Merge pull request #142 from weaveworks/release-clusterissuer-chart

Release Clusterissuer chart

Author: Darryl Weaver

charts/clusterissuer/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/clusterissuer/Chart.yaml

@@ -0,0 +1,34 @@
+apiVersion: v2
+name: clusterissuer
+icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png
+description: A Weaveworks Helm chart for a cert manager cluster issuer using DNS01 validation with route53
+type: application
+version: 1.0.0
+kubeVersion: ">=1.16.0-0"
+home: https://github.com/weaveworks/profiles-catalog
+sources:
+  - https://github.com/weaveworks/profiles-catalog
+
+keywords:
+- cert-manager
+- aws
+- route53
+- kube-lego
+- letsencrypt
+- tls
+
+maintainers:
+  - name: Weaveworks
+    email: [email protected]
+
+annotations:
+  "weave.works/profile": clusterissuer
+  "weave.works/category": Certificate
+  "weave.works/layer": layer-2
+  "weave.works/operator": "false"
+  "weave.works/links": |
+    - name: Chart Sources
+      url: https://github.com/weaveworks/profiles-catalog
+  "weave.works/profile-ci": |
+    - "gke"
+    - "kind"

charts/clusterissuer/templates/NOTES.txt

@@ -0,0 +1 @@
+The clusterissuer for route53 domains on aws has been installed

charts/clusterissuer/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "clusterissuer.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "clusterissuer.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "clusterissuer.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "clusterissuer.labels" -}}
+helm.sh/chart: {{ include "clusterissuer.chart" . }}
+{{ include "clusterissuer.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "clusterissuer.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "clusterissuer.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "clusterissuer.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "clusterissuer.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/clusterissuer/templates/aws-route53-creds.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.externalSecret.create }}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  creationTimestamp: null
+  name: clusterissuer-static-secret
+  namespace: cert-manager
+spec:
+  dataFrom:
+  - extract:
+      key: {{ .Values.externalSecret.secretManager.path }}
+  refreshInterval: 1h0m0s
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: {{ .Values.externalSecret.clusterSecretStore.name }}
+  target:
+    creationPolicy: Owner
+    name: {{ .Values.externalSecret.secretName }}
+status:
+  refreshTime: null
+{{- end }}

charts/clusterissuer/templates/clusterissuer.yaml

@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: {{ .Values.clusterIssuerEmail }}
+    privateKeySecretRef:
+      name: letsencrypt
+    solvers:
+      - dns01:
+          route53:
+            region: {{ .Values.region }}
+            {{- if .Values.accessKeyId.enabled }}
+            accessKeyID: {{ .Values.accessKeyId.value }}
+            {{- end }}
+            {{- if .Values.externalSecret.create }}
+            secretAccessKeySecretRef:
+              name: {{ .Values.externalSecret.secretName }}
+              key: secret-access-key
+            {{- else }}
+            secretAccessKeySecretRef:
+              name: ""
+            {{- end }}
+        selector:
+          dnsZones:
+          - {{ .Values.dnsZone }}
+

charts/clusterissuer/values.yaml

@@ -0,0 +1,13 @@
+clusterIssuerEmail: [email protected]
+dnsZone: cx.weave.works
+accessKeyId: 
+  enabled: false
+  value: AWS_ACCESS_KEY
+region: us-west-1
+externalSecret:
+  create: false
+  secretName: aws-route53-creds
+  clusterSecretStore:
+    name: aws-secretmanager
+  secretManager:
+    path: demo/clusterissuer/aws-route53-creds