: AWSPCAIssuer
+{{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }}
+spec:
+  {{- .spec | toYaml | nindent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/cert-manager-issuers/tests/__snapshot__/awspcaclusterissuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/awspcaclusterissuers_test.yaml.snap
@@ -0,0 +1,14 @@
+should create a AWSPCAIssuer:
+  1: |
+    apiVersion: awspca.cert-manager.io/v1beta1
+    kind: AWSPCAClusterIssuer
+    metadata:
+      labels:
+        app.kubernetes.io/app: cert-manager-issuers
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/version: "1"
+        helm.sh/chart: cert-manager-issuers-0.3.0
+      name: example
+    spec:
+      arn: <some-pca-arn>
diff --git a/charts/cert-manager-issuers/tests/__snapshot__/awspcaissuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/awspcaissuers_test.yaml.snap
@@ -0,0 +1,18 @@
+should create a AWSPCAClusterIssuer:
+  1: |
+    apiVersion: awspca.cert-manager.io/v1beta1
+    kind: AWSPCAIssuer
+    metadata:
+      labels:
+        app.kubernetes.io/app: cert-manager-issuers
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/version: "1"
+        helm.sh/chart: cert-manager-issuers-0.3.0
+      name: example
+    spec:
+      arn: <some-pca-arn>
+      region: eu-west-1
+      secretRef:
+        name: example
+        namespace: default
diff --git a/charts/cert-manager-issuers/tests/__snapshot__/clusterissuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/clusterissuers_test.yaml.snap
@@ -8,7 +8,7 @@ should create one selfsigned clusterissuer:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: cert-manager-issuers
     spec:
       selfSigned: {}
@@ -22,7 +22,7 @@ should create two letsencrypt clusterissuers:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: letsencrypt-prod
     spec:
       acme:
@@ -31,9 +31,9 @@ should create two letsencrypt clusterissuers:
           name: letsencrypt-prod-account-key
         server: https://acme-v02.api.letsencrypt.org/directory
         solvers:
-        - http01:
-            ingress:
-              class: nginx
+          - http01:
+              ingress:
+                class: nginx
   2: |
     apiVersion: cert-manager.io/v1
     kind: ClusterIssuer
@@ -43,7 +43,7 @@ should create two letsencrypt clusterissuers:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: letsencrypt-staging
     spec:
       acme:
@@ -52,9 +52,9 @@ should create two letsencrypt clusterissuers:
           name: letsencrypt-staging-account-key
         server: https://acme-staging-v02.api.letsencrypt.org/directory
         solvers:
-        - http01:
-            ingress:
-              class: nginx
+          - http01:
+              ingress:
+                class: nginx
 should match snapshot:
   1: |
     apiVersion: cert-manager.io/v1
@@ -65,7 +65,7 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: cert-manager-issuers
     spec:
       selfSigned: {}
@@ -78,7 +78,7 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: top-level-name-syntax-sugar
     spec:
       selfSigned: {}
@@ -93,7 +93,7 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: top-level-name-and-metadata
     spec:
       selfSigned: {}
diff --git a/charts/cert-manager-issuers/tests/__snapshot__/issuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/issuers_test.yaml.snap
@@ -8,7 +8,7 @@ should create namespaced vault issuers:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: vault-issuer
       namespace: demo-com
     spec:
@@ -26,7 +26,7 @@ should create namespaced vault issuers:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: vault-issuer
       namespace: demo-org
     spec:
@@ -45,7 +45,7 @@ should disable issuers:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: active-issuer
     spec:
       selfSigned: {}
@@ -59,7 +59,7 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: cert-manager-issuers
     spec:
       selfSigned: {}
@@ -74,7 +74,7 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: test-with-name-and-annotations
     spec:
       selfSigned: {}
@@ -88,7 +88,7 @@ should match snapshot:
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
         foo: bar
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: test-with-labels-in-metadata
     spec:
       selfSigned: {}
@@ -101,7 +101,7 @@ should match snapshot:
         app.kubernetes.io/instance: RELEASE-NAME
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/version: "1"
-        helm.sh/chart: cert-manager-issuers-0.2.5
+        helm.sh/chart: cert-manager-issuers-0.3.0
       name: top-level-name-syntax-sugar
     spec:
       selfSigned: {}
diff --git a/charts/cert-manager-issuers/tests/awspcaclusterissuers_test.yaml b/charts/cert-manager-issuers/tests/awspcaclusterissuers_test.yaml
@@ -0,0 +1,9 @@
+suite: AWSPCAClusterIssuer tests
+templates:
+  - awspcaclusterissuers.yaml
+tests:
+  - it: should create a AWSPCAIssuer
+    values:
+      - ../examples/awspcaissuer.yaml
+    asserts:
+      - matchSnapshot: {}
diff --git a/charts/cert-manager-issuers/tests/awspcaissuers_test.yaml b/charts/cert-manager-issuers/tests/awspcaissuers_test.yaml
@@ -0,0 +1,9 @@
+suite: AWSPCAIssuer tests
+templates:
+  - awspcaissuers.yaml
+tests:
+  - it: should create a AWSPCAClusterIssuer
+    values:
+      - ../examples/awspcaclusterissuer.yaml
+    asserts:
+      - matchSnapshot: {}
diff --git a/charts/cert-manager-issuers/values.yaml b/charts/cert-manager-issuers/values.yaml
@@ -3,3 +3,9 @@ issuers: []
 
 # -- Array of cert-manager ClusterIssuer [configurations](https://cert-manager.io/docs/configuration/) (see [examples](./examples/))
 clusterIssuers: []
+
+# -- Array of cert-manager AWSPCAIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config//) (see [examples](./examples/))
+awspcaIssuers: []
+
+# -- Array of cert-manager AWSPCAClusterIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config/) (see [examples](./examples/))
+awspcaClusterIssuers: []