Installer: configure cert-manager(-webhook-gandi), kubed as part of infrastructure
diff --git a/charts/auth/templates/ui.yaml b/charts/auth/templates/ui.yaml
index 8c07d74..ee79d7e 100644
--- a/charts/auth/templates/ui.yaml
+++ b/charts/auth/templates/ui.yaml
@@ -18,16 +18,16 @@
metadata:
name: ui
namespace: {{ .Release.Namespace }}
- # annotations:
- # cert-manager.io/cluster-issuer: {{ .Values.ui.certificateIssuer }}
- # acme.cert-manager.io/http01-edit-in-place: "true"
+ annotations:
+ cert-manager.io/cluster-issuer: {{ .Values.ui.certificateIssuer }}
+ acme.cert-manager.io/http01-edit-in-place: "true"
spec:
ingressClassName: {{ .Values.ui.ingressClassName }}
tls:
- hosts:
- accounts-ui.{{ .Values.ui.domain }}
- # secretName: cert-accounts-ui.{{ .Values.ui.domain }}
- secretName: cert-wildcard.{{ .Values.ui.domain }}
+ secretName: cert-accounts-ui.{{ .Values.ui.domain }}
+ # secretName: cert-wildcard.{{ .Values.ui.domain }}
rules:
- host: accounts-ui.{{ .Values.ui.domain }}
http:
diff --git a/charts/certificate-issuer/templates/wildcard-certificate-private.yaml b/charts/certificate-issuer/templates/wildcard-certificate-private.yaml
index f869875..408b76c 100644
--- a/charts/certificate-issuer/templates/wildcard-certificate-private.yaml
+++ b/charts/certificate-issuer/templates/wildcard-certificate-private.yaml
@@ -10,3 +10,6 @@
name: {{ .Values.private.name }}
kind: Issuer
secretName: cert-wildcard.{{ .Values.private.domain }}
+ secretTemplate:
+ annotations:
+ kubed.appscode.com/sync: "pcloud-instance-id={{ .Values.pcloudInstanceId }}"
diff --git a/charts/certificate-issuer/templates/www-certificate-public.yaml b/charts/certificate-issuer/templates/www-certificate-public.yaml
new file mode 100644
index 0000000..d6b4dc6
--- /dev/null
+++ b/charts/certificate-issuer/templates/www-certificate-public.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: www-{{ .Values.public.domain }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ dnsNames:
+ - '{{ .Values.public.domain }}'
+ - 'www.{{ .Values.public.domain }}'
+ issuerRef:
+ name: {{ .Values.public.name }}
+ kind: ClusterIssuer
+ secretName: cert-www.{{ .Values.private.domain }}
+ secretTemplate:
+ annotations:
+ kubed.appscode.com/sync: "pcloud-instance-id={{ .Values.pcloudInstanceId }}"
diff --git a/charts/certificate-issuer/values.yaml b/charts/certificate-issuer/values.yaml
index 904b5ac..b9660ae 100644
--- a/charts/certificate-issuer/values.yaml
+++ b/charts/certificate-issuer/values.yaml
@@ -1,3 +1,4 @@
+pcloudInstanceId: example
certManager:
namespace: cert-manager
gandiWebhookSecretReader: cert-manager-webhook-gandi
@@ -6,6 +7,7 @@
server: https://acme-v02.api.letsencrypt.org/directory
contactEmail: admin@example.com
ingressClass: ingress-nginx
+ domain: example.com
private:
name: selfsigned-private
server: https://acme-v02.api.letsencrypt.org/directory
diff --git a/charts/matrix/templates/matrix.yaml b/charts/matrix/templates/matrix.yaml
index 49c97ac..d9bd47f 100644
--- a/charts/matrix/templates/matrix.yaml
+++ b/charts/matrix/templates/matrix.yaml
@@ -47,16 +47,16 @@
metadata:
name: ingress
namespace: {{ .Release.Namespace }}
- # annotations:
- # cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
- # acme.cert-manager.io/http01-edit-in-place: "true"
+ annotations:
+ cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
+ acme.cert-manager.io/http01-edit-in-place: "true"
spec:
ingressClassName: {{ .Values.ingressClassName }}
tls:
- hosts:
- matrix.{{ .Values.domain }}
- # secretName: cert-matrix.{{ .Values.domain }}
- secretName: cert-wildcard.{{ .Values.domain }}
+ secretName: cert-matrix.{{ .Values.domain }}
+ # secretName: cert-wildcard.{{ .Values.domain }}
rules:
- host: matrix.{{ .Values.domain }}
http:
diff --git a/charts/matrix/templates/well-known.yaml b/charts/matrix/templates/well-known.yaml
index ef79b05..218e335 100644
--- a/charts/matrix/templates/well-known.yaml
+++ b/charts/matrix/templates/well-known.yaml
@@ -27,7 +27,7 @@
tls:
- hosts:
- {{ .Values.domain }}
- secretName: cert-{{ .Values.domain }}
+ secretName: cert-www.{{ .Values.domain }}
- hosts:
- www.{{ .Values.domain }}
secretName: cert-www.{{ .Values.domain }}
diff --git a/charts/namespaces/.helmignore b/charts/namespaces/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/namespaces/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/namespaces/Chart.yaml b/charts/namespaces/Chart.yaml
new file mode 100644
index 0000000..9dd3c96
--- /dev/null
+++ b/charts/namespaces/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: namespaces
+description: A Helm chart for creating PCloud namespaces
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/namespaces/templates/namespace.yaml b/charts/namespaces/templates/namespace.yaml
new file mode 100644
index 0000000..5ce22a0
--- /dev/null
+++ b/charts/namespaces/templates/namespace.yaml
@@ -0,0 +1,10 @@
+{{ $id := .Values.pcloudInstanceId }}
+{{ range .Values.namespaces }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ $id }}-{{ . }}
+ labels:
+ pcloud-instance-id: {{ $id }}
+---
+{{ end }}
diff --git a/charts/namespaces/values.yaml b/charts/namespaces/values.yaml
new file mode 100644
index 0000000..d17d865
--- /dev/null
+++ b/charts/namespaces/values.yaml
@@ -0,0 +1,4 @@
+pcloudInstanceId: example
+namespaces:
+- foo
+- bar