From 8fe451631eb5e02dbc56285f72842d6052535575 Mon Sep 17 00:00:00 2001 From: Remy Moll Date: Mon, 22 Apr 2024 10:22:17 +0200 Subject: [PATCH] restructure source and templates to follow helm best-practices --- .gitignore | 4 +- Dockerfile | 6 +- Makefile | 29 ++---- deploy/dnsimple/.helmignore | 21 ----- deploy/dnsimple/Chart.yaml | 12 --- deploy/dnsimple/templates/NOTES.txt | 0 deploy/dnsimple/templates/_helpers.tpl | 52 ----------- deploy/dnsimple/templates/apiservice.yaml | 20 ---- deploy/dnsimple/templates/deployment.yaml | 79 ---------------- deploy/dnsimple/templates/pki.yaml | 77 ---------------- .../templates/production.cluster-issuer.yaml | 27 ------ deploy/dnsimple/templates/rbac.yaml | 91 ------------------- deploy/dnsimple/templates/secret.yaml | 48 ---------- deploy/dnsimple/templates/service.yaml | 19 ---- .../templates/staging.cluster-issuer.yaml | 27 ------ deploy/dnsimple/values.yaml | 49 ---------- scripts/fetch-test-binaries.sh | 1 - scripts/release.sh | 84 ----------------- go.mod => src/go.mod | 0 go.sum => src/go.sum | 0 main.go => src/main.go | 0 main_test.go => src/main_test.go | 6 +- testdata/{dnsimple => }/.gitignore | 0 testdata/{dnsimple => }/README.md | 0 testdata/{dnsimple => }/config.json | 0 .../dnsimple-token.yaml.example | 0 26 files changed, 15 insertions(+), 637 deletions(-) delete mode 100644 deploy/dnsimple/.helmignore delete mode 100644 deploy/dnsimple/Chart.yaml delete mode 100644 deploy/dnsimple/templates/NOTES.txt delete mode 100644 deploy/dnsimple/templates/_helpers.tpl delete mode 100644 deploy/dnsimple/templates/apiservice.yaml delete mode 100644 deploy/dnsimple/templates/deployment.yaml delete mode 100644 deploy/dnsimple/templates/pki.yaml delete mode 100644 deploy/dnsimple/templates/production.cluster-issuer.yaml delete mode 100644 deploy/dnsimple/templates/rbac.yaml delete mode 100644 deploy/dnsimple/templates/secret.yaml delete mode 100644 deploy/dnsimple/templates/service.yaml delete mode 100644 deploy/dnsimple/templates/staging.cluster-issuer.yaml delete mode 100644 deploy/dnsimple/values.yaml delete mode 100755 scripts/fetch-test-binaries.sh delete mode 100755 scripts/release.sh rename go.mod => src/go.mod (100%) rename go.sum => src/go.sum (100%) rename main.go => src/main.go (100%) rename main_test.go => src/main_test.go (77%) rename testdata/{dnsimple => }/.gitignore (100%) rename testdata/{dnsimple => }/README.md (100%) rename testdata/{dnsimple => }/config.json (100%) rename testdata/{dnsimple => }/dnsimple-token.yaml.example (100%) diff --git a/.gitignore b/.gitignore index b4dd842..701b062 100644 --- a/.gitignore +++ b/.gitignore @@ -14,5 +14,5 @@ # Ignore the built binary cert-manager-webhook-dnsimple -# Ignore test binaries -__test__/ +# Ignore kubebuilder test binaries +_test/ diff --git a/Dockerfile b/Dockerfile index acb1f02..4ca3d04 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,14 +5,14 @@ RUN apk add --no-cache git WORKDIR /workspace ENV GO111MODULE=on -COPY go.mod . -COPY go.sum . +COPY src/go.mod . +COPY src/go.sum . RUN go mod download FROM build_deps AS build -COPY . . +COPY src . RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' . diff --git a/Makefile b/Makefile index 86e03c2..1c05642 100644 --- a/Makefile +++ b/Makefile @@ -1,21 +1,15 @@ GO ?= $(shell which go) OS ?= $(shell $(GO) env GOOS) ARCH ?= $(shell $(GO) env GOARCH) - -IMAGE_NAME := "neoskop/cert-manager-webhook-dnsimple" -IMAGE_TAG := "latest" - -OUT := $(shell pwd)/_out - KUBE_VERSION=1.25.0 -$(shell mkdir -p "$(OUT)") -export TEST_ASSET_ETCD=_test/kubebuilder/etcd -export TEST_ASSET_KUBE_APISERVER=_test/kubebuilder/kube-apiserver -export TEST_ASSET_KUBECTL=_test/kubebuilder/kubectl +# required by go tests +export TEST_ASSET_ETCD=../_test/kubebuilder/etcd +export TEST_ASSET_KUBE_APISERVER=../_test/kubebuilder/kube-apiserver +export TEST_ASSET_KUBECTL=../_test/kubebuilder/kubectl test: _test/kubebuilder - $(GO) test -v . + cd src && $(GO) test -v . _test/kubebuilder: curl -fsSL https://go.kubebuilder.io/test-tools/$(KUBE_VERSION)/$(OS)/$(ARCH) -o kubebuilder-tools.tar.gz @@ -28,15 +22,4 @@ _test/kubebuilder: clean: clean-kubebuilder clean-kubebuilder: - rm -Rf _test/kubebuilder - -build: - docker build -t "$(IMAGE_NAME):$(IMAGE_TAG)" . - -.PHONY: rendered-manifest.yaml -rendered-manifest.yaml: - helm template \ - --name dnsimple-webhook \ - --set image.repository=$(IMAGE_NAME) \ - --set image.tag=$(IMAGE_TAG) \ - deploy/dnsimple-webhook > "$(OUT)/rendered-manifest.yaml" \ No newline at end of file + rm -Rf _test diff --git a/deploy/dnsimple/.helmignore b/deploy/dnsimple/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/deploy/dnsimple/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/deploy/dnsimple/Chart.yaml b/deploy/dnsimple/Chart.yaml deleted file mode 100644 index d1679e5..0000000 --- a/deploy/dnsimple/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -appVersion: "0.1.2" -description: cert-manager webhook solver for ACME DNS01 challenge via DNSimple -name: cert-manager-webhook-dnsimple -version: 0.1.2 -home: https://github.com/neoskop/cert-manager-webhook-dnsimple -sources: - - https://github.com/neoskop/cert-manager-webhook-dnsimple -maintainers: - - name: Arne Diekmann - email: diekmann@neoskop.de - url: https://www.neoskop.de diff --git a/deploy/dnsimple/templates/NOTES.txt b/deploy/dnsimple/templates/NOTES.txt deleted file mode 100644 index e69de29..0000000 diff --git a/deploy/dnsimple/templates/_helpers.tpl b/deploy/dnsimple/templates/_helpers.tpl deleted file mode 100644 index 81058bb..0000000 --- a/deploy/dnsimple/templates/_helpers.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "dnsimple-webhook.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "dnsimple-webhook.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "dnsimple-webhook.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- define "dnsimple-webhook.selfSignedIssuer" -}} -{{ printf "%s-selfsign" (include "dnsimple-webhook.fullname" .) }} -{{- end -}} - -{{- define "dnsimple-webhook.rootCAIssuer" -}} -{{ printf "%s-ca" (include "dnsimple-webhook.fullname" .) }} -{{- end -}} - -{{- define "dnsimple-webhook.rootCACertificate" -}} -{{ printf "%s-ca" (include "dnsimple-webhook.fullname" .) }} -{{- end -}} - -{{- define "dnsimple-webhook.servingCertificate" -}} -{{ printf "%s-webhook-tls" (include "dnsimple-webhook.fullname" .) }} -{{- end -}} - -{{- define "dnsimple-webhook.tokenSecretName" -}} -{{- default (include "dnsimple-webhook.fullname" .) (.Values.dnsimple.tokenSecretName) -}} -{{- end -}} diff --git a/deploy/dnsimple/templates/apiservice.yaml b/deploy/dnsimple/templates/apiservice.yaml deleted file mode 100644 index 2e39b75..0000000 --- a/deploy/dnsimple/templates/apiservice.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- $APIRegistrationAPIVersion := ternary "apiregistration.k8s.io/v1" "apiregistration.k8s.io/v1beta1" (.Capabilities.APIVersions.Has "apiregistration.k8s.io/v1") -}} -apiVersion: {{ $APIRegistrationAPIVersion }} -kind: APIService -metadata: - name: v1alpha1.{{ .Values.groupName }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "dnsimple-webhook.servingCertificate" . }}" -spec: - group: {{ .Values.groupName }} - groupPriorityMinimum: 1000 - versionPriority: 15 - service: - name: {{ include "dnsimple-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} - version: v1alpha1 diff --git a/deploy/dnsimple/templates/deployment.yaml b/deploy/dnsimple/templates/deployment.yaml deleted file mode 100644 index 1414f88..0000000 --- a/deploy/dnsimple/templates/deployment.yaml +++ /dev/null @@ -1,79 +0,0 @@ -{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: apps/v1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Deployment -metadata: - name: {{ include "dnsimple-webhook.fullname" . }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "dnsimple-webhook.name" . }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ include "dnsimple-webhook.name" . }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ include "dnsimple-webhook.fullname" . }} - {{- if .Values.image.pullSecret }} - imagePullSecrets: - - name: {{ .Values.image.pullSecret }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - --tls-cert-file=/tls/tls.crt - - --tls-private-key-file=/tls/tls.key -{{- if .Values.logLevel }} - - --v={{ .Values.logLevel }} -{{- end }} - env: - - name: GROUP_NAME - value: {{ .Values.groupName | quote }} - ports: - - name: https - containerPort: 443 - protocol: TCP - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: https - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: https - volumeMounts: - - name: certs - mountPath: /tls - readOnly: true - resources: -{{ toYaml .Values.resources | indent 12 }} - volumes: - - name: certs - secret: - secretName: {{ include "dnsimple-webhook.servingCertificate" . }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} diff --git a/deploy/dnsimple/templates/pki.yaml b/deploy/dnsimple/templates/pki.yaml deleted file mode 100644 index fae08fd..0000000 --- a/deploy/dnsimple/templates/pki.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- $CertManagerAPIVersion := ternary "cert-manager.io/v1" "cert-manager.io/v1alpha2" (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}} ---- -# Create a selfsigned Issuer, in order to create a root CA certificate for -# signing webhook serving certificates -apiVersion: {{ $CertManagerAPIVersion }} -kind: Issuer -metadata: - name: {{ include "dnsimple-webhook.selfSignedIssuer" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selfSigned: {} - ---- - -# Generate a CA Certificate used to sign certificates for the webhook -apiVersion: {{ $CertManagerAPIVersion }} -kind: Certificate -metadata: - name: {{ include "dnsimple-webhook.rootCACertificate" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - secretName: {{ include "dnsimple-webhook.rootCACertificate" . }} - duration: 43800h0m0s # 5y - issuerRef: - name: {{ include "dnsimple-webhook.selfSignedIssuer" . }} - commonName: "ca.dnsimple-webhook.cert-manager" - isCA: true - ---- - -# Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: {{ $CertManagerAPIVersion }} -kind: Issuer -metadata: - name: {{ include "dnsimple-webhook.rootCAIssuer" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ca: - secretName: {{ include "dnsimple-webhook.rootCACertificate" . }} - ---- - -# Finally, generate a serving certificate for the webhook to use -apiVersion: {{ $CertManagerAPIVersion }} -kind: Certificate -metadata: - name: {{ include "dnsimple-webhook.servingCertificate" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - secretName: {{ include "dnsimple-webhook.servingCertificate" . }} - duration: 8760h0m0s # 1y - issuerRef: - name: {{ include "dnsimple-webhook.rootCAIssuer" . }} - dnsNames: - - {{ include "dnsimple-webhook.fullname" . }} - - {{ include "dnsimple-webhook.fullname" . }}.{{ .Release.Namespace }} - - {{ include "dnsimple-webhook.fullname" . }}.{{ .Release.Namespace }}.svc diff --git a/deploy/dnsimple/templates/production.cluster-issuer.yaml b/deploy/dnsimple/templates/production.cluster-issuer.yaml deleted file mode 100644 index 880b592..0000000 --- a/deploy/dnsimple/templates/production.cluster-issuer.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.clusterIssuer.production.enabled -}} -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}-production - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - acme: - email: {{ .Values.clusterIssuer.email }} - privateKeySecretRef: - name: {{ include "dnsimple-webhook.fullname" . }}-production - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - dns01: - webhook: - config: - tokenSecretRef: - key: token - name: {{ include "dnsimple-webhook.tokenSecretName" . }} - accountID: {{ .Values.dnsimple.accountID | quote }} - groupName: {{ .Values.groupName }} - solverName: dnsimple -{{- end -}} diff --git a/deploy/dnsimple/templates/rbac.yaml b/deploy/dnsimple/templates/rbac.yaml deleted file mode 100644 index 0dc20c4..0000000 --- a/deploy/dnsimple/templates/rbac.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- $RBACAPIVersion := ternary "rbac.authorization.k8s.io/v1" "rbac.authorization.k8s.io/v1beta1" (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "dnsimple-webhook.fullname" . }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} ---- -# Grant the webhook permission to read the ConfigMap containing the Kubernetes -# apiserver's requestheader-ca-certificate. -# This ConfigMap is automatically created by the Kubernetes apiserver. -apiVersion: {{ $RBACAPIVersion }} -kind: RoleBinding -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}:webhook-authentication-reader - namespace: kube-system - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - apiGroup: "" - kind: ServiceAccount - name: {{ include "dnsimple-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -# apiserver gets the auth-delegator role to delegate auth decisions to -# the core apiserver -apiVersion: {{ $RBACAPIVersion }} -kind: ClusterRoleBinding -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}:auth-delegator - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - apiGroup: "" - kind: ServiceAccount - name: {{ include "dnsimple-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -# Grant cert-manager permission to validate using our apiserver -apiVersion: {{ $RBACAPIVersion }} -kind: ClusterRole -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: - - apiGroups: - - {{ .Values.groupName }} - resources: - - '*' - verbs: - - 'create' ---- -apiVersion: {{ $RBACAPIVersion }} -kind: ClusterRoleBinding -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver -subjects: - - apiGroup: "" - kind: ServiceAccount - name: {{ .Values.certManager.serviceAccountName }} - namespace: {{ .Values.certManager.namespace }} diff --git a/deploy/dnsimple/templates/secret.yaml b/deploy/dnsimple/templates/secret.yaml deleted file mode 100644 index 64fb5bd..0000000 --- a/deploy/dnsimple/templates/secret.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if not .Values.dnsimple.existingTokenSecret -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "dnsimple-webhook.tokenSecretName" . }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - token: {{ .Values.dnsimple.token | b64enc }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: [""] # indicates the core API group - resources: ["secrets"] - resourceNames: ["{{ include "dnsimple-webhook.tokenSecretName" . }}"] - verbs: ["get", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -subjects: - - apiGroup: "" - kind: ServiceAccount - name: {{ include "dnsimple-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/deploy/dnsimple/templates/service.yaml b/deploy/dnsimple/templates/service.yaml deleted file mode 100644 index ed4e0c5..0000000 --- a/deploy/dnsimple/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "dnsimple-webhook.fullname" . }} - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: https - protocol: TCP - name: https - selector: - app: {{ include "dnsimple-webhook.name" . }} - release: {{ .Release.Name }} diff --git a/deploy/dnsimple/templates/staging.cluster-issuer.yaml b/deploy/dnsimple/templates/staging.cluster-issuer.yaml deleted file mode 100644 index 73c0973..0000000 --- a/deploy/dnsimple/templates/staging.cluster-issuer.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.clusterIssuer.staging.enabled -}} -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: {{ include "dnsimple-webhook.fullname" . }}-staging - labels: - app: {{ include "dnsimple-webhook.name" . }} - chart: {{ include "dnsimple-webhook.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - acme: - email: {{ .Values.clusterIssuer.email }} - privateKeySecretRef: - name: {{ include "dnsimple-webhook.fullname" . }}-staging - server: https://acme-staging-v02.api.letsencrypt.org/directory - solvers: - - dns01: - webhook: - config: - tokenSecretRef: - key: token - name: {{ include "dnsimple-webhook.tokenSecretName" . }} - accountID: {{ .Values.dnsimple.accountID | quote }} - groupName: {{ .Values.groupName }} - solverName: dnsimple -{{- end -}} diff --git a/deploy/dnsimple/values.yaml b/deploy/dnsimple/values.yaml deleted file mode 100644 index c9fee27..0000000 --- a/deploy/dnsimple/values.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# The GroupName here is used to identify your company or business unit that -# created this webhook. -# For example, this may be "acme.mycompany.com". -# This name will need to be referenced in each Issuer's `webhook` stanza to -# inform cert-manager of where to send ChallengePayload resources in order to -# solve the DNS01 challenge. -# This group name should be **unique**, hence using your own company's domain -# here is recommended. -groupName: acme.neoskop.de -certManager: - namespace: cert-manager - serviceAccountName: cert-manager -# logLevel: 3 -dnsimple: - token: "" - # accountID: - # existingTokenSecret: false - # tokenSecretName: -clusterIssuer: - email: name@example.com - staging: - enabled: false - production: - enabled: false -image: - repository: neoskop/cert-manager-webhook-dnsimple - tag: 0.1.2 - pullPolicy: IfNotPresent - # pullSecret: "gcr" -nameOverride: "" -fullnameOverride: "" -service: - type: ClusterIP - port: 443 -resources: {} -# We usually recommend not to specify default resources and to leave this as a conscious -# choice for the user. This also increases chances charts run on environments with little -# resources, such as Minikube. If you do want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -nodeSelector: {} -tolerations: [] -affinity: {} diff --git a/scripts/fetch-test-binaries.sh b/scripts/fetch-test-binaries.sh deleted file mode 100755 index f1f641a..0000000 --- a/scripts/fetch-test-binaries.sh +++ /dev/null @@ -1 +0,0 @@ -#!/usr/bin/env bash diff --git a/scripts/release.sh b/scripts/release.sh deleted file mode 100755 index 3341e41..0000000 --- a/scripts/release.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/env bash - -set -e - -check_commands() { - for command in $@; do - if ! command -v $command >/dev/null; then - echo -e "Install \033[1m$command\033[0m" - exit 1 - fi - done -} - -inc_version() { - version=$1 - version_array=(${version//./ }) - - if [ $2 = "major" ]; then - ((version_array[0]++)) - version_array[1]=0 - version_array[2]=0 - fi - - if [ $2 = "minor" ]; then - ((version_array[1]++)) - version_array[2]=0 - fi - - if [ $2 = "patch" ]; then - ((version_array[2]++)) - fi - - echo "${version_array[0]}.${version_array[1]}.${version_array[2]}" -} - -check_commands git yq cr - -if [[ "$#" != "1" ]] || [[ ! "$1" =~ ^(patch|minor|major)$ ]]; then - echo -e "Usage: $0 \033[1mpatch|minor|major\033[0m" - exit 1 -fi - -if [[ $(git status --porcelain) ]]; then - echo -e "The repository has changes. Commit first...\033[0;31mAborting!\033[0m" - exit 1 -fi - -SCRIPT_DIR=$( - cd "$(dirname "$0")" >/dev/null 2>&1 - pwd -P -) - -git pull --rebase -current_version=$(yq e .version $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml) -version=$(inc_version $current_version $1) -cd $SCRIPT_DIR/.. -docker build -t neoskop/cert-manager-webhook-dnsimple:$version . -docker push neoskop/cert-manager-webhook-dnsimple:$version -cd - &>/dev/null -sed -i "s/appVersion: .*/appVersion: \"$version\"/" $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml -sed -i "s/version: .*/version: $version/" $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml - -yq e ".version=\"$version\"" -i $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml -yq e ".appVersion=\"$version\"" -i $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml -yq e ".image.tag=\"$version\"" -i $SCRIPT_DIR/../deploy/dnsimple/values.yaml -git add . -git commit -m "chore: Bump version to ${version}." -git push - -helm package deploy/dnsimple --destination .deploy -cr upload -o neoskop -r cert-manager-webhook-dnsimple -p .deploy -git checkout gh-pages -cr index -i ./index.yaml -p .deploy -o neoskop -r cert-manager-webhook-dnsimple -c https://neoskop.github.io/cert-manager-webhook-dnsimple/ -git add index.yaml -git commit -m "chore: Bump version to ${version}." -git push -git checkout master -rm -rf .deploy/ - -HELM_CHARTS_DIR=../neoskop-helm-charts -[ -d $HELM_CHARTS_DIR ] || git clone git@github.com:neoskop/helm-charts.git $HELM_CHARTS_DIR -cd $HELM_CHARTS_DIR -./update-index.sh -cd - &>/dev/null \ No newline at end of file diff --git a/go.mod b/src/go.mod similarity index 100% rename from go.mod rename to src/go.mod diff --git a/go.sum b/src/go.sum similarity index 100% rename from go.sum rename to src/go.sum diff --git a/main.go b/src/main.go similarity index 100% rename from main.go rename to src/main.go diff --git a/main_test.go b/src/main_test.go similarity index 77% rename from main_test.go rename to src/main_test.go index a860ac2..2786097 100644 --- a/main_test.go +++ b/src/main_test.go @@ -8,7 +8,8 @@ import ( ) var ( - zone = os.Getenv("TEST_ZONE_NAME") + zone = os.Getenv("TEST_ZONE_NAME") + testdata_dir = "../testdata" ) func TestRunsSuite(t *testing.T) { @@ -19,7 +20,8 @@ func TestRunsSuite(t *testing.T) { fixture := dns.NewFixture(&dnsimpleDNSProviderSolver{}, dns.SetResolvedZone(zone), dns.SetAllowAmbientCredentials(false), - dns.SetManifestPath("testdata/dnsimple"), + dns.SetManifestPath(testdata_dir), + dns.SetDNSName("puzzle.beer"), ) fixture.RunConformance(t) diff --git a/testdata/dnsimple/.gitignore b/testdata/.gitignore similarity index 100% rename from testdata/dnsimple/.gitignore rename to testdata/.gitignore diff --git a/testdata/dnsimple/README.md b/testdata/README.md similarity index 100% rename from testdata/dnsimple/README.md rename to testdata/README.md diff --git a/testdata/dnsimple/config.json b/testdata/config.json similarity index 100% rename from testdata/dnsimple/config.json rename to testdata/config.json diff --git a/testdata/dnsimple/dnsimple-token.yaml.example b/testdata/dnsimple-token.yaml.example similarity index 100% rename from testdata/dnsimple/dnsimple-token.yaml.example rename to testdata/dnsimple-token.yaml.example