From 5ceba511f7bda6f46bf7a304fc7b39ad820a657e Mon Sep 17 00:00:00 2001
From: Amit Sagtani <asagtani06@gmail.com>
Date: Mon, 16 Sep 2024 17:45:00 +0200
Subject: [PATCH 1/5] add step-certificates example values

---
 offline/ci.sh                                 |  1 +
 .../prod-values.example.yaml                  | 84 +++++++++++++++++++
 2 files changed, 85 insertions(+)
 create mode 100644 values/step-certificates/prod-values.example.yaml

diff --git a/offline/ci.sh b/offline/ci.sh
index 5d403e51d..ff8ba65c3 100755
--- a/offline/ci.sh
+++ b/offline/ci.sh
@@ -97,6 +97,7 @@ cr.k8ssandra.io/k8ssandra/cass-management-api:3.11.16
 cr.k8ssandra.io/k8ssandra/system-logger:v1.19.1
 docker.io/thelastpickle/cassandra-reaper:3.5.0
 docker.io/k8ssandra/medusa:0.20.1
+cr.step.sm/smallstep/step-ca:0.25.3-rc7
 EOF
 }
 
diff --git a/values/step-certificates/prod-values.example.yaml b/values/step-certificates/prod-values.example.yaml
new file mode 100644
index 000000000..f589e4d1a
--- /dev/null
+++ b/values/step-certificates/prod-values.example.yaml
@@ -0,0 +1,84 @@
+step-certificates:
+  image:
+    repository: cr.step.sm/smallstep/step-ca
+    tag: 0.25.3-rc7
+
+  # bootstrap:
+  #   enabled: false
+  #   configmaps: false
+
+  # inject:
+  #   enabled: false
+
+  # existingSecrets:
+  #   enabled: true
+  #   ca: true
+  #   data:
+  #     ca.key: "/secrets/ca.key" # Example; adjust the path as needed
+  #     password: "/secrets/password" # Example; adjust the path as needed
+  #     root_ca_key: "/secrets/root_ca_key" # Example; adjust the path as needed
+
+  # ca:
+  #   env:
+  #     - name: STEPDEBUG
+  #       value: "1"
+
+  # ingress:
+  #   enabled: true
+  #   annotations:
+  #     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+  #     nginx.ingress.kubernetes.io/ssl-redirect: "false"
+  #     nginx.ingress.kubernetes.io/use-regex: "true"
+  #     nginx.ingress.kubernetes.io/enable-cors: "true"
+  #     nginx.ingress.kubernetes.io/cors-allow-origin: "local.domain" # Adjust the domain as needed
+  #     nginx.ingress.kubernetes.io/cors-expose-headers: "Replay-Nonce, Location"
+  #   ingressClassName: "nginx"
+  #   tls:
+  #     - hosts:
+  #         - "acme.local.domain" # Adjust the domain as needed
+  #       secretName: "ingress-cert" # Adjust the secret name as needed
+  #   hosts:
+  #     - host: "acme.local.domain" # Adjust the domain as needed
+  #       paths:
+  #         - "/version"
+  #         - "/roots.pem"
+  #         - "/root/(.*)"
+  #         - "/federation"
+  #         - "/provisioners(.*)"
+  #         - "/crl"
+  #         - "/acme/(.*)"
+
+  # stepConfig:
+  #   enabled: true
+  #   dnsName: "acme.local.domain" # Adjust the domain as needed
+  #   additionalDNSNames:
+  #     - "localhost"
+  #   federatedRoots:
+  #     - "/home/step/certs/ca.crt"
+  #     # Add more paths for federated roots if needed
+
+  #   authority:
+  #     jwk: "/secrets/jwk_provisioner.json" # Adjust the path as needed
+  #     acme:
+  #       name: "keycloakteams"
+  #       dpop:
+  #         key: "/secrets/dpop_key.pem" # Adjust the path as needed
+  #         wireDomain: "local.domain" # Adjust the domain as needed
+  #       oidc:
+  #         clientId: "wireapp"
+  #         discoveryBaseUrl: ""
+  #         issuerUrl: "https://keycloak.example.com/auth/realms/master?client_id=wireapp" # URL to the oidc issuer
+  #         jwksUrl: "https://keycloak.example.com/auth/realms/master/protocol/openid-connect/certs" # URL where issuer publishes its JSON Web Key Set
+  #       x509:
+  #         organization: "local.domain"
+
+  # existingCerts:
+  #   enabled: true
+  #   data:
+  #     ca.crt: "/certs/ca.crt"
+  #     root_ca.crt: "/certs/root_ca.crt'"
+  #     # Add cross certificates if available
+
+  # caPassword:
+  #   enabled: true
+  #   password: "/secrets/password"

From 5e01833d3ad9e22f25d5179558674b389662532c Mon Sep 17 00:00:00 2001
From: Amit Sagtani <asagtani06@gmail.com>
Date: Tue, 17 Sep 2024 11:25:48 +0200
Subject: [PATCH 2/5] use busybox tag

---
 values/step-certificates/prod-values.example.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/values/step-certificates/prod-values.example.yaml b/values/step-certificates/prod-values.example.yaml
index f589e4d1a..9278d289b 100644
--- a/values/step-certificates/prod-values.example.yaml
+++ b/values/step-certificates/prod-values.example.yaml
@@ -1,6 +1,7 @@
 step-certificates:
   image:
     repository: cr.step.sm/smallstep/step-ca
+    initContainerRepository: busybox:1.36.1
     tag: 0.25.3-rc7
 
   # bootstrap:

From 591432c471a6d1ded994ec34bbfbbae7e361fdd6 Mon Sep 17 00:00:00 2001
From: Amit Sagtani <asagtani06@gmail.com>
Date: Tue, 17 Sep 2024 11:41:02 +0200
Subject: [PATCH 3/5] add bootsrap image tag

---
 values/step-certificates/prod-values.example.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/values/step-certificates/prod-values.example.yaml b/values/step-certificates/prod-values.example.yaml
index 9278d289b..1964d96c2 100644
--- a/values/step-certificates/prod-values.example.yaml
+++ b/values/step-certificates/prod-values.example.yaml
@@ -3,6 +3,10 @@ step-certificates:
     repository: cr.step.sm/smallstep/step-ca
     initContainerRepository: busybox:1.36.1
     tag: 0.25.3-rc7
+  bootstrap:
+    image:
+      repository: cr.smallstep.com/smallstep/step-ca-bootstrap
+      tag: 0.22.0
 
   # bootstrap:
   #   enabled: false

From 48f1508dbeea65ee1fbeac0f7bc05849a2a7cc7e Mon Sep 17 00:00:00 2001
From: Leonhardt Wille <lwille@users.noreply.github.com>
Date: Wed, 25 Sep 2024 10:50:56 +0200
Subject: [PATCH 4/5] hack(smallstep-ca): drop unused connection test

related to WPB-11121
---
 offline/ci.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/offline/ci.sh b/offline/ci.sh
index ff8ba65c3..fdfddc372 100755
--- a/offline/ci.sh
+++ b/offline/ci.sh
@@ -224,6 +224,10 @@ echo "quay.io/wire/zauth:$wire_version" | create-container-dump containers-admin
 sed -i -Ee 's/federation: false/federation: true/' "$(pwd)"/values/wire-server/prod-values.example.yaml
 sed -i -Ee 's/useSharedFederatorSecret: false/useSharedFederatorSecret: true/' "$(pwd)"/charts/wire-server/charts/federator/values.yaml
 
+# drop step-certificates/.../test-connection.yaml because it lacks an image tag
+# cf. https://github.com/smallstep/helm-charts/pull/196/files
+rm -v charts/step-certificates/charts/step-certificates/templates/tests/*
+
 # Get and dump required containers from Helm charts. Omit integration test
 # containers (e.g. `quay.io_wire_galley-integration_4.22.0`.)
 for chartPath in "$(pwd)"/charts/*; do

From fbf32ca8025470432b52bea40ea2ea2c2fe7372d Mon Sep 17 00:00:00 2001
From: Amit Sagtani <asagtani06@gmail.com>
Date: Thu, 12 Sep 2024 15:55:29 +0200
Subject: [PATCH 5/5] use docker registry for k8ssandra images

---
 offline/ci.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/offline/ci.sh b/offline/ci.sh
index fdfddc372..7c1f68e2d 100755
--- a/offline/ci.sh
+++ b/offline/ci.sh
@@ -92,9 +92,9 @@ docker.io/kubernetesui/metrics-scraper:v1.0.8
 quay.io/wire/ldap-scim-bridge:0.9
 bats/bats:1.8.1
 docker.io/openebs/linux-utils:3.5.0
-cr.dtsx.io/datastax/cass-config-builder:1.0-ubi8
-cr.k8ssandra.io/k8ssandra/cass-management-api:3.11.16
-cr.k8ssandra.io/k8ssandra/system-logger:v1.19.1
+docker.io/datastax/cass-config-builder:1.0-ubi8
+docker.io/k8ssandra/cass-management-api:3.11.16
+docker.io/k8ssandra/system-logger:v1.19.1
 docker.io/thelastpickle/cassandra-reaper:3.5.0
 docker.io/k8ssandra/medusa:0.20.1
 cr.step.sm/smallstep/step-ca:0.25.3-rc7