diff --git a/.github/ct-install.yaml b/.github/ct-install.yaml index 5b60c9ed..f022f2ff 100644 --- a/.github/ct-install.yaml +++ b/.github/ct-install.yaml @@ -6,7 +6,6 @@ chart-dirs: - charts/stable excluded-charts: - charts/stable/alertmanager-bot -- charts/stable/dnsmadeeasy-webhook - charts/stable/multus - charts/stable/promcord - charts/stable/reg @@ -19,3 +18,4 @@ chart-repos: - bitnami=https://charts.bitnami.com/bitnami - k8s-at-home-libraries=https://library-charts.k8s-at-home.com - k8s-at-home=https://k8s-at-home.com/charts +- jetstack=https://charts.jetstack.io diff --git a/.github/ct-lint.yaml b/.github/ct-lint.yaml index 457998fd..d096911c 100644 --- a/.github/ct-lint.yaml +++ b/.github/ct-lint.yaml @@ -9,3 +9,4 @@ chart-repos: - bitnami=https://charts.bitnami.com/bitnami - k8s-at-home-libraries=https://library-charts.k8s-at-home.com - k8s-at-home=https://k8s-at-home.com/charts +- jetstack=https://charts.jetstack.io diff --git a/charts/stable/dnsmadeeasy-webhook/Chart.yaml b/charts/stable/dnsmadeeasy-webhook/Chart.yaml index 0347091d..a96a2cc7 100644 --- a/charts/stable/dnsmadeeasy-webhook/Chart.yaml +++ b/charts/stable/dnsmadeeasy-webhook/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 1.2.0 description: Cert-Manager Webhook for DNSMadeEasy name: dnsmadeeasy-webhook -version: 3.2.0 +version: 3.3.0 keywords: - cert-manager - dnsmadeeasy @@ -19,3 +19,7 @@ dependencies: - name: common repository: https://library-charts.k8s-at-home.com version: 3.2.0 +- name: cert-manager + repository: https://charts.jetstack.io + version: v1.4.0 + condition: cert-manager.enabled diff --git a/charts/stable/dnsmadeeasy-webhook/README.md b/charts/stable/dnsmadeeasy-webhook/README.md index 17841b1b..50deed9b 100644 --- a/charts/stable/dnsmadeeasy-webhook/README.md +++ b/charts/stable/dnsmadeeasy-webhook/README.md @@ -1,6 +1,6 @@ # dnsmadeeasy-webhook -![Version: 3.2.0](https://img.shields.io/badge/Version-3.2.0-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 3.3.0](https://img.shields.io/badge/Version-3.3.0-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) Cert-Manager Webhook for DNSMadeEasy @@ -17,6 +17,7 @@ Cert-Manager Webhook for DNSMadeEasy | Repository | Name | Version | |------------|------|---------| +| https://charts.jetstack.io | cert-manager | v1.4.0 | | https://library-charts.k8s-at-home.com | common | 3.2.0 | ## TL;DR @@ -74,8 +75,10 @@ N/A | Key | Type | Default | Description | |-----|------|---------|-------------| +| cert-manager.enabled | bool | `false` | Install cert-manager chart as dependency. Usually this is already installed in the cluster and not needed. | | certManager.namespace | string | `"cert-manager"` | Namespace where the cert-manager operator was installed to | | certManager.serviceAccountName | string | `"cert-manager"` | Service account used by the cert-manager | +| generateCerts | bool | `true` | Generate dedicated certs instead of re-using the cert-manager webhook certificate. | | groupName | string | `"acme.mycompany.com"` | The GroupName here is used to identify your company or business unit that created this webhook. This name will need to be referenced in each Issuer's `webhook` stanza to inform cert-manager of where to send ChallengePayload resources in order to solve the DNS01 challenge. This group name should be **unique**, hence using your own company's domain here is recommended. | | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | | image.repository | string | `"ghcr.io/k8s-at-home/dnsmadeeasy-webhook"` | Image repository | @@ -88,6 +91,20 @@ All notable changes to this application Helm chart will be documented in this fi The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +### [3.3.0] + +#### Added + +- Testcases + +#### Changed + +- N/A + +#### Removed + +- N/A + ### [3.1.0] #### Added diff --git a/charts/stable/dnsmadeeasy-webhook/README_CHANGELOG.md.gotmpl b/charts/stable/dnsmadeeasy-webhook/README_CHANGELOG.md.gotmpl index f9a796d4..ccfdb4b4 100644 --- a/charts/stable/dnsmadeeasy-webhook/README_CHANGELOG.md.gotmpl +++ b/charts/stable/dnsmadeeasy-webhook/README_CHANGELOG.md.gotmpl @@ -9,6 +9,20 @@ All notable changes to this application Helm chart will be documented in this fi The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +### [3.3.0] + +#### Added + +- Testcases + +#### Changed + +- N/A + +#### Removed + +- N/A + ### [3.1.0] #### Added diff --git a/charts/stable/dnsmadeeasy-webhook/ci/ct-values.yaml b/charts/stable/dnsmadeeasy-webhook/ci/ct-values.yaml new file mode 100644 index 00000000..1e5c303d --- /dev/null +++ b/charts/stable/dnsmadeeasy-webhook/ci/ct-values.yaml @@ -0,0 +1,15 @@ +# Until cert-manager moves CRD in the crd folder we +# cannot use cert-manager CRDs within the chart +# See: https://github.com/jetstack/cert-manager/issues/3377 +generateCerts: false + +cert-manager: + enabled: true + installCRDs: true + webhook: + enabled: true + extraArgs: + - --dns01-recursive-nameservers=1.1.1.1:53 + - --dns01-recursive-nameservers-only + cainjector: + replicaCount: 1 diff --git a/charts/stable/dnsmadeeasy-webhook/templates/common.tpl b/charts/stable/dnsmadeeasy-webhook/templates/common.tpl index ab38d247..dcdef860 100644 --- a/charts/stable/dnsmadeeasy-webhook/templates/common.tpl +++ b/charts/stable/dnsmadeeasy-webhook/templates/common.tpl @@ -14,7 +14,11 @@ {{- end -}} {{- define "dnsmadeeasy-webhook.servingCertificate" -}} +{{- if .Values.generateCerts }} {{ printf "%s-webhook-tls" (include "common.names.fullname" .) }} +{{- else -}} +{{ printf "%s-cert-manager-webhook-ca" (include "common.names.fullname" .) }} +{{- end -}} {{- end -}} diff --git a/charts/stable/dnsmadeeasy-webhook/templates/pki.yaml b/charts/stable/dnsmadeeasy-webhook/templates/pki.yaml index 68ccd873..a633b9cc 100644 --- a/charts/stable/dnsmadeeasy-webhook/templates/pki.yaml +++ b/charts/stable/dnsmadeeasy-webhook/templates/pki.yaml @@ -1,3 +1,4 @@ +{{- if .Values.generateCerts }} --- # Create a selfsigned Issuer, in order to create a root CA certificate for # signing webhook serving certificates @@ -64,3 +65,4 @@ spec: - {{ include "common.names.fullname" . }} - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }} - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc +{{- end }} diff --git a/charts/stable/dnsmadeeasy-webhook/values.yaml b/charts/stable/dnsmadeeasy-webhook/values.yaml index 88ae45c5..753bbcd2 100644 --- a/charts/stable/dnsmadeeasy-webhook/values.yaml +++ b/charts/stable/dnsmadeeasy-webhook/values.yaml @@ -27,3 +27,12 @@ image: pullPolicy: IfNotPresent # -- Image tag tag: v1.2.0 + +# -- Generate dedicated certs instead of re-using the cert-manager +# webhook certificate. +generateCerts: true + +cert-manager: + # -- Install cert-manager chart as dependency. + # Usually this is already installed in the cluster and not needed. + enabled: false