Merge pull request #6 from pinax-network/list-challenges

Add ACME DNS-01 TXT challenge support
pinax-network · Sep 12, 2024 · 14f9442 · 14f9442
2 parents 5a8e7cf + 0162c78
commit 14f9442
Show file tree

Hide file tree

Showing 17 changed files with 704 additions and 253 deletions.
diff --git a/.envrc b/.envrc
@@ -1 +1 @@
-kubectl cluster-info --context kind-kind
+use flake
diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,5 @@ tilt_modules
 .helm
 .vscode
 .idea
-.history
+.history
+.direnv/
diff --git a/Tiltfile b/Tiltfile
@@ -30,6 +30,20 @@ helm_remote('cilium',
             repo_url='https://helm.cilium.io')
 k8s_yaml('./test/cilium/dual-stack/crd-values.yaml')
 
+# Cert-manager
+helm_remote('cert-manager',
+            version="v1.15.3",
+            namespace="kube-system",
+            repo_name='jetstack',
+            set=['crds.enabled=true'],
+            repo_url='https://charts.jetstack.io')
+k8s_yaml('./test/cert-manager/clusterIssuer.yaml')
+
+helm_remote('cert-manager-webhook-pinax',
+            version="0.1.0",
+            namespace="kube-system",
+            repo_name='oci://ghcr.io/pinax-network/charts',
+            set=['certManager.namespace=kube-system'])
 
 # CoreDNS with updated RBAC
 k8s_yaml(helm(
@@ -82,3 +96,4 @@ k8s_yaml('./test/gateway-api/resources.yml')
 k8s_yaml('./test/gatewayclasses.yaml')
 k8s_yaml('./test/dual-stack/service-annotation.yml')
 k8s_yaml('./test/dual-stack/ingress-services.yml')
+k8s_yaml('./test/dual-stack/certificate.yaml')
diff --git a/charts/k8s-gateway/templates/rbac.yaml b/charts/k8s-gateway/templates/rbac.yaml
@@ -31,6 +31,9 @@ rules:
 - apiGroups: ["k8s.nginx.org"]
   resources: ["*"]
   verbs: ["watch", "list"]
+- apiGroups: ["acme.cert-manager.io"]
+  resources: ["*"]
+  verbs: ["watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -48,4 +51,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "k8s-gateway.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,27 @@
+{
+  description = "k8s_gateway test with cert-manager";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+
+  outputs =
+    inputs@{ self, ... }:
+    inputs.flake-utils.lib.eachDefaultSystem (
+      system:
+      let
+        pkgs = inputs.nixpkgs.legacyPackages.${system};
+      in
+      {
+        devShells.default = pkgs.mkShell {
+          packages = with pkgs; [
+            gnumake
+            k9s
+            kubectl
+            kubernetes-helm
+            kind
+            tilt
+            yq
+          ];
+        };
+      }
+    );
+}