Merge pull request #99 from coolguy1771/master

Enhanced Template Formatting, Added Affinities and Cert-Manager Support for Internal Certificates

charts/adcs-issuer/Chart.yaml

@@ -1,22 +1,11 @@
 apiVersion: v2
 name: adcs-issuer
-description: ADCS issuser plugin for cert-manager
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+description: ADCS Issuer plugin for cert-manager.
 type: application
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.1.2
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
+version: 3.0.0
 appVersion: "2.1.2"
-
+home: https://github.com/djkormo/adcs-issuer
+sources:
+  - https://github.com/djkormo/adcs-issuer
+  - https://djkormo.github.io/adcs-issuer/
+kubeVersion: ">=1.16.0"

charts/adcs-issuer/README.md

@@ -1,16 +1,130 @@
-helm template adcs-issuer  charts/adcs-issuer  -n adcs-issuer --values charts/adcs-issuer/values.yaml
-
-helm template adcs-issuer charts/adcs-issuer -n adcs-issuer --values charts/adcs-issuer/values.yaml > adcs-issuer-all.yaml
-
-kubectl -n adcs-issuer apply -f adcs-issuer-all.yaml --dry-run=server
-
-
-kubectl -n adcs-issuer get pod 
-
-kubectl -n adcs-issuer logs deploy/adcs-issuer-controller-manager
-
-kubectl -n adcs-issuer logs deploy/adcs-sim-deployment
-
-
-kubectl -n adcs-issuer delete -f adcs-issuer-all.yaml
-
+# adcs-issuer
+
+## Chart Overview
+
+ADCS Issuer plugin for cert-manager.
+
+### Chart Details
+
+- **Chart Name:** adcs-issuer
+- **Version:** ![Version: 2.1.2](https://img.shields.io/badge/Version-2.1.2-informational?style=flat-square)
+- **App Version:** ![AppVersion: 2.1.2](https://img.shields.io/badge/AppVersion-2.1.2-informational?style=flat-square)
+- **Chart Type:** ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+**Homepage:** <https://github.com/djkormo/adcs-issuer>
+
+## Source Code
+
+* <https://github.com/djkormo/adcs-issuer>
+* <https://djkormo.github.io/adcs-issuer/>
+
+## Requirements
+
+Kubernetes: `>=1.16.0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.jetstack.io | cert-manager | >=1.9 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| controllerManager.affinity.nodeAffinity | object | `{}` |  |
+| controllerManager.affinity.podAffinity | object | `{}` |  |
+| controllerManager.affinity.podAntiAffinity | object | `{}` |  |
+| controllerManager.arguments.cluster-resource-namespace | string | `"adcs-issuer"` |  |
+| controllerManager.arguments.disable-approved-check | string | `"false"` |  |
+| controllerManager.arguments.enable-leader-election | string | `"true"` |  |
+| controllerManager.arguments.zap-log-level | int | `5` |  |
+| controllerManager.caCertsSecretName | string | `"ca-certificates"` |  |
+| controllerManager.enabledCaCerts | bool | `false` |  |
+| controllerManager.enabledWebHooks | bool | `false` |  |
+| controllerManager.environment.ENABLE_DEBUG | string | `"false"` |  |
+| controllerManager.environment.ENABLE_WEBHOOKS | string | `"false"` |  |
+| controllerManager.environment.KUBERNETES_CLUSTER_DOMAIN | string | `"cluster.local"` |  |
+| controllerManager.manager.image.repository | string | `"djkormo/adcs-issuer"` |  |
+| controllerManager.manager.image.tag | string | `"2.1.2"` |  |
+| controllerManager.manager.livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| controllerManager.manager.livenessProbe.httpGet.port | int | `8081` |  |
+| controllerManager.manager.livenessProbe.httpGet.scheme | string | `"HTTP"` |  |
+| controllerManager.manager.livenessProbe.periodSeconds | int | `10` |  |
+| controllerManager.manager.livenessProbe.timeoutSeconds | int | `10` |  |
+| controllerManager.manager.readinessProbe.httpGet.path | string | `"/readyz"` |  |
+| controllerManager.manager.readinessProbe.httpGet.port | int | `8081` |  |
+| controllerManager.manager.readinessProbe.httpGet.scheme | string | `"HTTP"` |  |
+| controllerManager.manager.readinessProbe.initialDelaySeconds | int | `10` |  |
+| controllerManager.manager.readinessProbe.periodSeconds | int | `20` |  |
+| controllerManager.manager.readinessProbe.timeoutSeconds | int | `20` |  |
+| controllerManager.manager.resources.limits.cpu | string | `"100m"` |  |
+| controllerManager.manager.resources.limits.memory | string | `"500Mi"` |  |
+| controllerManager.manager.resources.requests.cpu | string | `"100m"` |  |
+| controllerManager.manager.resources.requests.memory | string | `"100Mi"` |  |
+| controllerManager.rbac.certManagerNamespace | string | `"cert-manager"` |  |
+| controllerManager.rbac.certManagerServiceAccountName | string | `"cert-manager"` |  |
+| controllerManager.rbac.enabled | bool | `true` |  |
+| controllerManager.rbac.serviceAccountName | string | `"adcs-issuer"` |  |
+| controllerManager.replicas | int | `1` |  |
+| controllerManager.securityContext.runAsUser | int | `1000` |  |
+| crd.install | bool | `true` |  |
+| metricsService.enabled | bool | `true` |  |
+| metricsService.ports[0].name | string | `"https"` |  |
+| metricsService.ports[0].port | int | `8443` |  |
+| metricsService.ports[0].targetPort | string | `"https"` |  |
+| metricsService.type | string | `"ClusterIP"` |  |
+| nodeSelector | object | `{}` |  |
+| simulator.affinity.nodeAffinity | object | `{}` |  |
+| simulator.affinity.podAffinity | object | `{}` |  |
+| simulator.affinity.podAntiAffinity | object | `{}` |  |
+| simulator.arguments.dns | string | `"adcs-sim-service.adcs-issuer.svc,adcs2.example.com"` |  |
+| simulator.arguments.ips | string | `"10.10.10.1,10.10.10.2"` |  |
+| simulator.arguments.port | int | `8443` |  |
+| simulator.certificateDuration | string | `"2160h"` |  |
+| simulator.certificateRenewBefore | string | `"360h"` |  |
+| simulator.clusterIssuserName | string | `"adcs-sim-adcsclusterissuer"` |  |
+| simulator.configMapName | string | `"adcs-sim-configmap"` |  |
+| simulator.containerPort | int | `8443` |  |
+| simulator.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
+| simulator.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| simulator.containerSecurityContext.readOnlyRootFilesystem | bool | `true` |  |
+| simulator.deploymentName | string | `"adcs-sim-deployment"` |  |
+| simulator.enabled | bool | `false` |  |
+| simulator.environment.ENABLE_DEBUG | string | `"false"` |  |
+| simulator.exampleCertificate.enabled | bool | `true` |  |
+| simulator.exampleCertificate.name | string | `"adcs-sim-certificate"` |  |
+| simulator.image.repository | string | `"djkormo/adcs-sim"` |  |
+| simulator.image.tag | string | `"0.0.6"` |  |
+| simulator.issuerGroup | string | `"cert-manager.io"` |  |
+| simulator.issuerKind | string | `"Issuer"` |  |
+| simulator.issuerName | string | `"adcs-sim-issuer"` |  |
+| simulator.livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| simulator.livenessProbe.httpGet.port | int | `8443` |  |
+| simulator.livenessProbe.httpGet.scheme | string | `"HTTPS"` |  |
+| simulator.livenessProbe.periodSeconds | int | `10` |  |
+| simulator.livenessProbe.timeoutSeconds | int | `10` |  |
+| simulator.podSecurityContext.runAsUser | int | `1000` |  |
+| simulator.readinessProbe.httpGet.path | string | `"/readyz"` |  |
+| simulator.readinessProbe.httpGet.port | int | `8443` |  |
+| simulator.readinessProbe.httpGet.scheme | string | `"HTTPS"` |  |
+| simulator.readinessProbe.initialDelaySeconds | int | `10` |  |
+| simulator.readinessProbe.periodSeconds | int | `20` |  |
+| simulator.readinessProbe.timeoutSeconds | int | `20` |  |
+| simulator.resources.limits.cpu | string | `"100m"` |  |
+| simulator.resources.limits.memory | string | `"500Mi"` |  |
+| simulator.resources.requests.cpu | string | `"100m"` |  |
+| simulator.resources.requests.memory | string | `"100Mi"` |  |
+| simulator.secretCertificateName | string | `"adcs-sim-certificate-secret"` |  |
+| simulator.secretName | string | `"adcs-sim-secret"` |  |
+| simulator.serviceName | string | `"adcs-sim-service"` |  |
+| simulator.servicePort | int | `8443` |  |
+| webhookService.ports[0].port | int | `443` |  |
+| webhookService.ports[0].targetPort | int | `9443` |  |
+| webhookService.type | string | `"ClusterIP"` |  |
+
+### Configuration
+
+To install the chart with the release name `adcs-issuer`:
+
+```bash
+helm install adcs-issuer adcs-issuer --namespace <namespace> --create-namespace
+```

charts/adcs-issuer/README.md.gotmpl

@@ -0,0 +1,36 @@
+{{ template "chart.header" . }}
+
+{{ template "chart.deprecationWarning" . }}
+
+## Chart Overview
+
+{{ template "chart.description" . }}
+
+### Chart Details
+
+- **Chart Name:** {{ template "chart.name" . }}
+- **Version:** {{ template "chart.versionBadge" . }}
+- **App Version:** {{ template "chart.appVersionBadge" . }}
+- **Chart Type:** {{ template "chart.typeBadge" . }}
+
+{{ template "chart.homepageLine" . }}
+
+
+{{ template "chart.maintainersSection" . }}
+
+
+{{ template "chart.sourcesSection" . }}
+
+
+{{ template "chart.requirementsSection" . }}
+
+
+{{ template "chart.valuesSection" . }}
+
+### Configuration
+
+To install the chart with the release name `{{ template "chart.name" . }}`:
+
+```bash
+helm install {{ template "chart.name" . }} {{ template "chart.name" . }} --namespace <namespace> --create-namespace
+```

charts/adcs-issuer/templates/_helpers.tpl

@@ -1,62 +1,60 @@
 {{/*
-Expand the name of the chart.
+Expand the name of the chart, allowing for an override.
 */}}
 {{- define "chart.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- .Values.nameOverride | default .Chart.Name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
+Create a fully qualified app name. Truncate at 63 characters as required by the DNS naming spec.
 */}}
 {{- define "chart.fullname" -}}
 {{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+    {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
+    {{- $name := include "chart.name" . }}
+    {{- if contains $name .Release.Name }}
+        {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+    {{- else }}
+        {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+    {{- end }}
 {{- end }}
 {{- end }}
 
 {{/*
-Create chart name and version as used by the chart label.
+Create chart name and version for labeling purposes.
 */}}
 {{- define "chart.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
-Common labels
+Common labels used across Kubernetes objects.
 */}}
 {{- define "chart.labels" -}}
 helm.sh/chart: {{ include "chart.chart" . }}
 {{ include "chart.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- with .Chart.AppVersion }}
+app.kubernetes.io/version: {{ quote . }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
 {{/*
-Selector labels
+Selector labels to help identify related Kubernetes resources.
 */}}
 {{- define "chart.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "chart.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
-Create the name of the service account to use
+Create the service account name, with the option to override or use a default.
 */}}
 {{- define "chart.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
+    {{- .Values.serviceAccount.name | default (include "chart.fullname" .) }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+    {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}

charts/adcs-issuer/templates/adcsissuer-crd.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.crd.install  }}
+{{- if .Values.crd.install }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -87,4 +87,4 @@ status:
   conditions: []
   storedVersions: []
 
-{{- end  }}    
+{{- end  }}

charts/adcs-issuer/templates/adcsrequest-crd.yaml

@@ -104,4 +104,4 @@ status:
   conditions: []
   storedVersions: []
 
-{{- end  }}    
+{{- end  }}

charts/adcs-issuer/templates/cert-manager-controller-approve-dcs-certmanager-csf-nokia-com-rbac.yaml

@@ -1,36 +1,39 @@
-{{- if .Values.controllerManager.rbac.enabled  }}
+{{- if .Values.controllerManager.rbac.enabled }}
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "chart.fullname" . }}-cert-manager-controller-approve:adcs-certmanager-csf-nokia-com
+  name: {{ include "chart.fullname" . }}-cert-manager-controller-approve-adcs-certmanager-csf-nokia-com
   labels:
-  {{- include "chart.labels" . | nindent 4 }}
+    {{- include "chart.labels" . | nindent 4 }}
 rules:
-- apiGroups:
-  - cert-manager.io
-  resourceNames:
-  - adcsissuers.adcs.certmanager.csf.nokia.com/*
-  - clusteradcsissuers.adcs.certmanager.csf.nokia.com/*
-  resources:
-  - signers
-  verbs:
-  - approve
+  - apiGroups:
+      - cert-manager.io
+    resourceNames:
+      - adcsissuers.adcs.certmanager.csf.nokia.com/*
+      - clusteradcsissuers.adcs.certmanager.csf.nokia.com/*
+    resources:
+      - signers
+    verbs:
+      - approve
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "chart.fullname" . }}-cert-manager-controller-approve:adcs-certmanager-csf-nokia-com
+  name: {{ include "chart.fullname" . }}-cert-manager-controller-approve-adcs-certmanager-csf-nokia-com
   labels:
-  {{- include "chart.labels" . | nindent 4 }}
+    {{- include "chart.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "chart.fullname" . }}-cert-manager-controller-approve:adcs-certmanager-csf-nokia-com
+  name: {{ include "chart.fullname" . }}-cert-manager-controller-approve-adcs-certmanager-csf-nokia-com
 subjects:
-- kind: ServiceAccount
-  name: {{ .Values.controllerManager.rbac.serviceAccountName }}
-  namespace: {{ .Release.Namespace }}
-- kind: ServiceAccount
-  name: {{ .Values.controllerManager.rbac.certManagerServiceAccountName }}
-  namespace: {{ .Values.controllerManager.rbac.certManagerNamespace }}
-{{- end  }}    
+  - kind: ServiceAccount
+    name: {{ .Values.controllerManager.rbac.serviceAccountName | default (include "chart.fullname" .) }}
+    namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: {{ .Values.controllerManager.rbac.certManagerServiceAccountName }}
+    namespace: {{ .Values.controllerManager.rbac.certManagerNamespace }}
+
+{{- end }}