add new cert manager chart

CAVEconnectome · Jan 21, 2025 · 23bf077 · 23bf077
1 parent fa7254e
commit 23bf077
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 0 deletions.
diff --git a/charts/certmanager/Chart.yaml b/charts/certmanager/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: cert-manager-google
+version: 0.1.0
+description: "Installs Cert-Manager an Issuer and a Certificate on google cloud"
+
+# The key part: we declare the dependency on the official cert-manager chart:
+dependencies:
+  - name: cert-manager
+    version: 1.8.0                   
+    repository: "https://charts.jetstack.io"
+    condition: certManager.enabled         # so we can toggle it on/off
+    tags:
+      - certManager
+
diff --git a/charts/certmanager/templates/cert-issuer.yaml b/charts/certmanager/templates/cert-issuer.yaml
@@ -0,0 +1,20 @@
+{{ required "A valid .Values.projectName is required!" .Values.projectName }}
+{{ required "A valid .Values.letsEncryptEmail is required!" .Values.letsEncryptEmail }}
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ .Values.issuerName }}
+spec:
+  acme:
+    server: {{ .Values.letsEncryptServer }}
+    email: {{ .Values.letsEncryptEmail }}
+    privateKeySecretRef:
+      name: {{ .Values.issuerName }}
+    solvers:
+      - dns01:
+          cloudDNS:
+            project: {{ .Values.projectName }}
+            serviceAccountSecretRef:
+              name: {{ .Values.cloudDnsServiceAccountSecret }}
+              key: {{ .Values.googleSecretFilename }}
diff --git a/charts/certmanager/templates/certificate.yaml b/charts/certmanager/templates/certificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.environment }}-cert
+spec:
+  secretName: {{ .Values.environment }}-cert
+  renewBefore: 720h
+  dnsNames:
+{{- range .Values.dnsHostnames }}
+    - {{ . }}
+{{- end }}
+  issuerRef:
+    name: {{ .Values.issuerName }}
diff --git a/charts/certmanager/values.yaml b/charts/certmanager/values.yaml
@@ -0,0 +1,16 @@
+issuerName: letsencrypt-issuer
+letsEncryptServer: https://acme-v02.api.letsencrypt.org/directory
+letsEncryptEmail: ""
+projectName: ""
+environment: ""
+dnsHostnames: []
+installCRDs: true
+certManager:
+  enabled: true
+  installCRDs: true
+
+  # You can override anything from the cert-manager chart’s values here,
+  # for example the default namespace, extraArgs, etc.
+  # example:
+  ingressShim.defaultIssuerName: letsencrypt-issuer
+  ingressShim.defaultIssuerKind: ClusterIssuer