From 95215e258bdf236d06898fa1a969e77438743b7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Pedro=20Alc=C3=A2ntara?= <39736905+sule26@users.noreply.github.com> Date: Mon, 11 Nov 2024 10:24:36 -0300 Subject: [PATCH] feat: add awspca issuers (#1333) --- charts/cert-manager-issuers/Chart.yaml | 11 +++++++-- charts/cert-manager-issuers/README.md | 4 +++- .../examples/awspcaclusterissuer.yaml | 8 +++++++ .../examples/awspcaissuer.yaml | 4 ++++ .../examples/letsencrypt-clusterissuers.yaml | 4 ++-- .../cert-manager-issuers/templates/NOTES.txt | 12 ++++++++++ .../templates/awspcaclusterissuers.yaml | 13 ++++++++++ .../templates/awspcaissuers.yaml | 13 ++++++++++ .../awspcaclusterissuers_test.yaml.snap | 14 +++++++++++ .../__snapshot__/awspcaissuers_test.yaml.snap | 18 ++++++++++++++ .../clusterissuers_test.yaml.snap | 24 +++++++++---------- .../tests/__snapshot__/issuers_test.yaml.snap | 14 +++++------ .../tests/awspcaclusterissuers_test.yaml | 9 +++++++ .../tests/awspcaissuers_test.yaml | 9 +++++++ charts/cert-manager-issuers/values.yaml | 6 +++++ 15 files changed, 139 insertions(+), 24 deletions(-) create mode 100644 charts/cert-manager-issuers/examples/awspcaclusterissuer.yaml create mode 100644 charts/cert-manager-issuers/examples/awspcaissuer.yaml create mode 100644 charts/cert-manager-issuers/templates/awspcaclusterissuers.yaml create mode 100644 charts/cert-manager-issuers/templates/awspcaissuers.yaml create mode 100644 charts/cert-manager-issuers/tests/__snapshot__/awspcaclusterissuers_test.yaml.snap create mode 100644 charts/cert-manager-issuers/tests/__snapshot__/awspcaissuers_test.yaml.snap create mode 100644 charts/cert-manager-issuers/tests/awspcaclusterissuers_test.yaml create mode 100644 charts/cert-manager-issuers/tests/awspcaissuers_test.yaml diff --git a/charts/cert-manager-issuers/Chart.yaml b/charts/cert-manager-issuers/Chart.yaml index c62b70067..7b9424f62 100644 --- a/charts/cert-manager-issuers/Chart.yaml +++ b/charts/cert-manager-issuers/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: cert-manager-issuers description: Configure cert-manager Issuers and ClusterIssuers via Helm type: application -version: 0.2.5 +version: 0.3.0 # matches apiVersion: cert-manager.io/v1 -appVersion: "1" +appVersion: '1' keywords: - cert-manager - tls @@ -20,3 +20,10 @@ dependencies: - name: common repository: https://charts.adfinis.com version: 0.0.7 +annotations: + artifacthub.io/changes: | + - kind: changed + description: "cert-manager-issuers: add AWSPCAClusterIssuer and AWSPCAIssuer" + links: + - name: GitHub PR + url: https://github.com/adfinis/helm-charts/pull/1333 diff --git a/charts/cert-manager-issuers/README.md b/charts/cert-manager-issuers/README.md index 7bfc7d41e..ae5900a13 100644 --- a/charts/cert-manager-issuers/README.md +++ b/charts/cert-manager-issuers/README.md @@ -1,6 +1,6 @@ # cert-manager-issuers -![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) Configure cert-manager Issuers and ClusterIssuers via Helm @@ -23,6 +23,8 @@ This chart is maintained by [Adfinis](https://adfinis.com/?pk_campaign=github&pk | Key | Type | Default | Description | |-----|------|---------|-------------| +| awspcaClusterIssuers | list | `[]` | Array of cert-manager AWSPCAClusterIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config/) (see [examples](./examples/)) | +| awspcaIssuers | list | `[]` | Array of cert-manager AWSPCAIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config//) (see [examples](./examples/)) | | clusterIssuers | list | `[]` | Array of cert-manager ClusterIssuer [configurations](https://cert-manager.io/docs/configuration/) (see [examples](./examples/)) | | issuers | list | `[]` | Array of cert-manager Issuer [configurations](https://cert-manager.io/docs/configuration/) (see [examples](./examples/)) | diff --git a/charts/cert-manager-issuers/examples/awspcaclusterissuer.yaml b/charts/cert-manager-issuers/examples/awspcaclusterissuer.yaml new file mode 100644 index 000000000..83faa63f1 --- /dev/null +++ b/charts/cert-manager-issuers/examples/awspcaclusterissuer.yaml @@ -0,0 +1,8 @@ +awspcaIssuers: + - name: example + spec: + arn: + region: eu-west-1 + secretRef: + namespace: default + name: example diff --git a/charts/cert-manager-issuers/examples/awspcaissuer.yaml b/charts/cert-manager-issuers/examples/awspcaissuer.yaml new file mode 100644 index 000000000..4b4ad1fd3 --- /dev/null +++ b/charts/cert-manager-issuers/examples/awspcaissuer.yaml @@ -0,0 +1,4 @@ +awspcaClusterIssuers: + - name: example + spec: + arn: diff --git a/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml b/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml index ff46b2e2f..635d434d2 100644 --- a/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml +++ b/charts/cert-manager-issuers/examples/letsencrypt-clusterissuers.yaml @@ -4,8 +4,8 @@ # using a http01 solver that will work well with nginx-ingress. This is what # most small single-tenant clusters start with. -_: &email user@example.com -_: &solvers +_1: &email user@example.com +_2: &solvers - http01: ingress: class: nginx diff --git a/charts/cert-manager-issuers/templates/NOTES.txt b/charts/cert-manager-issuers/templates/NOTES.txt index 1ad7eeb58..2849b1959 100644 --- a/charts/cert-manager-issuers/templates/NOTES.txt +++ b/charts/cert-manager-issuers/templates/NOTES.txt @@ -10,3 +10,15 @@ Deployed ClusterIssuers: * {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }} {{- end }} {{- end }} +{{- if .Values.awspcaIssuers }} +Deployed AWSPCAIssuers: +{{- range .Values.awspcaIssuers }} +* {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }} +{{- end }} +{{- end }} +{{- if .Values.awspcaClusterIssuers }} +Deployed AWSPCAClusterIssuers: +{{- range .Values.awspcaClusterIssuers }} +* {{ include "cert-manager-issuers.name" (dict "data" . "root" $) }} +{{- end }} +{{- end }} diff --git a/charts/cert-manager-issuers/templates/awspcaclusterissuers.yaml b/charts/cert-manager-issuers/templates/awspcaclusterissuers.yaml new file mode 100644 index 000000000..6e602eb8d --- /dev/null +++ b/charts/cert-manager-issuers/templates/awspcaclusterissuers.yaml @@ -0,0 +1,13 @@ +{{- range .Values.awspcaClusterIssuers }} +--- +# raw issuer: {{ . | toJson }} +{{- $enabled := printf "%t" .enabled }} +{{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} +{{- if (eq $enabled "true") }} +apiVersion: awspca.cert-manager.io/v1beta1 +kind: AWSPCAClusterIssuer +{{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }} +spec: + {{- .spec | toYaml | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/cert-manager-issuers/templates/awspcaissuers.yaml b/charts/cert-manager-issuers/templates/awspcaissuers.yaml new file mode 100644 index 000000000..713ee4de7 --- /dev/null +++ b/charts/cert-manager-issuers/templates/awspcaissuers.yaml @@ -0,0 +1,13 @@ +{{- range .Values.awspcaIssuers }} +--- +# raw issuer: {{ . | toJson }} +{{- $enabled := printf "%t" .enabled }} +{{- if regexMatch "nil" $enabled }}{{- $enabled = "true" }}{{- end }} +{{- if (eq $enabled "true") }} +apiVersion: awspca.cert-manager.io/v1beta1 +kind: AWSPCAIssuer +{{ template "cert-manager-issuers.metadata" (dict "data" . "root" $) }} +spec: + {{- .spec | toYaml | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/cert-manager-issuers/tests/__snapshot__/awspcaclusterissuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/awspcaclusterissuers_test.yaml.snap new file mode 100644 index 000000000..5a2e097fe --- /dev/null +++ b/charts/cert-manager-issuers/tests/__snapshot__/awspcaclusterissuers_test.yaml.snap @@ -0,0 +1,14 @@ +should create a AWSPCAIssuer: + 1: | + apiVersion: awspca.cert-manager.io/v1beta1 + kind: AWSPCAClusterIssuer + metadata: + labels: + app.kubernetes.io/app: cert-manager-issuers + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "1" + helm.sh/chart: cert-manager-issuers-0.3.0 + name: example + spec: + arn: diff --git a/charts/cert-manager-issuers/tests/__snapshot__/awspcaissuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/awspcaissuers_test.yaml.snap new file mode 100644 index 000000000..e9513b664 --- /dev/null +++ b/charts/cert-manager-issuers/tests/__snapshot__/awspcaissuers_test.yaml.snap @@ -0,0 +1,18 @@ +should create a AWSPCAClusterIssuer: + 1: | + apiVersion: awspca.cert-manager.io/v1beta1 + kind: AWSPCAIssuer + metadata: + labels: + app.kubernetes.io/app: cert-manager-issuers + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "1" + helm.sh/chart: cert-manager-issuers-0.3.0 + name: example + spec: + arn: + region: eu-west-1 + secretRef: + name: example + namespace: default diff --git a/charts/cert-manager-issuers/tests/__snapshot__/clusterissuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/clusterissuers_test.yaml.snap index eae6bfa5b..d3132b9f3 100644 --- a/charts/cert-manager-issuers/tests/__snapshot__/clusterissuers_test.yaml.snap +++ b/charts/cert-manager-issuers/tests/__snapshot__/clusterissuers_test.yaml.snap @@ -8,7 +8,7 @@ should create one selfsigned clusterissuer: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: cert-manager-issuers spec: selfSigned: {} @@ -22,7 +22,7 @@ should create two letsencrypt clusterissuers: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: letsencrypt-prod spec: acme: @@ -31,9 +31,9 @@ should create two letsencrypt clusterissuers: name: letsencrypt-prod-account-key server: https://acme-v02.api.letsencrypt.org/directory solvers: - - http01: - ingress: - class: nginx + - http01: + ingress: + class: nginx 2: | apiVersion: cert-manager.io/v1 kind: ClusterIssuer @@ -43,7 +43,7 @@ should create two letsencrypt clusterissuers: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: letsencrypt-staging spec: acme: @@ -52,9 +52,9 @@ should create two letsencrypt clusterissuers: name: letsencrypt-staging-account-key server: https://acme-staging-v02.api.letsencrypt.org/directory solvers: - - http01: - ingress: - class: nginx + - http01: + ingress: + class: nginx should match snapshot: 1: | apiVersion: cert-manager.io/v1 @@ -65,7 +65,7 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: cert-manager-issuers spec: selfSigned: {} @@ -78,7 +78,7 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: top-level-name-syntax-sugar spec: selfSigned: {} @@ -93,7 +93,7 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: top-level-name-and-metadata spec: selfSigned: {} diff --git a/charts/cert-manager-issuers/tests/__snapshot__/issuers_test.yaml.snap b/charts/cert-manager-issuers/tests/__snapshot__/issuers_test.yaml.snap index 0f0c691b9..9e4c2f393 100644 --- a/charts/cert-manager-issuers/tests/__snapshot__/issuers_test.yaml.snap +++ b/charts/cert-manager-issuers/tests/__snapshot__/issuers_test.yaml.snap @@ -8,7 +8,7 @@ should create namespaced vault issuers: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: vault-issuer namespace: demo-com spec: @@ -26,7 +26,7 @@ should create namespaced vault issuers: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: vault-issuer namespace: demo-org spec: @@ -45,7 +45,7 @@ should disable issuers: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: active-issuer spec: selfSigned: {} @@ -59,7 +59,7 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: cert-manager-issuers spec: selfSigned: {} @@ -74,7 +74,7 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: test-with-name-and-annotations spec: selfSigned: {} @@ -88,7 +88,7 @@ should match snapshot: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" foo: bar - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: test-with-labels-in-metadata spec: selfSigned: {} @@ -101,7 +101,7 @@ should match snapshot: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "1" - helm.sh/chart: cert-manager-issuers-0.2.5 + helm.sh/chart: cert-manager-issuers-0.3.0 name: top-level-name-syntax-sugar spec: selfSigned: {} diff --git a/charts/cert-manager-issuers/tests/awspcaclusterissuers_test.yaml b/charts/cert-manager-issuers/tests/awspcaclusterissuers_test.yaml new file mode 100644 index 000000000..532b192ab --- /dev/null +++ b/charts/cert-manager-issuers/tests/awspcaclusterissuers_test.yaml @@ -0,0 +1,9 @@ +suite: AWSPCAClusterIssuer tests +templates: + - awspcaclusterissuers.yaml +tests: + - it: should create a AWSPCAIssuer + values: + - ../examples/awspcaissuer.yaml + asserts: + - matchSnapshot: {} diff --git a/charts/cert-manager-issuers/tests/awspcaissuers_test.yaml b/charts/cert-manager-issuers/tests/awspcaissuers_test.yaml new file mode 100644 index 000000000..87f8111b4 --- /dev/null +++ b/charts/cert-manager-issuers/tests/awspcaissuers_test.yaml @@ -0,0 +1,9 @@ +suite: AWSPCAIssuer tests +templates: + - awspcaissuers.yaml +tests: + - it: should create a AWSPCAClusterIssuer + values: + - ../examples/awspcaclusterissuer.yaml + asserts: + - matchSnapshot: {} diff --git a/charts/cert-manager-issuers/values.yaml b/charts/cert-manager-issuers/values.yaml index dc9ab20c5..11eb5a184 100644 --- a/charts/cert-manager-issuers/values.yaml +++ b/charts/cert-manager-issuers/values.yaml @@ -3,3 +3,9 @@ issuers: [] # -- Array of cert-manager ClusterIssuer [configurations](https://cert-manager.io/docs/configuration/) (see [examples](./examples/)) clusterIssuers: [] + +# -- Array of cert-manager AWSPCAIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config//) (see [examples](./examples/)) +awspcaIssuers: [] + +# -- Array of cert-manager AWSPCAClusterIssuer [configurations](https://github.com/cert-manager/aws-privateca-issuer/tree/main/config/) (see [examples](./examples/)) +awspcaClusterIssuers: []