restructure source and templates to follow helm best-practices

2025-07-01 22:35:49 +02:00 · 2024-04-22 10:22:17 +02:00 · 2024-04-22 10:22:17 +02:00 · 8fe451631e
commit 8fe451631e
parent c1db14cfbf
26 changed files with 15 additions and 637 deletions
--- a/.gitignore
+++ b/.gitignore
@ -14,5 +14,5 @@
 # Ignore the built binary
 cert-manager-webhook-dnsimple

-# Ignore test binaries
-__test__/
+# Ignore kubebuilder test binaries
+_test/
--- a/6
+++ b/6
@ -5,14 +5,14 @@ RUN apk add --no-cache git
 WORKDIR /workspace
 ENV GO111MODULE=on

-COPY go.mod .
-COPY go.sum .
+COPY src/go.mod .
+COPY src/go.sum .

 RUN go mod download

 FROM build_deps AS build

-COPY . .
+COPY src .

 RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' .

--- a/29
+++ b/29
@ -1,21 +1,15 @@
 GO ?= $(shell which go)
 OS ?= $(shell $(GO) env GOOS)
 ARCH ?= $(shell $(GO) env GOARCH)
-
-IMAGE_NAME := "neoskop/cert-manager-webhook-dnsimple"
-IMAGE_TAG := "latest"
-
-OUT := $(shell pwd)/_out
-
 KUBE_VERSION=1.25.0

-$(shell mkdir -p "$(OUT)")
-export TEST_ASSET_ETCD=_test/kubebuilder/etcd
-export TEST_ASSET_KUBE_APISERVER=_test/kubebuilder/kube-apiserver
-export TEST_ASSET_KUBECTL=_test/kubebuilder/kubectl
+# required by go tests
+export TEST_ASSET_ETCD=../_test/kubebuilder/etcd
+export TEST_ASSET_KUBE_APISERVER=../_test/kubebuilder/kube-apiserver
+export TEST_ASSET_KUBECTL=../_test/kubebuilder/kubectl

 test: _test/kubebuilder
-	$(GO) test -v .
+	cd src && $(GO) test -v .

 _test/kubebuilder:
 	curl -fsSL https://go.kubebuilder.io/test-tools/$(KUBE_VERSION)/$(OS)/$(ARCH) -o kubebuilder-tools.tar.gz
@ -28,15 +22,4 @@ _test/kubebuilder:
 clean: clean-kubebuilder

 clean-kubebuilder:
-	rm -Rf _test/kubebuilder
-
-build:
-	docker build -t "$(IMAGE_NAME):$(IMAGE_TAG)" .
-
-.PHONY: rendered-manifest.yaml
-rendered-manifest.yaml:
-	helm template \
-	    --name dnsimple-webhook \
-        --set image.repository=$(IMAGE_NAME) \
-        --set image.tag=$(IMAGE_TAG) \
-        deploy/dnsimple-webhook > "$(OUT)/rendered-manifest.yaml"
+	rm -Rf _test
--- a/deploy/dnsimple/.helmignore
+++ b/deploy/dnsimple/.helmignore
@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
--- a/deploy/dnsimple/Chart.yaml
+++ b/deploy/dnsimple/Chart.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-appVersion: "0.1.2"
-description: cert-manager webhook solver for ACME DNS01 challenge via DNSimple
-name: cert-manager-webhook-dnsimple
-version: 0.1.2
-home: https://github.com/neoskop/cert-manager-webhook-dnsimple
-sources:
-  - https://github.com/neoskop/cert-manager-webhook-dnsimple
-maintainers:
-  - name: Arne Diekmann
-    email: diekmann@neoskop.de
-    url: https://www.neoskop.de
--- a/deploy/dnsimple/templates/NOTES.txt
+++ b/deploy/dnsimple/templates/NOTES.txt
--- a/deploy/dnsimple/templates/_helpers.tpl
+++ b/deploy/dnsimple/templates/_helpers.tpl
@ -1,52 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "dnsimple-webhook.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "dnsimple-webhook.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "dnsimple-webhook.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "dnsimple-webhook.selfSignedIssuer" -}}
-{{ printf "%s-selfsign" (include "dnsimple-webhook.fullname" .) }}
-{{- end -}}
-
-{{- define "dnsimple-webhook.rootCAIssuer" -}}
-{{ printf "%s-ca" (include "dnsimple-webhook.fullname" .) }}
-{{- end -}}
-
-{{- define "dnsimple-webhook.rootCACertificate" -}}
-{{ printf "%s-ca" (include "dnsimple-webhook.fullname" .) }}
-{{- end -}}
-
-{{- define "dnsimple-webhook.servingCertificate" -}}
-{{ printf "%s-webhook-tls" (include "dnsimple-webhook.fullname" .) }}
-{{- end -}}
-
-{{- define "dnsimple-webhook.tokenSecretName" -}}
-{{- default (include "dnsimple-webhook.fullname" .) (.Values.dnsimple.tokenSecretName) -}}
-{{- end -}}
--- a/deploy/dnsimple/templates/apiservice.yaml
+++ b/deploy/dnsimple/templates/apiservice.yaml
@ -1,20 +0,0 @@
-{{- $APIRegistrationAPIVersion := ternary "apiregistration.k8s.io/v1" "apiregistration.k8s.io/v1beta1" (.Capabilities.APIVersions.Has "apiregistration.k8s.io/v1") -}}
-apiVersion: {{ $APIRegistrationAPIVersion }}
-kind: APIService
-metadata:
-  name: v1alpha1.{{ .Values.groupName }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "dnsimple-webhook.servingCertificate" . }}"
-spec:
-  group: {{ .Values.groupName }}
-  groupPriorityMinimum: 1000
-  versionPriority: 15
-  service:
-    name: {{ include "dnsimple-webhook.fullname" . }}
-    namespace: {{ .Release.Namespace }}
-  version: v1alpha1
--- a/deploy/dnsimple/templates/deployment.yaml
+++ b/deploy/dnsimple/templates/deployment.yaml
@ -1,79 +0,0 @@
-{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: apps/v1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Deployment
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ include "dnsimple-webhook.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "dnsimple-webhook.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ include "dnsimple-webhook.fullname" . }}
-      {{- if .Values.image.pullSecret }}
-      imagePullSecrets:
-        - name: {{ .Values.image.pullSecret }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-            - --tls-cert-file=/tls/tls.crt
-            - --tls-private-key-file=/tls/tls.key
-{{- if .Values.logLevel }}
-            - --v={{ .Values.logLevel }}
-{{- end }}
-          env:
-            - name: GROUP_NAME
-              value: {{ .Values.groupName | quote }}
-          ports:
-            - name: https
-              containerPort: 443
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              scheme: HTTPS
-              path: /healthz
-              port: https
-          readinessProbe:
-            httpGet:
-              scheme: HTTPS
-              path: /healthz
-              port: https
-          volumeMounts:
-            - name: certs
-              mountPath: /tls
-              readOnly: true
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-      volumes:
-        - name: certs
-          secret:
-            secretName: {{ include "dnsimple-webhook.servingCertificate" . }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
--- a/deploy/dnsimple/templates/pki.yaml
+++ b/deploy/dnsimple/templates/pki.yaml
@ -1,77 +0,0 @@
-{{- $CertManagerAPIVersion := ternary "cert-manager.io/v1" "cert-manager.io/v1alpha2" (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}}
---
-# Create a selfsigned Issuer, in order to create a root CA certificate for
-# signing webhook serving certificates
-apiVersion: {{ $CertManagerAPIVersion }}
-kind: Issuer
-metadata:
-  name: {{ include "dnsimple-webhook.selfSignedIssuer" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  selfSigned: {}
-
---
-
-# Generate a CA Certificate used to sign certificates for the webhook
-apiVersion: {{ $CertManagerAPIVersion }}
-kind: Certificate
-metadata:
-  name: {{ include "dnsimple-webhook.rootCACertificate" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  secretName: {{ include "dnsimple-webhook.rootCACertificate" . }}
-  duration: 43800h0m0s # 5y
-  issuerRef:
-    name: {{ include "dnsimple-webhook.selfSignedIssuer" . }}
-  commonName: "ca.dnsimple-webhook.cert-manager"
-  isCA: true
-
---
-
-# Create an Issuer that uses the above generated CA certificate to issue certs
-apiVersion: {{ $CertManagerAPIVersion }}
-kind: Issuer
-metadata:
-  name: {{ include "dnsimple-webhook.rootCAIssuer" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  ca:
-    secretName: {{ include "dnsimple-webhook.rootCACertificate" . }}
-
---
-
-# Finally, generate a serving certificate for the webhook to use
-apiVersion: {{ $CertManagerAPIVersion }}
-kind: Certificate
-metadata:
-  name: {{ include "dnsimple-webhook.servingCertificate" . }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  secretName: {{ include "dnsimple-webhook.servingCertificate" . }}
-  duration: 8760h0m0s # 1y
-  issuerRef:
-    name: {{ include "dnsimple-webhook.rootCAIssuer" . }}
-  dnsNames:
-  - {{ include "dnsimple-webhook.fullname" . }}
-  - {{ include "dnsimple-webhook.fullname" . }}.{{ .Release.Namespace }}
-  - {{ include "dnsimple-webhook.fullname" . }}.{{ .Release.Namespace }}.svc
--- a/deploy/dnsimple/templates/production.cluster-issuer.yaml
+++ b/deploy/dnsimple/templates/production.cluster-issuer.yaml
@ -1,27 +0,0 @@
-{{- if .Values.clusterIssuer.production.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}-production
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  acme:
-    email: {{ .Values.clusterIssuer.email }}
-    privateKeySecretRef:
-      name: {{ include "dnsimple-webhook.fullname" . }}-production
-    server: https://acme-v02.api.letsencrypt.org/directory
-    solvers:
-    - dns01:
-        webhook:
-          config:
-            tokenSecretRef:
-              key: token
-              name: {{ include "dnsimple-webhook.tokenSecretName" . }}
-            accountID: {{ .Values.dnsimple.accountID | quote }}
-          groupName: {{ .Values.groupName }}
-          solverName: dnsimple
-{{- end -}}
--- a/deploy/dnsimple/templates/rbac.yaml
+++ b/deploy/dnsimple/templates/rbac.yaml
@ -1,91 +0,0 @@
-{{- $RBACAPIVersion := ternary "rbac.authorization.k8s.io/v1" "rbac.authorization.k8s.io/v1beta1" (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
---
-# Grant the webhook permission to read the ConfigMap containing the Kubernetes
-# apiserver's requestheader-ca-certificate.
-# This ConfigMap is automatically created by the Kubernetes apiserver.
-apiVersion: {{ $RBACAPIVersion }}
-kind: RoleBinding
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}:webhook-authentication-reader
-  namespace: kube-system
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-  - apiGroup: ""
-    kind: ServiceAccount
-    name: {{ include "dnsimple-webhook.fullname" . }}
-    namespace: {{ .Release.Namespace }}
---
-# apiserver gets the auth-delegator role to delegate auth decisions to
-# the core apiserver
-apiVersion: {{ $RBACAPIVersion }}
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}:auth-delegator
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
-  - apiGroup: ""
-    kind: ServiceAccount
-    name: {{ include "dnsimple-webhook.fullname" . }}
-    namespace: {{ .Release.Namespace }}
---
-# Grant cert-manager permission to validate using our apiserver
-apiVersion: {{ $RBACAPIVersion }}
-kind: ClusterRole
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-rules:
-  - apiGroups:
-      - {{ .Values.groupName }}
-    resources:
-      - '*'
-    verbs:
-      - 'create'
---
-apiVersion: {{ $RBACAPIVersion }}
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver
-subjects:
-  - apiGroup: ""
-    kind: ServiceAccount
-    name: {{ .Values.certManager.serviceAccountName }}
-    namespace: {{ .Values.certManager.namespace }}
--- a/deploy/dnsimple/templates/secret.yaml
+++ b/deploy/dnsimple/templates/secret.yaml
@ -1,48 +0,0 @@
-{{- if not .Values.dnsimple.existingTokenSecret -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "dnsimple-webhook.tokenSecretName" . }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  token: {{ .Values.dnsimple.token | b64enc }}
-{{- end }}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-rules:
- apiGroups: [""] # indicates the core API group
-  resources: ["secrets"]
-  resourceNames: ["{{ include "dnsimple-webhook.tokenSecretName" . }}"]
-  verbs: ["get", "watch"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-subjects:
- - apiGroup: ""
-   kind: ServiceAccount
-   name: {{ include "dnsimple-webhook.fullname" . }}
-   namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: Role
-  name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader
-  apiGroup: rbac.authorization.k8s.io
--- a/deploy/dnsimple/templates/service.yaml
+++ b/deploy/dnsimple/templates/service.yaml
@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: https
-      protocol: TCP
-      name: https
-  selector:
-    app: {{ include "dnsimple-webhook.name" . }}
-    release: {{ .Release.Name }}
--- a/deploy/dnsimple/templates/staging.cluster-issuer.yaml
+++ b/deploy/dnsimple/templates/staging.cluster-issuer.yaml
@ -1,27 +0,0 @@
-{{- if .Values.clusterIssuer.staging.enabled -}}
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}-staging
-  labels:
-    app: {{ include "dnsimple-webhook.name" . }}
-    chart: {{ include "dnsimple-webhook.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  acme:
-    email: {{ .Values.clusterIssuer.email }}
-    privateKeySecretRef:
-      name: {{ include "dnsimple-webhook.fullname" . }}-staging
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    solvers:
-    - dns01:
-        webhook:
-          config:
-            tokenSecretRef:
-              key: token
-              name: {{ include "dnsimple-webhook.tokenSecretName" . }}
-            accountID: {{ .Values.dnsimple.accountID | quote }}
-          groupName: {{ .Values.groupName }}
-          solverName: dnsimple
-{{- end -}}
--- a/deploy/dnsimple/values.yaml
+++ b/deploy/dnsimple/values.yaml
@ -1,49 +0,0 @@
-# The GroupName here is used to identify your company or business unit that
-# created this webhook.
-# For example, this may be "acme.mycompany.com".
-# This name will need to be referenced in each Issuer's `webhook` stanza to
-# inform cert-manager of where to send ChallengePayload resources in order to
-# solve the DNS01 challenge.
-# This group name should be **unique**, hence using your own company's domain
-# here is recommended.
-groupName: acme.neoskop.de
-certManager:
-  namespace: cert-manager
-  serviceAccountName: cert-manager
-# logLevel: 3
-dnsimple:
-  token: ""
-  # accountID:
-  # existingTokenSecret: false
-  # tokenSecretName:
-clusterIssuer:
-  email: name@example.com
-  staging:
-    enabled: false
-  production:
-    enabled: false
-image:
-  repository: neoskop/cert-manager-webhook-dnsimple
-  tag: 0.1.2
-  pullPolicy: IfNotPresent
-  # pullSecret: "gcr"
-nameOverride: ""
-fullnameOverride: ""
-service:
-  type: ClusterIP
-  port: 443
-resources: {}
-# We usually recommend not to specify default resources and to leave this as a conscious
-# choice for the user. This also increases chances charts run on environments with little
-# resources, such as Minikube. If you do want to specify resources, uncomment the following
-# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-# limits:
-#  cpu: 100m
-#  memory: 128Mi
-# requests:
-#  cpu: 100m
-#  memory: 128Mi
-
-nodeSelector: {}
-tolerations: []
-affinity: {}
--- a/scripts/fetch-test-binaries.sh
+++ b/scripts/fetch-test-binaries.sh
@ -1 +0,0 @@
-#!/usr/bin/env bash
--- a/scripts/release.sh
+++ b/scripts/release.sh
@ -1,84 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-check_commands() {
-  for command in $@; do
-    if ! command -v $command >/dev/null; then
-      echo -e "Install \033[1m$command\033[0m"
-      exit 1
-    fi
-  done
-}
-
-inc_version() {
-  version=$1
-  version_array=(${version//./ })
-
-  if [ $2 = "major" ]; then
-    ((version_array[0]++))
-    version_array[1]=0
-    version_array[2]=0
-  fi
-
-  if [ $2 = "minor" ]; then
-    ((version_array[1]++))
-    version_array[2]=0
-  fi
-
-  if [ $2 = "patch" ]; then
-    ((version_array[2]++))
-  fi
-
-  echo "${version_array[0]}.${version_array[1]}.${version_array[2]}"
-}
-
-check_commands git yq cr
-
-if [[ "$#" != "1" ]] || [[ ! "$1" =~ ^(patch|minor|major)$ ]]; then
-  echo -e "Usage: $0 \033[1mpatch|minor|major\033[0m"
-  exit 1
-fi
-
-if [[ $(git status --porcelain) ]]; then
-  echo -e "The repository has changes. Commit first...\033[0;31mAborting!\033[0m"
-  exit 1
-fi
-
-SCRIPT_DIR=$(
-  cd "$(dirname "$0")" >/dev/null 2>&1
-  pwd -P
-)
-
-git pull --rebase
-current_version=$(yq e .version $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml)
-version=$(inc_version $current_version $1)
-cd $SCRIPT_DIR/..
-docker build -t neoskop/cert-manager-webhook-dnsimple:$version .
-docker push neoskop/cert-manager-webhook-dnsimple:$version
-cd - &>/dev/null
-sed -i "s/appVersion: .*/appVersion: \"$version\"/" $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml
-sed -i "s/version: .*/version: $version/" $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml
-
-yq e ".version=\"$version\"" -i  $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml
-yq e ".appVersion=\"$version\"" -i  $SCRIPT_DIR/../deploy/dnsimple/Chart.yaml
-yq e ".image.tag=\"$version\"" -i  $SCRIPT_DIR/../deploy/dnsimple/values.yaml
-git add .
-git commit -m "chore: Bump version to ${version}."
-git push
-
-helm package deploy/dnsimple --destination .deploy
-cr upload -o neoskop -r cert-manager-webhook-dnsimple -p .deploy
-git checkout gh-pages
-cr index -i ./index.yaml -p .deploy -o neoskop -r cert-manager-webhook-dnsimple -c https://neoskop.github.io/cert-manager-webhook-dnsimple/
-git add index.yaml
-git commit -m "chore: Bump version to ${version}."
-git push
-git checkout master
-rm -rf .deploy/
-
-HELM_CHARTS_DIR=../neoskop-helm-charts
-[ -d $HELM_CHARTS_DIR ] || git clone git@github.com:neoskop/helm-charts.git $HELM_CHARTS_DIR
-cd $HELM_CHARTS_DIR
-./update-index.sh
-cd - &>/dev/null
--- a/src/go.mod
+++ b/src/go.mod
--- a/src/go.sum
+++ b/src/go.sum
--- a/src/main.go
+++ b/src/main.go
--- a/src/main_test.go
+++ b/src/main_test.go
@ -9,6 +9,7 @@ import (

 var (
 	zone         = os.Getenv("TEST_ZONE_NAME")
+	testdata_dir = "../testdata"
 )

 func TestRunsSuite(t *testing.T) {
@ -19,7 +20,8 @@ func TestRunsSuite(t *testing.T) {
 	fixture := dns.NewFixture(&dnsimpleDNSProviderSolver{},
 		dns.SetResolvedZone(zone),
 		dns.SetAllowAmbientCredentials(false),
-		dns.SetManifestPath("testdata/dnsimple"),
+		dns.SetManifestPath(testdata_dir),
+		dns.SetDNSName("puzzle.beer"),
 	)

 	fixture.RunConformance(t)
--- a/testdata/dnsimple/.gitignore
+++ b/testdata/dnsimple/.gitignore
--- a/testdata/dnsimple/README.md
+++ b/testdata/dnsimple/README.md
--- a/testdata/dnsimple/config.json
+++ b/testdata/dnsimple/config.json
--- a/testdata/dnsimple/dnsimple-token.yaml.example
+++ b/testdata/dnsimple/dnsimple-token.yaml.example