From 27750e83a2bc57597aea530d55e90cba31c2f826 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Sat, 25 Nov 2023 00:20:05 +0100 Subject: [PATCH] fix(infra-certificates): init --- base-values/commons.yaml | 5 ++ base-values/infra.yaml | 5 +- infra-certificates/.helmignore | 23 ++++++++ infra-certificates/Chart.yaml | 6 ++ .../cluster-issuer/letsencrypt-prod.yaml | 26 +++++++++ .../cluster-issuer/selfsigned.yaml | 9 +++ .../templates/certmanager/release.yaml | 57 +++++++++++++++++++ .../templates/certmanager/repo.yaml | 8 +++ .../templates/configmap_init_crd.yaml | 20 +++++++ infra-certificates/values.yaml | 15 +++++ 10 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 infra-certificates/.helmignore create mode 100644 infra-certificates/Chart.yaml create mode 100644 infra-certificates/templates/certmanager/cluster-issuer/letsencrypt-prod.yaml create mode 100644 infra-certificates/templates/certmanager/cluster-issuer/selfsigned.yaml create mode 100644 infra-certificates/templates/certmanager/release.yaml create mode 100644 infra-certificates/templates/certmanager/repo.yaml create mode 100644 infra-certificates/templates/configmap_init_crd.yaml create mode 100644 infra-certificates/values.yaml diff --git a/base-values/commons.yaml b/base-values/commons.yaml index aa8b0f0..de2258e 100644 --- a/base-values/commons.yaml +++ b/base-values/commons.yaml @@ -1,4 +1,5 @@ commons: + helm: release: install: @@ -9,12 +10,16 @@ commons: disableWait: true remediation: retries: -1 + ingress: domain: "wrenix.eu" + annotations: + grafana: dashboards: labels: grafana_dashboard: "1" + prometheus: monitor: labels: diff --git a/base-values/infra.yaml b/base-values/infra.yaml index 7d2c67a..16e8079 100644 --- a/base-values/infra.yaml +++ b/base-values/infra.yaml @@ -12,4 +12,7 @@ components: infra-ingress: enabled: true namespace: "ingress" - + + infra-certificates: + enabled: true + namespace: "certificates" diff --git a/infra-certificates/.helmignore b/infra-certificates/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/infra-certificates/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/infra-certificates/Chart.yaml b/infra-certificates/Chart.yaml new file mode 100644 index 0000000..a30cff7 --- /dev/null +++ b/infra-certificates/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: infra-certificates +description: Install all certificate related +type: application + +version: 0.1.0 diff --git a/infra-certificates/templates/certmanager/cluster-issuer/letsencrypt-prod.yaml b/infra-certificates/templates/certmanager/cluster-issuer/letsencrypt-prod.yaml new file mode 100644 index 0000000..51ba026 --- /dev/null +++ b/infra-certificates/templates/certmanager/cluster-issuer/letsencrypt-prod.yaml @@ -0,0 +1,26 @@ +{{- if (.Capabilities.APIVersions.Has "cert-manager.io/v1/ClusterIssuer") }} +--- +apiVersion: "cert-manager.io/v1" +kind: "ClusterIssuer" +metadata: + name: "letsencrypt-prod" +spec: + acme: + server: "https://acme-v02.api.letsencrypt.org/directory" + preferredChain: "ISRG Root X1" + email: {{ .Values.email }} + privateKeySecretRef: + name: "letsencrypt-prod" + solvers: + - http01: + ingress: + ingressTemplate: + metadata: + annotations: + "ingress.kubernetes.io/ssl-redirect": "false" + "nginx.org/redirect-to-https": "false" + "traefik.ingress.kubernetes.io/router.entrypoints": "web" + {{- with .Values.commons.ingress.annotations }} + {{- toYaml . | nindent 16 }} + {{- end }} +{{- end }} diff --git a/infra-certificates/templates/certmanager/cluster-issuer/selfsigned.yaml b/infra-certificates/templates/certmanager/cluster-issuer/selfsigned.yaml new file mode 100644 index 0000000..44774e0 --- /dev/null +++ b/infra-certificates/templates/certmanager/cluster-issuer/selfsigned.yaml @@ -0,0 +1,9 @@ +{{- if (.Capabilities.APIVersions.Has "cert-manager.io/v1/ClusterIssuer") }} +--- +apiVersion: "cert-manager.io/v1" +kind: "ClusterIssuer" +metadata: + name: "selfsigned" +spec: + selfSigned: {} +{{- end }} diff --git a/infra-certificates/templates/certmanager/release.yaml b/infra-certificates/templates/certmanager/release.yaml new file mode 100644 index 0000000..8efd256 --- /dev/null +++ b/infra-certificates/templates/certmanager/release.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cert-manager +spec: + chart: + spec: + sourceRef: + kind: HelmRepository + name: jetstack + chart: cert-manager + interval: 10m + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + interval: 10m + values: + installCRDs: true + + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 512Mi + + webhook: + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + memory: 128Mi + + cainjector: + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + memory: 512Mi + + prometheus: + enabled: true + servicemonitor: + enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} + {{- with get .Values.commons.prometheus.monitor.labels "prometheus" }} + prometheusInstance: {{ . | quote }} + {{- end }} + {{- with omit .Values.commons.prometheus.monitor.labels "prometheus" }} + labels: + {{- toYaml . | nindent 10 }} + {{- end }} diff --git a/infra-certificates/templates/certmanager/repo.yaml b/infra-certificates/templates/certmanager/repo.yaml new file mode 100644 index 0000000..30fea54 --- /dev/null +++ b/infra-certificates/templates/certmanager/repo.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: jetstack +spec: + url: https://charts.jetstack.io + interval: 10m0s diff --git a/infra-certificates/templates/configmap_init_crd.yaml b/infra-certificates/templates/configmap_init_crd.yaml new file mode 100644 index 0000000..0795119 --- /dev/null +++ b/infra-certificates/templates/configmap_init_crd.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-init + namespace: "{{ .Values.init.namespace }}" +data: + {{- $isMonitoring := (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} + monitoring: {{ $isMonitoring | quote }} + {{- $isCertManager := (.Capabilities.APIVersions.Has "cert-manager.io/v1/ClusterIssuer") }} + certmanager: {{ $isCertManager | quote }} + {{- if and + $isMonitoring + $isCertManager + }} + init: "-1" + {{- else }} + init: "{{ add1 .Values.init.version }}" + {{- end }} + diff --git a/infra-certificates/values.yaml b/infra-certificates/values.yaml new file mode 100644 index 0000000..c55d95e --- /dev/null +++ b/infra-certificates/values.yaml @@ -0,0 +1,15 @@ +init: + version: 0 + namespace: "bases" + +commons: + helm: + release: + install: {} + test: {} + upgrade: {} + prometheus: + monitor: + labels: {} + +email: "an@example.org"