From fb007d7b14b7a651e1fc2c33e0a9c8d811e51e47 Mon Sep 17 00:00:00 2001 From: Max Goltzsche Date: Thu, 10 Dec 2020 22:53:05 +0100 Subject: [PATCH] Update readme, remove generated file --- .gitignore | 2 +- README.md | 8 +- .../static/manifest.yaml | 1053 ----------------- pkg/helm/render.go | 20 +- 4 files changed, 14 insertions(+), 1069 deletions(-) delete mode 100644 example/kpt/output-helm-kustomize/static/manifest.yaml diff --git a/.gitignore b/.gitignore index ba64a79..f06005d 100644 --- a/.gitignore +++ b/.gitignore @@ -8,5 +8,5 @@ /example/kpt/output-* !/example/kpt/output-helm-kustomize /example/kpt/output-helm-kustomize/output-kustomization -/example/kpt/output-helm-kustomize/output-kustomization/static/manifest.yaml +/example/kpt/output-helm-kustomize/static/manifest.yaml diff --git a/README.md b/README.md index ab48521..d9de045 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# khelm ![GitHub workflow badge](https://github.com/mgoltzsche/khelm/workflows/Release/badge.svg) [![Go Report Card](https://goreportcard.com/badge/github.com/mgoltzsche/helm-kustomize-plugin)](https://goreportcard.com/report/github.com/mgoltzsche/helm-kustomize-plugin) +# khelm ![GitHub workflow badge](https://github.com/mgoltzsche/khelm/workflows/Release/badge.svg) [![Go Report Card](https://goreportcard.com/badge/github.com/mgoltzsche/khelm)](https://goreportcard.com/report/github.com/mgoltzsche/khelm) A [Helm](https://github.com/helm/helm) chart templating CLI, helm to kustomize converter, [kpt](https://github.com/GoogleContainerTools/kpt) function and [kustomize](https://github.com/kubernetes-sigs/kustomize/) plugin. @@ -85,7 +85,7 @@ This can be done by declaring the khelm and a kustomize function orderly within ### kustomize exec plugin -khelm can be used as [kustomize](https://github.com/kubernetes-sigs/kustomize) 3 exec plugin. +khelm can be used as [kustomize](https://github.com/kubernetes-sigs/kustomize) 3 [exec plugin](https://kubectl.docs.kubernetes.io/guides/extending_kustomize/execpluginguidedexample/). Though plugin support in kustomize is still an alpha feature and may be removed in a future version. #### Plugin installation @@ -103,8 +103,6 @@ mkdir -p $HOME/.config/kustomize/plugin/khelm.mgoltzsche.github.com/v1/chartrend mv $GOPATH/bin/khelm $HOME/.config/kustomize/plugin/khelm.mgoltzsche.github.com/v1/chartrenderer/ChartRenderer ``` -The general [kustomize plugin guide](https://kubectl.docs.kubernetes.io/guides/extending_kustomize/execpluginguidedexample/) provides more information. - #### Plugin usage example A _plugin descriptor_ specifies the helm repository, chart, version and values that should be used in a kubernetes-style resource can be referenced in the `generators` section of a `kustomization.yaml` and can look as follows: @@ -196,7 +194,7 @@ Unlike Helm khelm allows usage of any repository when `repositories.yaml` is not Build and test the khelm binary (requires Go 1.13) as well as the container image: ```sh -make khelm test check image e2e-test +make clean khelm test check image e2e-test ``` _The dynamic binary is written to `build/bin/khelm` and the static binary to `build/bin/khelm-static`_. diff --git a/example/kpt/output-helm-kustomize/static/manifest.yaml b/example/kpt/output-helm-kustomize/static/manifest.yaml deleted file mode 100644 index b945e68..0000000 --- a/example/kpt/output-helm-kustomize/static/manifest.yaml +++ /dev/null @@ -1,1053 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release - namespace: cert-manager ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: cainjector - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cainjector - helm.sh/chart: cainjector-v0.9.1 - name: my-cert-manager-release-cainjector - namespace: cert-manager ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: my-cert-manager-release-edit -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: my-cert-manager-release-view -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook:webhook-requester -rules: -- apiGroups: - - admission.certmanager.k8s.io - resources: - - certificates - - certificaterequests - - issuers - - clusterissuers - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app: cainjector - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cainjector - helm.sh/chart: cainjector-v0.9.1 - name: my-cert-manager-release-cainjector -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - certificates - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - - events - verbs: - - get - - create - - update - - patch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - update -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - watch - - update -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 # Certificates controller role -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-certificates -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - certificates - - certificates/status - - certificaterequests - - certificaterequests/status - verbs: - - update -- apiGroups: - - certmanager.k8s.io - resources: - - certificates - - certificaterequests - - clusterissuers - - issuers - - orders - verbs: - - get - - list - - watch -- apiGroups: - - certmanager.k8s.io - resources: - - certificates/finalizers - verbs: - - update -- apiGroups: - - certmanager.k8s.io - resources: - - orders - verbs: - - create - - delete -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 # Challenges controller role -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-challenges -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - challenges - - challenges/status - verbs: - - update -- apiGroups: - - certmanager.k8s.io - resources: - - challenges - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - watch - - create - - delete -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - certmanager.k8s.io - resources: - - challenges/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 # ClusterIssuer controller role -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-clusterissuers -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - update -- apiGroups: - - certmanager.k8s.io - resources: - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 # ingress-shim controller role -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-ingress-shim -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - certificates - - certificaterequests - verbs: - - create - - update - - delete -- apiGroups: - - certmanager.k8s.io - resources: - - certificates - - certificaterequests - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - ingresses/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 # Issuer controller role -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-issuers -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - issuers - - issuers/status - verbs: - - update -- apiGroups: - - certmanager.k8s.io - resources: - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 # Orders controller role -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-orders -rules: -- apiGroups: - - certmanager.k8s.io - resources: - - orders - - orders/status - verbs: - - update -- apiGroups: - - certmanager.k8s.io - resources: - - orders - - clusterissuers - - issuers - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - certmanager.k8s.io - resources: - - challenges - verbs: - - create - - delete -- apiGroups: - - certmanager.k8s.io - resources: - - orders/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-leaderelection -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - create - - update - - patch ---- -# api agg -apiVersion: rbac.authorization.k8s.io/v1beta1 # apiserver gets the ability to read authentication. This allows it to -kind: RoleBinding -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook:webhook-authentication-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- apiGroup: "" - kind: ServiceAccount - name: my-cert-manager-release-webhook - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cainjector - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cainjector - helm.sh/chart: cainjector-v0.9.1 - name: my-cert-manager-release-cainjector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-cainjector -subjects: -- kind: ServiceAccount - name: my-cert-manager-release-cainjector - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-certificates -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-controller-certificates -subjects: -- kind: ServiceAccount - name: my-cert-manager-release - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-challenges -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-controller-challenges -subjects: -- kind: ServiceAccount - name: my-cert-manager-release - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-clusterissuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-controller-clusterissuers -subjects: -- kind: ServiceAccount - name: my-cert-manager-release - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-ingress-shim -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-controller-ingress-shim -subjects: -- kind: ServiceAccount - name: my-cert-manager-release - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-issuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-controller-issuers -subjects: -- kind: ServiceAccount - name: my-cert-manager-release - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-controller-orders -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-controller-orders -subjects: -- kind: ServiceAccount - name: my-cert-manager-release - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release-leaderelection -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: my-cert-manager-release-leaderelection -subjects: -- kind: ServiceAccount - name: my-cert-manager-release - namespace: cert-manager ---- -# the core apiserver -apiVersion: rbac.authorization.k8s.io/v1beta1 ### Webhook ### -kind: ClusterRoleBinding -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: "" - kind: ServiceAccount - name: my-cert-manager-release-webhook - namespace: cert-manager ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook - namespace: cert-manager -spec: - ports: - - name: https - port: 443 - targetPort: 6443 - selector: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/managed-by: Tiller - app.kubernetes.io/name: webhook - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - name: my-cert-manager-release - namespace: cert-manager -spec: - replicas: 1 - selector: - matchLabels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/managed-by: Tiller - app.kubernetes.io/name: cert-manager - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9402" - prometheus.io/scrape: "true" - labels: - app: cert-manager - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cert-manager - helm.sh/chart: cert-manager-v0.9.1 - spec: - containers: - - args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v0.9.1 - imagePullPolicy: IfNotPresent - name: cert-manager - ports: - - containerPort: 9402 - resources: {} - serviceAccountName: my-cert-manager-release ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: cainjector - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cainjector - helm.sh/chart: cainjector-v0.9.1 - name: my-cert-manager-release-cainjector - namespace: cert-manager -spec: - replicas: 1 - selector: - matchLabels: - app: cainjector - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/managed-by: Tiller - app.kubernetes.io/name: cainjector - template: - metadata: - annotations: null - labels: - app: cainjector - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: cainjector - helm.sh/chart: cainjector-v0.9.1 - spec: - containers: - - args: - - --v=2 - - --leader-election-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v0.9.1 - imagePullPolicy: IfNotPresent - name: cainjector - resources: {} - serviceAccountName: my-cert-manager-release-cainjector ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook - namespace: cert-manager -spec: - replicas: 1 - selector: - matchLabels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/managed-by: Tiller - app.kubernetes.io/name: webhook - template: - metadata: - annotations: null - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - spec: - containers: - - args: - - --v=2 - - --secure-port=6443 - - --tls-cert-file=/certs/tls.crt - - --tls-private-key-file=/certs/tls.key - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v0.9.1 - imagePullPolicy: IfNotPresent - name: webhook - resources: {} - volumeMounts: - - mountPath: /certs - name: certs - serviceAccountName: my-cert-manager-release-webhook - volumes: - - name: certs - secret: - secretName: my-cert-manager-release-webhook-webhook-tls ---- -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - annotations: - certmanager.k8s.io/inject-ca-from: cert-manager/my-cert-manager-release-webhook-webhook-tls - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: v1beta1.admission.certmanager.k8s.io -spec: - group: admission.certmanager.k8s.io - groupPriorityMinimum: 1000 - service: - name: my-cert-manager-release-webhook - namespace: cert-manager - version: v1beta1 - versionPriority: 15 ---- -apiVersion: certmanager.k8s.io/v1alpha1 # Generate a CA Certificate used to sign certificates for the webhook -kind: Certificate -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook-ca - namespace: cert-manager -spec: - commonName: ca.webhook.cert-manager - duration: 43800h # 5y - isCA: true - issuerRef: - name: my-cert-manager-release-webhook-selfsign - secretName: my-cert-manager-release-webhook-ca ---- -apiVersion: certmanager.k8s.io/v1alpha1 # Finally, generate a serving certificate for the webhook to use -kind: Certificate -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook-webhook-tls - namespace: cert-manager -spec: - dnsNames: - - my-cert-manager-release-webhook - - my-cert-manager-release-webhook.cert-manager - - my-cert-manager-release-webhook.cert-manager.svc - duration: 8760h # 1y - issuerRef: - name: my-cert-manager-release-webhook-ca - secretName: my-cert-manager-release-webhook-webhook-tls ---- -apiVersion: certmanager.k8s.io/v1alpha1 # Create an Issuer that uses the above generated CA certificate to issue certs -kind: Issuer -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook-ca - namespace: cert-manager -spec: - ca: - secretName: my-cert-manager-release-webhook-ca ---- -# signing webhook serving certificates -apiVersion: certmanager.k8s.io/v1alpha1 # Create a selfsigned Issuer, in order to create a root CA certificate for -kind: Issuer -metadata: - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook-selfsign - namespace: cert-manager -spec: - selfSigned: {} ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - certmanager.k8s.io/inject-apiserver-ca: "true" - labels: - app: webhook - app.kubernetes.io/instance: my-cert-manager-release - app.kubernetes.io/name: webhook - helm.sh/chart: webhook-v0.9.1 - name: my-cert-manager-release-webhook -webhooks: -- clientConfig: - service: - name: kubernetes - namespace: default - path: /apis/admission.certmanager.k8s.io/v1beta1/certificates - failurePolicy: Fail - name: certificates.admission.certmanager.k8s.io - namespaceSelector: - matchExpressions: - - key: certmanager.k8s.io/disable-validation - operator: NotIn - values: - - "true" - - key: name - operator: NotIn - values: - - cert-manager - rules: - - apiGroups: - - certmanager.k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - certificates -- clientConfig: - service: - name: kubernetes - namespace: default - path: /apis/admission.certmanager.k8s.io/v1beta1/issuers - failurePolicy: Fail - name: issuers.admission.certmanager.k8s.io - namespaceSelector: - matchExpressions: - - key: certmanager.k8s.io/disable-validation - operator: NotIn - values: - - "true" - - key: name - operator: NotIn - values: - - cert-manager - rules: - - apiGroups: - - certmanager.k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - issuers -- clientConfig: - service: - name: kubernetes - namespace: default - path: /apis/admission.certmanager.k8s.io/v1beta1/clusterissuers - failurePolicy: Fail - name: clusterissuers.admission.certmanager.k8s.io - namespaceSelector: - matchExpressions: - - key: certmanager.k8s.io/disable-validation - operator: NotIn - values: - - "true" - - key: name - operator: NotIn - values: - - cert-manager - rules: - - apiGroups: - - certmanager.k8s.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clusterissuers diff --git a/pkg/helm/render.go b/pkg/helm/render.go index fa853c4..73d44b4 100644 --- a/pkg/helm/render.go +++ b/pkg/helm/render.go @@ -47,20 +47,20 @@ func (h *Helm) Render(ctx context.Context, req *ChartConfig) (r []*yaml.RNode, e // renderChart renders a manifest from the given chart and values // Derived from https://github.com/helm/helm/blob/v2.14.3/cmd/helm/template.go -func renderChart(chrt *chart.Chart, c *ChartConfig, getters getter.Providers) (r []*yaml.RNode, err error) { - namespace := c.Namespace +func renderChart(chrt *chart.Chart, req *ChartConfig, getters getter.Providers) (r []*yaml.RNode, err error) { + namespace := req.Namespace renderOpts := renderutil.Options{ ReleaseOptions: chartutil.ReleaseOptions{ - Name: c.Name, + Name: req.Name, Namespace: namespace, }, - KubeVersion: c.KubeVersion, + KubeVersion: req.KubeVersion, } - if len(c.APIVersions) > 0 { - renderOpts.APIVersions = append(c.APIVersions, "v1") + if len(req.APIVersions) > 0 { + renderOpts.APIVersions = append(req.APIVersions, "v1") } - rawVals, err := vals(chrt, c.ValueFiles, c.Values, c.BaseDir, getters, "", "", "") + rawVals, err := vals(chrt, req.ValueFiles, req.Values, req.BaseDir, getters, "", "", "") if err != nil { return nil, errors.Wrap(err, "load values") } @@ -78,9 +78,9 @@ func renderChart(chrt *chart.Chart, c *ChartConfig, getters getter.Providers) (r } transformer := manifestTransformer{ - ForceNamespace: c.ForceNamespace, - Excludes: Matchers(c.Exclude), - NamespacedOnly: c.NamespacedOnly, + ForceNamespace: req.ForceNamespace, + Excludes: Matchers(req.Exclude), + NamespacedOnly: req.NamespacedOnly, OutputPath: "khelm-output", }