fix(infra-certificates): init

base-values/commons.yaml

@@ -1,4 +1,5 @@
 commons:
+
   helm:
     release:
       install:
@@ -9,12 +10,16 @@ commons:
         disableWait: true
         remediation:
           retries: -1
+
   ingress:
     domain: "wrenix.eu"
+    annotations:
+
   grafana:
     dashboards:
       labels:
         grafana_dashboard: "1"
+
   prometheus:
     monitor:
       labels:

base-values/infra.yaml

@@ -12,4 +12,7 @@ components:
   infra-ingress:
     enabled: true
     namespace: "ingress"
-  
+
+  infra-certificates:
+    enabled: true
+    namespace: "certificates"

infra-certificates/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

infra-certificates/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: infra-certificates
+description: Install all certificate related
+type: application
+
+version: 0.1.0

infra-certificates/templates/certmanager/cluster-issuer/letsencrypt-prod.yaml

@@ -0,0 +1,26 @@
+{{- if (.Capabilities.APIVersions.Has "cert-manager.io/v1/ClusterIssuer") }}
+---
+apiVersion: "cert-manager.io/v1"
+kind: "ClusterIssuer"
+metadata:
+  name: "letsencrypt-prod"
+spec:
+  acme:
+    server: "https://acme-v02.api.letsencrypt.org/directory"
+    preferredChain: "ISRG Root X1"
+    email: {{ .Values.email }}
+    privateKeySecretRef:
+      name: "letsencrypt-prod"
+    solvers:
+      - http01:
+          ingress:
+            ingressTemplate:
+              metadata:
+                annotations:
+                  "ingress.kubernetes.io/ssl-redirect": "false"
+                  "nginx.org/redirect-to-https": "false"
+                  "traefik.ingress.kubernetes.io/router.entrypoints": "web"
+                  {{- with .Values.commons.ingress.annotations }}
+                  {{- toYaml . | nindent 16 }}
+                  {{- end }}
+{{- end }}

infra-certificates/templates/certmanager/cluster-issuer/selfsigned.yaml

@@ -0,0 +1,9 @@
+{{- if (.Capabilities.APIVersions.Has "cert-manager.io/v1/ClusterIssuer") }}
+---
+apiVersion: "cert-manager.io/v1"
+kind: "ClusterIssuer"
+metadata:
+  name: "selfsigned"
+spec:
+  selfSigned: {}
+{{- end }}

infra-certificates/templates/certmanager/release.yaml

@@ -0,0 +1,57 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cert-manager
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+      chart: cert-manager
+      interval: 10m
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  interval: 10m
+  values:
+    installCRDs: true
+
+    resources:
+      requests:
+        cpu: 10m
+        memory: 128Mi
+      limits:
+        memory: 512Mi
+
+    webhook:
+      resources:
+        requests:
+          cpu: 10m
+          memory: 32Mi
+        limits:
+          memory: 128Mi
+
+    cainjector:
+      resources:
+        requests:
+          cpu: 10m
+          memory: 128Mi
+        limits:
+          memory: 512Mi
+
+    prometheus:
+      enabled: true
+      servicemonitor:
+        enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
+        {{- with get .Values.commons.prometheus.monitor.labels "prometheus" }}
+        prometheusInstance: {{ . | quote }}
+        {{- end }}
+        {{- with omit .Values.commons.prometheus.monitor.labels "prometheus" }}
+        labels:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}

infra-certificates/templates/certmanager/repo.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: jetstack
+spec:
+  url: https://charts.jetstack.io
+  interval: 10m0s

infra-certificates/templates/configmap_init_crd.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-init
+  namespace: "{{ .Values.init.namespace }}"
+data:
+  {{- $isMonitoring := (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
+  monitoring: {{ $isMonitoring | quote }}
+  {{- $isCertManager := (.Capabilities.APIVersions.Has "cert-manager.io/v1/ClusterIssuer") }}
+  certmanager: {{ $isCertManager | quote }}
+  {{- if and
+    $isMonitoring
+    $isCertManager
+  }}
+  init: "-1"
+  {{- else }}
+  init: "{{ add1 .Values.init.version }}"
+  {{- end }}
+

infra-certificates/values.yaml

@@ -0,0 +1,15 @@
+init:
+  version: 0
+  namespace: "bases"
+
+commons:
+  helm:
+    release:
+      install: {}
+      test: {}
+      upgrade: {}
+  prometheus:
+    monitor:
+      labels: {}
+
+email: "an@example.org"