diff --git a/.gitignore b/.gitignore index 1478b23db..cb169b1e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .DS_Store +.idea /acmesolver /controller /hack/build/dockerfiles/cert-manager-*_*_* diff --git a/contrib/charts/cert-manager/Chart.yaml b/contrib/charts/cert-manager/Chart.yaml index b892d8bdd..3c48f8891 100644 --- a/contrib/charts/cert-manager/Chart.yaml +++ b/contrib/charts/cert-manager/Chart.yaml @@ -1,4 +1,12 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes name: cert-manager version: 0.1.0 +appVersion: 0.2.2 +description: A Helm chart for cert-manager +home: https://github.com/jetstack/cert-manager +keywords: + - cert-manager + - kube-lego + - letsencrypt + - tls +sources: + - https://github.com/jetstack/cert-manager diff --git a/contrib/charts/cert-manager/README.md b/contrib/charts/cert-manager/README.md index 139fe1940..4efbd9c94 100644 --- a/contrib/charts/cert-manager/README.md +++ b/contrib/charts/cert-manager/README.md @@ -44,15 +44,24 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the cert-manager chart and their default values. -| Parameter | Description | Default | -| ---------------------- | --------------------------------------- | ---------------------------------------------- | -| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v0.2.3` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `replicaCount` | Number of cert-manager replicas | `1` | -| `createCustomResource` | Create CRD/TPR with this release | `true` | -| `rbac.enabled` | Create RBAC resources with this release | `true` | -| `resources` | CPU/Memory resource requests/limits | `None` | +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | +| `image.tag` | Image tag | `v0.2.3` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `replicaCount` | Number of cert-manager replicas | `1` | +| `createCustomResource` | Create CRD/TPR with this release | `true` | +| `extraArgs` | Optional flags for cert-manager | `[]` | +| `rbac.create` | If true, create & use RBAC resources | `true` +| `rbac.serviceAccountName` | ServiceAccount to be used (ignored if rbac.create=true) | `default` +| `resources` | CPU/memory resource requests/limits | `requests: {cpu: 10m, memory: 32Mi}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `ingressShim.enabled` | Enable ingress-shim for automatic ingress integration | `true`| +| `ingressShim.extraArgs` | Optional flags for ingress-shim | `[]` | +| `ingressShim.resources` | CPU/memory resource requests/limits for ingress-shim | `requests: {cpu: 10m, memory: 32Mi}` | +| `ingressShim.image.repository` | Image repository for ingress-shim | `quay.io/jetstack/cert-manager-ingress-shim` | +| `ingressShim.image.tag` | Image tag for ingress-shim. Defaults to `image.tag` if empty | `` | +| `ingressShim.image.pullPolicy` | Image pull policy for ingress-shim | `IfNotPresent` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/contrib/charts/cert-manager/templates/NOTES.txt b/contrib/charts/cert-manager/templates/NOTES.txt index e69de29bb..547ca086a 100644 --- a/contrib/charts/cert-manager/templates/NOTES.txt +++ b/contrib/charts/cert-manager/templates/NOTES.txt @@ -0,0 +1,5 @@ +cert-manager has been deployed successfully! + +You may now go ahead and create issuers and certificates. + +See https://github.com/jetstack/cert-manager/blob/master/docs/README.md diff --git a/contrib/charts/cert-manager/templates/_helpers.tpl b/contrib/charts/cert-manager/templates/_helpers.tpl index f0d83d2ed..82d3f3a7d 100644 --- a/contrib/charts/cert-manager/templates/_helpers.tpl +++ b/contrib/charts/cert-manager/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "name" -}} +{{- define "cert-manager.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -10,7 +10,15 @@ Expand the name of the chart. Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} -{{- define "fullname" -}} +{{- define "cert-manager.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- $fullname := printf "%s-%s" $name .Release.Name -}} +{{- default $fullname .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cert-manager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/contrib/charts/cert-manager/templates/certificate-crd.yaml b/contrib/charts/cert-manager/templates/certificate-crd.yaml index e674a058d..33b3600c7 100644 --- a/contrib/charts/cert-manager/templates/certificate-crd.yaml +++ b/contrib/charts/cert-manager/templates/certificate-crd.yaml @@ -4,6 +4,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: certificates.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: group: certmanager.k8s.io version: v1alpha1 @@ -18,6 +23,6 @@ metadata: name: certificate.certmanager.k8s.io description: "A specification for a cert-manager certificate" versions: -- name: v1alpha1 + - name: v1alpha1 {{- end -}} {{- end -}} diff --git a/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml b/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml index 28edce370..54275647e 100644 --- a/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml +++ b/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml @@ -4,6 +4,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: clusterissuers.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: group: certmanager.k8s.io version: v1alpha1 diff --git a/contrib/charts/cert-manager/templates/deployment.yaml b/contrib/charts/cert-manager/templates/deployment.yaml index 8d4dc47c1..ffddb22ff 100644 --- a/contrib/charts/cert-manager/templates/deployment.yaml +++ b/contrib/charts/cert-manager/templates/deployment.yaml @@ -1,40 +1,41 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1beta1 kind: Deployment metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: Recreate template: metadata: labels: - app: {{ template "name" . }} + app: {{ template "cert-manager.name" . }} release: {{ .Release.Name }} spec: - serviceAccount: {{ template "fullname" . }} - serviceAccountName: {{ template "fullname" . }} + serviceAccountName: {{ if .Values.rbac.create }}{{ template "cert-manager.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.extraArgs }} args: -{{- range .Values.extraArgs }} - - {{ . }} -{{- end }} +{{ toYaml .Values.extraArgs | indent 12 }} + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.ingressShim.enabled }} - name: ingress-shim - image: "{{ .Values.ingressShim.image.repository }}:{{ default .Values.ingressShim.image.tag | default .Values.image.tag }}" + image: "{{ .Values.ingressShim.image.repository }}:{{ default .Values.ingressShim.image.tag .Values.image.tag }}" imagePullPolicy: {{ .Values.ingressShim.image.pullPolicy }} + {{- if .Values.ingressShim.extraArgs }} args: -{{- range .Values.ingressShim.extraArgs }} - - {{ . }} -{{- end }} +{{ toYaml .Values.ingressShim.extraArgs | indent 12 }} + {{- end }} resources: {{ toYaml .Values.ingressShim.resources | indent 12 }} {{- end }} diff --git a/contrib/charts/cert-manager/templates/issuer-crd.yaml b/contrib/charts/cert-manager/templates/issuer-crd.yaml index 10f5618fa..6827b7101 100644 --- a/contrib/charts/cert-manager/templates/issuer-crd.yaml +++ b/contrib/charts/cert-manager/templates/issuer-crd.yaml @@ -4,6 +4,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: issuers.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: group: certmanager.k8s.io version: v1alpha1 @@ -11,13 +16,18 @@ spec: kind: Issuer plural: issuers scope: Namespaced -{{ else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} +{{ else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} apiVersion: extensions/v1beta1 kind: ThirdPartyResource metadata: name: issuer.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} description: "A specification for a cert-manager issuer" versions: -- name: v1alpha1 + - name: v1alpha1 {{- end -}} {{- end -}} diff --git a/contrib/charts/cert-manager/templates/rbac.yaml b/contrib/charts/cert-manager/templates/rbac.yaml index 27afe516f..68a3d4ed7 100644 --- a/contrib/charts/cert-manager/templates/rbac.yaml +++ b/contrib/charts/cert-manager/templates/rbac.yaml @@ -1,39 +1,39 @@ -{{- if .Values.rbac.enabled -}} +{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} rules: -- apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "issuers", "clusterissuers"] - verbs: ["*"] -- apiGroups: [""] - resources: ["secrets", "events", "endpoints", "services", "pods"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] + - apiGroups: ["certmanager.k8s.io"] + resources: ["certificates", "issuers", "clusterissuers"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets", "events", "endpoints", "services", "pods"] + verbs: ["*"] + - apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} subjects: -- name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace | quote }} - kind: ServiceAccount + - name: {{ template "cert-manager.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + kind: ServiceAccount {{- end -}} diff --git a/contrib/charts/cert-manager/templates/serviceaccount.yaml b/contrib/charts/cert-manager/templates/serviceaccount.yaml index b65d4c92a..34d2e11d6 100644 --- a/contrib/charts/cert-manager/templates/serviceaccount.yaml +++ b/contrib/charts/cert-manager/templates/serviceaccount.yaml @@ -1,9 +1,11 @@ +{{- if .Values.rbac.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- end -}} diff --git a/contrib/charts/cert-manager/values.yaml b/contrib/charts/cert-manager/values.yaml index c2ad895b2..a4f14abe8 100644 --- a/contrib/charts/cert-manager/values.yaml +++ b/contrib/charts/cert-manager/values.yaml @@ -6,12 +6,17 @@ replicaCount: 1 image: repository: quay.io/jetstack/cert-manager-controller tag: v0.2.3 - pullPolicy: Always + pullPolicy: IfNotPresent createCustomResource: true rbac: - enabled: true + create: true + serviceAccountName: default + +# Optional additional arguments +extraArgs: [] + # - --cluster-resource-namespace=ingress resources: requests: @@ -21,17 +26,24 @@ resources: # Optional additional arguments for cert-manager extraArgs: [] +nodeSelector: {} + ingressShim: enabled: true + # Optional additional arguments for ingress-shim extraArgs: [] + resources: requests: cpu: 10m memory: 32Mi + image: repository: quay.io/jetstack/cert-manager-ingress-shim + # Defaults to image.tag. # You should only change this if you know what you are doing! # tag: v0.2.3 - pullPolicy: Always + + pullPolicy: IfNotPresent