feat: cert manager integration

src/components/Highlight/Highlight.js

@@ -1,10 +1,28 @@
 import React from 'react';
 import styles from './styles.module.css';
 
+const colors = {
+  primary: 'var(--ifm-color-primary)',
+  secondary: 'var(--ifm-color-secondary)',
+  success: 'var(--ifm-color-success)',
+  info: 'var(--ifm-color-info)',
+  warning: 'var(--ifm-color-warning)',
+  danger: 'var(--ifm-color-danger)'
+};
+
 export default class Highlight extends React.Component {
   render() {
-    let {children, ...highlightStyle} = this.props
-
-    return <span style={highlightStyle} className={`${styles.highlight} ${this.props.className}`}> {children} </span>;
+    const { children, color, className, ...props } = this.props;
+    return (
+      <span
+        style={{
+          backgroundColor: color ? (colors[color] || color) : undefined,
+          ...props
+        }}
+        className={`${styles.highlight} ${className || ''}`}
+      >
+        {children}
+      </span>
+    );
   }
 }

vcluster/_fragments/integrations/cert-manager.mdx

@@ -0,0 +1,229 @@
+import Highlight from "@site/src/components/Highlight/Highlight";
+
+import Flow, { Step } from "@site/src/components/Flow";
+import NavStep from "@site/src/components/NavStep";
+import Field from "@site/src/components/Field";
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+import CertManagerPartial from "../../_partials/config/integrations/certManager.mdx";
+import BasePrerequisites from "../../../platform/_partials/install/base-prerequisites.mdx";
+import CodeBlock from "@theme/CodeBlock";
+import Deploy from "../../_partials/deploy/deploy.mdx";
+import ProAdmonition from "../../_partials/admonitions/pro-admonition.mdx";
+
+<ProAdmonition />
+
+# Cert manager integration
+
+This guide shows how to set up cert-manager integration with your virtual cluster.
+
+### Prerequisites
+
+<BasePrerequisites />
+
+- `cert-manager` operator installed on your host cluster, see [cert-manager installation
+  guide](https://cert-manager.io).
+
+## Enable the integration
+
+<!-- TODO:(piotr1215) add link to cert-manager integration when available -->
+
+Enable the cert-manager integration in your virtual cluster configuration:
+
+```yaml title="Enable cert-manager integration"
+integrations:
+  certManager:
+    enabled: true
+```
+
+This configuration:
+
+- Enables the integration.
+- Imports cluster-scoped `ClusterIssuers` from your host cluster into the virtual
+  cluster.
+- Exports namespaced Issuers and Certificates from the virtual cluster to the
+  host cluster.
+
+:::tip create virtual cluster
+Create or update a `virtual Cluster` following the [vCluster quick start
+guide](/vcluster#deploy-vcluster).
+:::
+
+### Set up cluster contexts
+
+Setting up the host and virtual cluster contexts makes it easier to switch
+between them.
+
+```bash
+export HOST_CTX="your-host-context"
+export VCLUSTER_CTX="vcluster-ctx"
+```
+
+:::tip
+You can find your contexts by running `kubectl config get-contexts`
+:::
+
+## Setup the integration
+
+If you don't have cert-manager configured yet, follow these steps:
+
+<Flow id="cert-manager-integration">
+<Step>
+
+<Highlight color="green">Virtual Cluster</Highlight> Create the `ClusterIssuer`.
+
+:::tip
+This should create a corresponding Issuer in the host cluster.
+:::
+
+Create a file named `issuer.yaml`:
+
+```yaml title="Create ClusterIssuer"
+cat <<EOF > issuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # highlight-start
+    # Replace this email address with your own
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account
+    # highlight-end
+    email: [email protected]
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: example-issuer-account-key
+    solvers:
+    - http01:
+        ingress:
+          ingressClassName: nginx
+EOF
+```
+
+Apply to the host cluster:
+
+```bash title="Apply ClusterIssuer to host cluster"
+kubectl --context=$HOST_CTX apply -f issuer.yaml
+```
+
+</Step>
+
+## Create a certificate
+
+With the `ClusterIssuers` configured, create a certificate within the virtual cluster.
+
+<Step>
+
+<Highlight color="green">Virtual Cluster</Highlight> Create the Certificate
+
+Create a file named `certificate.yaml`:
+
+```yaml title="Create Certificate"
+cat <<EOF > certificate.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: quickstart-example-tls
+  namespace: default
+spec:
+  dnsNames:
+  - example.example.com
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: letsencrypt-staging
+  secretName: quickstart-example-tls
+  usages:
+  - digital signature
+  - key encipherment
+EOF
+```
+
+```bash title="Apply Certificate in virtual cluster"
+kubectl --context=$VCLUSTER_CTX apply -f certificate.yaml
+```
+
+:::tip
+Once that certificate is created in the virtual cluster, the integration syncs the created secret back to the virtual cluster after the cert-manager operator creates it in the host cluster, and the certificate is ready to use.
+:::
+
+</Step>
+
+## Verify the setup
+
+<Step>
+
+<Highlight>Host Cluster</Highlight> Check the `ClusterIssuer`
+
+```bash title="Check ClusterIssuer in host cluster"
+kubectl --context=$HOST_CTX describe clusterissuer letsencrypt-staging
+```
+
+</Step>
+<Step>
+
+<Highlight color="green">Virtual Cluster</Highlight> Check resources
+
+```bash title="Check Issuer and Certificate in virtual cluster"
+kubectl --context=$VCLUSTER_CTX describe issuer letsencrypt-staging -n default
+
+kubectl --context=$VCLUSTER_CTX describe certificate quickstart-example-tls -n default
+
+kubectl --context=$VCLUSTER_CTX get secret quickstart-example-tls -n default
+```
+
+</Step>
+</Flow>
+
+## Using the certificate
+
+To use your certificate in an application, reference it in your Ingress resource:
+
+```yaml title="ingress.yaml"
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: example-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+spec:
+  tls:
+    - hosts:
+        - example.example.com
+      secretName: quickstart-example-tls
+  rules:
+    - host: example.example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: example-service
+                port:
+                  number: 80
+```
+
+## Troubleshooting
+
+<Highlight>Host Cluster</Highlight>
+- Verify cert-manager is running
+
+```bash title="Verify Cert Manager Installation
+kubectl --context=$HOST_CTX -n cert-manager get pods
+```
+- Check cert-manager logs for errors - Ensure proper RBAC permissions are configured
+
+<Highlight color="green">Virtual Cluster</Highlight>
+- Verify the integration is enabled in your vcluster configuration
+- Check that secrets are syncing correctly between clusters
+- Ensure your Issuer and Certificate configurations are correct
+
+For detailed troubleshooting steps, see the [cert-manager troubleshooting guide](https://cert-manager.io/docs/troubleshooting/).
+
+## Config reference
+
+<CertManagerPartial />

vcluster/_partials/config/integrations/certManager.mdx

@@ -0,0 +1 @@
+## Cert manager

vcluster/configure/vcluster-yaml/integrations/cert-manager.mdx

@@ -0,0 +1,13 @@
+---
+title: Certifcate Manager
+sidebar_label: certificateManager
+sidebar_class_name: pro
+sidebar_position: 2
+---
+
+import ExternalSecretsGuide from '@site/vcluster/_fragments/integrations/cert-manager.mdx'
+
+<ExternalSecretsGuide />
+
+## Config reference
+

vcluster/integrations/certmanager/certManager.mdx

@@ -0,0 +1,10 @@
+---
+title: "Cert Manager"
+sidebar_label: "Cert Manager"
+sidebar_class_name: pro
+sidebar_position: 2
+---
+
+import CertManager from '../../_fragments/integrations/cert-manager.mdx'
+
+<CertManager />