diff --git a/kubernetes/helm/cert-manager/Chart.yaml b/kubernetes/helm/cert-manager/Chart.yaml deleted file mode 100644 index ad475717e..000000000 --- a/kubernetes/helm/cert-manager/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: cert-manager -# The version and appVersion fields are set automatically by the release tool -version: v0.8.0 -appVersion: v0.8.0 -description: A Helm chart for cert-manager -home: https://github.com/jetstack/cert-manager -icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png -keywords: - - cert-manager - - kube-lego - - letsencrypt - - tls -sources: - - https://github.com/jetstack/cert-manager -maintainers: - - name: munnerz - email: james@jetstack.io diff --git a/kubernetes/helm/cert-manager-cluster-issuer/.gitignore b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/.gitignore similarity index 100% rename from kubernetes/helm/cert-manager-cluster-issuer/.gitignore rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/.gitignore diff --git a/kubernetes/helm/cert-manager-cluster-issuer/Chart.yaml b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/Chart.yaml similarity index 63% rename from kubernetes/helm/cert-manager-cluster-issuer/Chart.yaml rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/Chart.yaml index 632635822..737344847 100644 --- a/kubernetes/helm/cert-manager-cluster-issuer/Chart.yaml +++ b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/Chart.yaml @@ -1,5 +1,5 @@ +apiVersion: v2 name: cert-manager-cluster-issuer -# The version and appVersion fields are set automatically by the release tool version: v0.1.0 appVersion: v0.1.0 description: A Helm chart to create the cert-manager cluster issuers diff --git a/kubernetes/helm/cert-manager-cluster-issuer/Makefile b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/Makefile similarity index 100% rename from kubernetes/helm/cert-manager-cluster-issuer/Makefile rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/Makefile diff --git a/kubernetes/helm/cert-manager-cluster-issuer/README.md b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/README.md similarity index 87% rename from kubernetes/helm/cert-manager-cluster-issuer/README.md rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/README.md index b766c3568..392eac541 100644 --- a/kubernetes/helm/cert-manager-cluster-issuer/README.md +++ b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/README.md @@ -47,19 +47,22 @@ Creating keys: https://docs.cert-manager.io/en/latest/tasks/issuers/setup-acme/d Adding a request for a certificate via a dns01 verification +doc: https://docs.cert-manager.io/en/release-0.11/tutorials/acme/dns-validation.html + ``` --- -apiVersion: certmanager.k8s.io/v1alpha1 +apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: test1-dev-k8s-managedkube-com-tls namespace: default spec: + secretName: test1-dev-k8s-managedkube-com-tls + issuerRef: + # kind: ClusterIssuer + name: issuer-dns01 dnsNames: - test1.dev.k8s.managedkube.com - test2.dev.k8s.managedkube.com - issuerRef: - kind: ClusterIssuer - name: issuer-dns01 - secretName: test1-dev-k8s-managedkube-com-tls + ``` diff --git a/kubernetes/helm/cert-manager-cluster-issuer/environments/aws-dev/values.yaml b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/environments/aws-dev/values.yaml similarity index 100% rename from kubernetes/helm/cert-manager-cluster-issuer/environments/aws-dev/values.yaml rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/environments/aws-dev/values.yaml diff --git a/kubernetes/helm/cert-manager-cluster-issuer/environments/gcp-dev/values.yaml b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/environments/gcp-dev/values.yaml similarity index 50% rename from kubernetes/helm/cert-manager-cluster-issuer/environments/gcp-dev/values.yaml rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/environments/gcp-dev/values.yaml index c8faf626e..786d0d30e 100644 --- a/kubernetes/helm/cert-manager-cluster-issuer/environments/gcp-dev/values.yaml +++ b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/environments/gcp-dev/values.yaml @@ -8,13 +8,17 @@ clouddns: # This is the secret used to access the service account # The file name has to be "credentials.json". The file name is put into the secret # as the key name and the chart is looking for the key name "credentials.json" - # kubectl -n cert-manager create secret generic gcp-credentials-json --from-file=/credentials.json + # kubectl -n cert-manager create secret generic clouddns-dns01-solver-svc-acct --from-file=credentials.json + # Doc: https://docs.cert-manager.io/en/latest/tasks/issuers/setup-acme/dns01/google.html#create-a-service-account-secret serviceAccountSecretRef: - name: "gcp-credentials-json" + name: "clouddns-dns01-solver-svc-acct" key: credentials.json -# AWS Route53 -# aws: -# region: us-east-1 -# accessKeyID: xxx -# secretKey: xxx +issuer: + dns: + enabled: true + name: issuer-dns01 + + http: + enabled: true + name: issuer-http01 diff --git a/kubernetes/helm/cert-manager-cluster-issuer/templates/aws-route53-credentials-secret.yaml b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/aws-route53-credentials-secret.yaml similarity index 100% rename from kubernetes/helm/cert-manager-cluster-issuer/templates/aws-route53-credentials-secret.yaml rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/aws-route53-credentials-secret.yaml diff --git a/kubernetes/helm/cert-manager-cluster-issuer/templates/dns01.yaml b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/dns01.yaml similarity index 85% rename from kubernetes/helm/cert-manager-cluster-issuer/templates/dns01.yaml rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/dns01.yaml index ca83eb3f3..fdd53ee14 100644 --- a/kubernetes/helm/cert-manager-cluster-issuer/templates/dns01.yaml +++ b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/dns01.yaml @@ -1,7 +1,7 @@ {{- if .Values.issuer.dns.enabled }} # doc: http://docs.cert-manager.io/en/latest/reference/issuers/acme/dns01.html --- -apiVersion: certmanager.k8s.io/v1alpha1 +apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: {{ .Values.issuer.dns.name }} @@ -10,7 +10,7 @@ spec: email: {{ .Values.email }} server: {{ .Values.letsencrypt.server }} privateKeySecretRef: - name: letsencrypt-private-key + name: letsencrypt-private-key-dns-01 solvers: - dns01: @@ -27,7 +27,7 @@ spec: {{- end }} {{ if eq .Values.provider "google" }} - # Google Provider + # Google Provider - https://docs.cert-manager.io/en/release-0.11/tasks/issuers/setup-acme/dns01/google.html clouddns: # The ID of the GCP project project: {{ .Values.clouddns.project }} diff --git a/kubernetes/helm/cert-manager-cluster-issuer/templates/http01.yaml b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/http01.yaml similarity index 84% rename from kubernetes/helm/cert-manager-cluster-issuer/templates/http01.yaml rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/http01.yaml index 894d6400a..085b29481 100644 --- a/kubernetes/helm/cert-manager-cluster-issuer/templates/http01.yaml +++ b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/templates/http01.yaml @@ -1,6 +1,6 @@ {{- if .Values.issuer.http.enabled }} --- -apiVersion: certmanager.k8s.io/v1alpha1 +apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: issuer-http01 @@ -12,7 +12,7 @@ spec: email: {{ .Values.email }} # Name of a secret used to store the ACME account private key from step 3 privateKeySecretRef: - name: letsencrypt-private-key + name: letsencrypt-private-key-http-01 # Enable the HTTP-01 challenge provider http01: {} diff --git a/kubernetes/helm/cert-manager-cluster-issuer/values.yaml b/kubernetes/helm/cert-manager/cert-manager-cluster-issuer/values.yaml similarity index 100% rename from kubernetes/helm/cert-manager-cluster-issuer/values.yaml rename to kubernetes/helm/cert-manager/cert-manager-cluster-issuer/values.yaml diff --git a/kubernetes/helm/cert-manager/.gitignore b/kubernetes/helm/cert-manager/cert-manager/.gitignore similarity index 100% rename from kubernetes/helm/cert-manager/.gitignore rename to kubernetes/helm/cert-manager/cert-manager/.gitignore diff --git a/kubernetes/helm/cert-manager/cert-manager/Chart.lock b/kubernetes/helm/cert-manager/cert-manager/Chart.lock new file mode 100644 index 000000000..da73874f5 --- /dev/null +++ b/kubernetes/helm/cert-manager/cert-manager/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v0.11.0 +digest: sha256:51683512f39cf91681ecfb04428c086da8cdaf29f27d39e82c13052464a69beb +generated: "2019-11-16T07:44:27.913185996-08:00" diff --git a/kubernetes/helm/cert-manager/cert-manager/Chart.yaml b/kubernetes/helm/cert-manager/cert-manager/Chart.yaml new file mode 100644 index 000000000..9a8e755a2 --- /dev/null +++ b/kubernetes/helm/cert-manager/cert-manager/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: cert-manager +version: v0.11.0 +appVersion: v0.11.0 +description: A Helm chart for cert-manager +dependencies: +- name: cert-manager + version: v0.11.0 + repository: https://charts.jetstack.io diff --git a/kubernetes/helm/cert-manager/Makefile b/kubernetes/helm/cert-manager/cert-manager/Makefile similarity index 91% rename from kubernetes/helm/cert-manager/Makefile rename to kubernetes/helm/cert-manager/cert-manager/Makefile index 13de7a7fb..bf8e6c479 100644 --- a/kubernetes/helm/cert-manager/Makefile +++ b/kubernetes/helm/cert-manager/cert-manager/Makefile @@ -7,7 +7,7 @@ BASE_PATH=. APPLCATION_CHART_NAME=./ # APPLCATION_CHART_NAME=jetstack/cert-manager APPLICATION_NAME=cert-manager -VERSION=0.8 +VERSION=0.11 VALUES_FILE?=values.yaml @@ -17,7 +17,7 @@ dependency: ${HELM_BINARY} dependency build apply-crd: - kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-${VERSION}/deploy/manifests/00-crds.yaml + kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-${VERSION}/deploy/manifests/00-crds.yaml delete-crd: kubectl delete -f https://raw.githubusercontent.com/jetstack/cert-manager/release-${VERSION}/deploy/manifests/00-crds.yaml diff --git a/kubernetes/helm/cert-manager/README.md b/kubernetes/helm/cert-manager/cert-manager/README.md similarity index 100% rename from kubernetes/helm/cert-manager/README.md rename to kubernetes/helm/cert-manager/cert-manager/README.md diff --git a/kubernetes/helm/cert-manager/cert-manager/charts/cert-manager-v0.11.0.tgz b/kubernetes/helm/cert-manager/cert-manager/charts/cert-manager-v0.11.0.tgz new file mode 100644 index 000000000..3f88213ff Binary files /dev/null and b/kubernetes/helm/cert-manager/cert-manager/charts/cert-manager-v0.11.0.tgz differ diff --git a/kubernetes/helm/cert-manager/cert-manager/values.yaml b/kubernetes/helm/cert-manager/cert-manager/values.yaml new file mode 100644 index 000000000..76f5ca1b1 --- /dev/null +++ b/kubernetes/helm/cert-manager/cert-manager/values.yaml @@ -0,0 +1,5 @@ +--- +cert-manager: + webhook: + enabled: false + diff --git a/kubernetes/helm/cert-manager/charts/cert-manager-v0.8.0.tgz b/kubernetes/helm/cert-manager/charts/cert-manager-v0.8.0.tgz deleted file mode 100644 index 7b9ab090f..000000000 Binary files a/kubernetes/helm/cert-manager/charts/cert-manager-v0.8.0.tgz and /dev/null differ diff --git a/kubernetes/helm/cert-manager/issuers/clouddns/dns01.yaml b/kubernetes/helm/cert-manager/issuers/clouddns/dns01.yaml deleted file mode 100644 index 42954f22b..000000000 --- a/kubernetes/helm/cert-manager/issuers/clouddns/dns01.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# doc: http://docs.cert-manager.io/en/latest/reference/issuers/acme/dns01.html ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: issuer-dns01 -spec: - acme: - email: devops@expanse.com - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-private-key - dns01: - providers: - - name: prod - clouddns: - project: elasticsearch-204100 - serviceAccountSecretRef: - name: gcp-clouddns-service-account - key: service-account.json diff --git a/kubernetes/helm/cert-manager/issuers/clouddns/service-account-secret.yaml b/kubernetes/helm/cert-manager/issuers/clouddns/service-account-secret.yaml deleted file mode 100644 index cd49cfd75..000000000 --- a/kubernetes/helm/cert-manager/issuers/clouddns/service-account-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: gcp-clouddns-service-account -data: - # Base64 encoded GCP service account json file content - service-account.json: xxxxxx diff --git a/kubernetes/helm/cert-manager/issuers/http01.yaml b/kubernetes/helm/cert-manager/issuers/http01.yaml deleted file mode 100644 index 53a154499..000000000 --- a/kubernetes/helm/cert-manager/issuers/http01.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: issuer-http01 -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: devops@managedkube.com - # Name of a secret used to store the ACME account private key from step 3 - privateKeySecretRef: - name: letsencrypt-private-key - # Enable the HTTP-01 challenge provider - http01: {} diff --git a/kubernetes/helm/cert-manager/issuers/route53/aws-route53-credentials-secret.yaml b/kubernetes/helm/cert-manager/issuers/route53/aws-route53-credentials-secret.yaml deleted file mode 100644 index 16a7125df..000000000 --- a/kubernetes/helm/cert-manager/issuers/route53/aws-route53-credentials-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: aws-route53-credentials-secret -type: Opaque -data: - # Base64 encoded string of the aws private key - secret-access-key: bar diff --git a/kubernetes/helm/cert-manager/issuers/route53/dns01.yaml b/kubernetes/helm/cert-manager/issuers/route53/dns01.yaml deleted file mode 100644 index f9ea7f0a3..000000000 --- a/kubernetes/helm/cert-manager/issuers/route53/dns01.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# doc: http://docs.cert-manager.io/en/latest/reference/issuers/acme/dns01.html ---- -apiVersion: certmanager.k8s.io/v1alpha1 -kind: ClusterIssuer -metadata: - name: issuer-dns01 -spec: - acme: - email: devops@managedkube.com - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-private-key - dns01: - providers: - - name: prod - route53: - region: us-east-1 - - # optional if ambient credentials are available; see ambient credentials documentation - accessKeyID: foo - secretAccessKeySecretRef: - name: aws-route53-credentials-secret - key: secret-access-key diff --git a/kubernetes/helm/cert-manager/requirements.lock b/kubernetes/helm/cert-manager/requirements.lock deleted file mode 100644 index 8aa071bf2..000000000 --- a/kubernetes/helm/cert-manager/requirements.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: cert-manager - repository: https://charts.jetstack.io - version: v0.8.0 -digest: sha256:029b7796f2f59dae9d1d5d0e2c8fd84f8ffb124daa20c9838ba53c772e8902f4 -generated: 2019-06-07T18:58:47.416259347-07:00 diff --git a/kubernetes/helm/cert-manager/requirements.yaml b/kubernetes/helm/cert-manager/requirements.yaml deleted file mode 100644 index ba34a07b7..000000000 --- a/kubernetes/helm/cert-manager/requirements.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -dependencies: -- name: cert-manager - version: v0.8.0 - repository: https://charts.jetstack.io diff --git a/kubernetes/helm/cert-manager/values.yaml b/kubernetes/helm/cert-manager/values.yaml deleted file mode 100644 index 88a2c7ecd..000000000 --- a/kubernetes/helm/cert-manager/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# cert-manager: -# webhook: -# enabled: false - - -webhook: - enabled: false