diff --git a/deploy/example-webhook/.helmignore b/deploy/dnsimple/.helmignore similarity index 100% rename from deploy/example-webhook/.helmignore rename to deploy/dnsimple/.helmignore diff --git a/deploy/dnsimple/Chart.yaml b/deploy/dnsimple/Chart.yaml new file mode 100644 index 0000000..e304f3a --- /dev/null +++ b/deploy/dnsimple/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +appVersion: "0.0.1" +description: cert-manager webhook solver for ACME DNS01 challenge via DNSimple +name: cert-manager-webhook-dnsimple +version: 0.1.1 +home: https://github.com/jahanson/cert-manager-webhook-dnsimple +sources: + - https://github.com/jahanson/cert-manager-webhook-dnsimple +maintainers: + - name: Arne Diekmann + email: diekmann@neoskop.de + url: https://www.neoskop.de \ No newline at end of file diff --git a/deploy/example-webhook/templates/NOTES.txt b/deploy/dnsimple/templates/NOTES.txt similarity index 100% rename from deploy/example-webhook/templates/NOTES.txt rename to deploy/dnsimple/templates/NOTES.txt diff --git a/deploy/example-webhook/templates/_helpers.tpl b/deploy/dnsimple/templates/_helpers.tpl similarity index 57% rename from deploy/example-webhook/templates/_helpers.tpl rename to deploy/dnsimple/templates/_helpers.tpl index d3c474b..6b0b386 100644 --- a/deploy/example-webhook/templates/_helpers.tpl +++ b/deploy/dnsimple/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "example-webhook.name" -}} +{{- define "dnsimple-webhook.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "example-webhook.fullname" -}} +{{- define "dnsimple-webhook.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,22 +27,26 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "example-webhook.chart" -}} +{{- define "dnsimple-webhook.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "example-webhook.selfSignedIssuer" -}} -{{ printf "%s-selfsign" (include "example-webhook.fullname" .) }} +{{- define "dnsimple-webhook.selfSignedIssuer" -}} +{{ printf "%s-selfsign" (include "dnsimple-webhook.fullname" .) }} {{- end -}} -{{- define "example-webhook.rootCAIssuer" -}} -{{ printf "%s-ca" (include "example-webhook.fullname" .) }} +{{- define "dnsimple-webhook.rootCAIssuer" -}} +{{ printf "%s-ca" (include "dnsimple-webhook.fullname" .) }} {{- end -}} -{{- define "example-webhook.rootCACertificate" -}} -{{ printf "%s-ca" (include "example-webhook.fullname" .) }} +{{- define "dnsimple-webhook.rootCACertificate" -}} +{{ printf "%s-ca" (include "dnsimple-webhook.fullname" .) }} {{- end -}} -{{- define "example-webhook.servingCertificate" -}} -{{ printf "%s-webhook-tls" (include "example-webhook.fullname" .) }} +{{- define "dnsimple-webhook.servingCertificate" -}} +{{ printf "%s-webhook-tls" (include "dnsimple-webhook.fullname" .) }} {{- end -}} + +{{- define "dnsimple-webhook.tokenSecretName" -}} +{{- default (include "dnsimple-webhook.fullname" .) (.Values.dnsimple.tokenSecretName) -}} +{{- end -}} \ No newline at end of file diff --git a/deploy/example-webhook/templates/apiservice.yaml b/deploy/dnsimple/templates/apiservice.yaml similarity index 67% rename from deploy/example-webhook/templates/apiservice.yaml rename to deploy/dnsimple/templates/apiservice.yaml index 4f6d5ce..65d1c56 100644 --- a/deploy/example-webhook/templates/apiservice.yaml +++ b/deploy/dnsimple/templates/apiservice.yaml @@ -3,17 +3,17 @@ kind: APIService metadata: name: v1alpha1.{{ .Values.groupName }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: - cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}" + cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "dnsimple-webhook.servingCertificate" . }}" spec: group: {{ .Values.groupName }} groupPriorityMinimum: 1000 versionPriority: 15 service: - name: {{ include "example-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.fullname" . }} namespace: {{ .Release.Namespace }} version: v1alpha1 diff --git a/deploy/example-webhook/templates/deployment.yaml b/deploy/dnsimple/templates/deployment.yaml similarity index 76% rename from deploy/example-webhook/templates/deployment.yaml rename to deploy/dnsimple/templates/deployment.yaml index 057cc42..3480bd3 100644 --- a/deploy/example-webhook/templates/deployment.yaml +++ b/deploy/dnsimple/templates/deployment.yaml @@ -1,26 +1,25 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "example-webhook.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "dnsimple-webhook.fullname" . }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ include "example-webhook.name" . }} + app: {{ include "dnsimple-webhook.name" . }} release: {{ .Release.Name }} template: metadata: labels: - app: {{ include "example-webhook.name" . }} + app: {{ include "dnsimple-webhook.name" . }} release: {{ .Release.Name }} spec: - serviceAccountName: {{ include "example-webhook.fullname" . }} + serviceAccountName: {{ include "dnsimple-webhook.fullname" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -28,6 +27,9 @@ spec: args: - --tls-cert-file=/tls/tls.crt - --tls-private-key-file=/tls/tls.key +{{- if .Values.logLevel }} + - --v={{ .Values.logLevel }} +{{- end }} env: - name: GROUP_NAME value: {{ .Values.groupName | quote }} @@ -54,7 +56,7 @@ spec: volumes: - name: certs secret: - secretName: {{ include "example-webhook.servingCertificate" . }} + secretName: {{ include "dnsimple-webhook.servingCertificate" . }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/deploy/example-webhook/templates/pki.yaml b/deploy/dnsimple/templates/pki.yaml similarity index 52% rename from deploy/example-webhook/templates/pki.yaml rename to deploy/dnsimple/templates/pki.yaml index b4b4c23..817783f 100644 --- a/deploy/example-webhook/templates/pki.yaml +++ b/deploy/dnsimple/templates/pki.yaml @@ -4,11 +4,11 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ include "example-webhook.selfSignedIssuer" . }} + name: {{ include "dnsimple-webhook.selfSignedIssuer" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: @@ -20,19 +20,19 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ include "example-webhook.rootCACertificate" . }} + name: {{ include "dnsimple-webhook.rootCACertificate" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - secretName: {{ include "example-webhook.rootCACertificate" . }} + secretName: {{ include "dnsimple-webhook.rootCACertificate" . }} duration: 43800h # 5y issuerRef: - name: {{ include "example-webhook.selfSignedIssuer" . }} - commonName: "ca.example-webhook.cert-manager" + name: {{ include "dnsimple-webhook.selfSignedIssuer" . }} + commonName: "ca.dnsimple-webhook.cert-manager" isCA: true --- @@ -41,16 +41,16 @@ spec: apiVersion: cert-manager.io/v1 kind: Issuer metadata: - name: {{ include "example-webhook.rootCAIssuer" . }} + name: {{ include "dnsimple-webhook.rootCAIssuer" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: ca: - secretName: {{ include "example-webhook.rootCACertificate" . }} + secretName: {{ include "dnsimple-webhook.rootCACertificate" . }} --- @@ -58,19 +58,19 @@ spec: apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: {{ include "example-webhook.servingCertificate" . }} + name: {{ include "dnsimple-webhook.servingCertificate" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - secretName: {{ include "example-webhook.servingCertificate" . }} + secretName: {{ include "dnsimple-webhook.servingCertificate" . }} duration: 8760h # 1y issuerRef: name: {{ include "example-webhook.rootCAIssuer" . }} dnsNames: - - {{ include "example-webhook.fullname" . }} - - {{ include "example-webhook.fullname" . }}.{{ .Release.Namespace }} - - {{ include "example-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ include "dnsimple-webhook.fullname" . }} + - {{ include "dnsimple-webhook.fullname" . }}.{{ .Release.Namespace }} + - {{ include "dnsimple-webhook.fullname" . }}.{{ .Release.Namespace }}.svc \ No newline at end of file diff --git a/deploy/dnsimple/templates/production.cluster-issuer.yaml b/deploy/dnsimple/templates/production.cluster-issuer.yaml new file mode 100644 index 0000000..d400e0c --- /dev/null +++ b/deploy/dnsimple/templates/production.cluster-issuer.yaml @@ -0,0 +1,26 @@ +{{- if .Values.clusterIssuer.production.enabled -}} +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ include "dnsimple-webhook.fullname" . }}-production + labels: + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + acme: + email: {{ .Values.clusterIssuer.email }} + privateKeySecretRef: + name: {{ include "dnsimple-webhook.fullname" . }}-production + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - dns01: + webhook: + config: + tokenSecretRef: + key: token + name: {{ include "dnsimple-webhook.tokenSecretName" . }} + groupName: {{ .Values.groupName }} + solverName: dnsimple +{{- end -}} \ No newline at end of file diff --git a/deploy/example-webhook/templates/rbac.yaml b/deploy/dnsimple/templates/rbac.yaml similarity index 65% rename from deploy/example-webhook/templates/rbac.yaml rename to deploy/dnsimple/templates/rbac.yaml index 605fcf5..2d09456 100644 --- a/deploy/example-webhook/templates/rbac.yaml +++ b/deploy/dnsimple/templates/rbac.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "example-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} --- @@ -15,11 +15,11 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ include "example-webhook.fullname" . }}:webhook-authentication-reader + name: {{ include "dnsimple-webhook.fullname" . }}:webhook-authentication-reader namespace: kube-system labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: @@ -29,7 +29,7 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: {{ include "example-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.fullname" . }} namespace: {{ .Release.Namespace }} --- # apiserver gets the auth-delegator role to delegate auth decisions to @@ -37,10 +37,10 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "example-webhook.fullname" . }}:auth-delegator + name: {{ include "dnsimple-webhook.fullname" . }}:auth-delegator labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: @@ -50,17 +50,17 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: {{ include "example-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.fullname" . }} namespace: {{ .Release.Namespace }} --- # Grant cert-manager permission to validate using our apiserver apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "example-webhook.fullname" . }}:domain-solver + name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} rules: @@ -74,16 +74,16 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "example-webhook.fullname" . }}:domain-solver + name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "example-webhook.fullname" . }}:domain-solver + name: {{ include "dnsimple-webhook.fullname" . }}:domain-solver subjects: - apiGroup: "" kind: ServiceAccount diff --git a/deploy/example-webhook/templates/service.yaml b/deploy/dnsimple/templates/service.yaml similarity index 64% rename from deploy/example-webhook/templates/service.yaml rename to deploy/dnsimple/templates/service.yaml index a76ddc7..2598e39 100644 --- a/deploy/example-webhook/templates/service.yaml +++ b/deploy/dnsimple/templates/service.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "example-webhook.fullname" . }} + name: {{ include "dnsimple-webhook.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: @@ -16,5 +16,5 @@ spec: protocol: TCP name: https selector: - app: {{ include "example-webhook.name" . }} + app: {{ include "dnsimple-webhook.name" . }} release: {{ .Release.Name }} diff --git a/deploy/dnsimple/templates/staging.cluster-issuer.yaml b/deploy/dnsimple/templates/staging.cluster-issuer.yaml new file mode 100644 index 0000000..0377f4b --- /dev/null +++ b/deploy/dnsimple/templates/staging.cluster-issuer.yaml @@ -0,0 +1,26 @@ +{{- if .Values.clusterIssuer.staging.enabled -}} +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ include "dnsimple-webhook.fullname" . }}-staging + labels: + app: {{ include "dnsimple-webhook.name" . }} + chart: {{ include "dnsimple-webhook.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + acme: + email: {{ .Values.clusterIssuer.email }} + privateKeySecretRef: + name: {{ include "dnsimple-webhook.fullname" . }}-staging + server: https://acme-staging-v02.api.letsencrypt.org/directory + solvers: + - dns01: + webhook: + config: + tokenSecretRef: + key: token + name: {{ include "dnsimple-webhook.tokenSecretName" . }} + groupName: {{ .Values.groupName }} + solverName: dnsimple +{{- end -}} \ No newline at end of file diff --git a/deploy/example-webhook/values.yaml b/deploy/dnsimple/values.yaml similarity index 80% rename from deploy/example-webhook/values.yaml rename to deploy/dnsimple/values.yaml index 31eb151..b3a4c07 100644 --- a/deploy/example-webhook/values.yaml +++ b/deploy/dnsimple/values.yaml @@ -6,14 +6,24 @@ # solve the DNS01 challenge. # This group name should be **unique**, hence using your own company's domain # here is recommended. -groupName: acme.mycompany.com +groupName: acme.jahanson.com certManager: namespace: cert-manager serviceAccountName: cert-manager - +# logLevel: 3 +dnsimple: + token: "" + # existingTokenSecret: false + # tokenSecretName: +clusterIssuer: + email: name@example.com + staging: + enabled: false + production: + enabled: false image: - repository: mycompany/webhook-image + repository: ghcr.io/jahanson/cert-manager-webhook-dnsimple tag: latest pullPolicy: IfNotPresent diff --git a/deploy/example-webhook/Chart.yaml b/deploy/example-webhook/Chart.yaml deleted file mode 100644 index 77c6ead..0000000 --- a/deploy/example-webhook/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: example-webhook -version: 0.1.0