Merge pull request #110 from DVPE-cloud/feature/changeClusterIssue

adapted clusterissuer templateing to include N - issuers

charts/dvpe-cluster-issuer/CHANGELOG.md

@@ -7,8 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.0]
+### Changed
+* Enable chart to create an arbitrary list of ClusterIssuers
+
 ## [0.1.0]
 ### Changed
 * Initial version of cluster issuer
 
 [0.1.0]: https://github.com/DVPE-cloud/dvpe-helm/tree/dvpe-cluster-issuer-0.1.0/charts/dvpe-cluster-issuer
+[0.2.0]: https://github.com/DVPE-cloud/dvpe-helm/tree/dvpe-cluster-issuer-0.2.0/charts/dvpe-cluster-issuer

charts/dvpe-cluster-issuer/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v1
 appVersion: "1.1"
 description: Helm chart for installing cert-manager's ClusterIssuer resource, to be used in Kubernetes automation scripts.
 name: dvpe-cluster-issuer
-version: 0.1.0
+version: 0.2.0
 home: https://github.com/dvpe-cloud/dvpe-helm

charts/dvpe-cluster-issuer/README.md

@@ -1,6 +1,6 @@
 # dvpe-cluster-issuer
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square)
 
 Helm chart for installing cert-manager's ClusterIssuer resource, to be used in Kubernetes automation scripts.
 
@@ -45,19 +45,13 @@ The following table lists the configurable parameters of the chart and its defau
 | clcm.healthCheckTimeoutInSeconds | int | `60` | CLCM health check interval in seconds |
 | clcm.host | string | `nil` | CLCM host |
 | clcm.port | string | `nil` | CLCM port |
-| internet | object | `{"caInstance":null,"certificateDateCAType":null,"ciClient":null,"ciContactEmail":null,"ciID":null,"ciRequester":null,"ciType":null}` | configuration for the internet cluster issuer |
-| internet.caInstance | string | `nil` | CA instance |
-| internet.certificateDateCAType | string | `nil` | CA type |
-| internet.ciClient | string | `nil` | CI client |
-| internet.ciContactEmail | string | `nil` | CI contact e-mail |
-| internet.ciID | string | `nil` | CI id |
-| internet.ciRequester | string | `nil` | CI requester |
-| internet.ciType | string | `nil` | CI type |
-| intranet | object | `{"caInstance":null,"certificateDateCAType":null,"ciClient":null,"ciContactEmail":null,"ciID":null,"ciRequester":null,"ciType":null}` | configuration for the intranet cluster issuer |
-| intranet.caInstance | string | `nil` | CA instance |
-| intranet.certificateDateCAType | string | `nil` | CA type |
-| intranet.ciClient | string | `nil` | CI client |
-| intranet.ciContactEmail | string | `nil` | CI contact e-mail |
-| intranet.ciID | string | `nil` | CI id |
-| intranet.ciRequester | string | `nil` | CI requester |
-| intranet.ciType | string | `nil` | CI type |
+| clcm.secretsNamespace | string | `"cert-manager-system"` | Namespace, where secrets are deployed |
+| issuers | object | `{"internet":{"caInstance":null,"certificateDateCAType":null,"ciClient":null,"ciContactEmail":null,"ciID":null,"ciRequester":null,"ciType":null,"secretsManagerSecretName":null}}` | map of objects: each entry describes a new cluster issuer |
+| issuers.internet.caInstance | string | `nil` | CA instance |
+| issuers.internet.certificateDateCAType | string | `nil` | CA type |
+| issuers.internet.ciClient | string | `nil` | CI client |
+| issuers.internet.ciContactEmail | string | `nil` | CI contact e-mail |
+| issuers.internet.ciID | string | `nil` | CI id |
+| issuers.internet.ciRequester | string | `nil` | CI requester |
+| issuers.internet.ciType | string | `nil` | CI type |
+| issuers.internet.secretsManagerSecretName | string | `nil` | Secret in AWS SecretsManager containing CLCM connect credentials |

charts/dvpe-cluster-issuer/templates/cluster-issuer.yaml

@@ -1,28 +1,35 @@
-{{- $clcm := .Values.clcm }}
-{{- include "cluster-issuer" (list $clcm "wadtfy-internet-cluster-issuer" .Values.internet) }}
-{{- include "cluster-issuer" (list $clcm "wadtfy-intranet-cluster-issuer" .Values.intranet) }}
-
-{{- define "cluster-issuer" }}
-{{- $clcm := index . 0 }}
-{{- $name := index . 1 }}
-{{- $cert := index . 2 }}
+{{- range $issuerName, $issuerParams := .Values.issuers }}
 ---
+
 apiVersion: controller-manager.dvpe-cloud.github.io/v1alpha1
 kind: ClusterIssuer
 metadata:
-  name: {{ $name }}
+  name: wadtfy-{{ $issuerName }}-cluster-issuer
 spec:
   certificateDetails:
-    caInstance: {{ $cert.caInstance }}
-    ciID: {{ $cert.ciID }}
-    ciType: {{ $cert.ciType }}
-    certificateDataCAType: {{ $cert.certificateDateCAType }}
-    client: {{ $cert.ciClient }}
-    contactEmail: {{ $cert.ciContactEmail }}
-    requester: {{ $cert.ciRequester }}
+    caInstance: {{ $issuerParams.caInstance }}
+    ciID: {{ $issuerParams.ciID }}
+    ciType: {{ $issuerParams.ciType }}
+    certificateDataCAType: {{ $issuerParams.certificateDateCAType }}
+    client: {{ $issuerParams.ciClient }}
+    contactEmail: {{ $issuerParams.ciContactEmail }}
+    requester: {{ $issuerParams.ciRequester }}
   clcm:
-    credentialsSecret: wadtfy-cluster-issuer-secret
-    clcmHost: {{ $clcm.host }}
-    clcmPort: {{ $clcm.port }}
-    healthCheckTimeoutInSeconds: {{ $clcm.healthCheckTimeoutInSeconds }}
+    credentialsSecret: wadtfy-{{ $issuerName }}-cluster-issuer-secret
+    clcmHost: {{ $.Values.clcm.host }}
+    clcmPort: {{ $.Values.clcm.port }}
+    healthCheckTimeoutInSeconds: {{ $.Values.clcm.healthCheckTimeoutInSeconds }}
+
+---
+
+apiVersion: kubernetes-client.io/v1
+kind: ExternalSecret
+metadata:
+  name: wadtfy-{{ $issuerName }}-cluster-issuer-secret
+  namespace: {{ $.Values.clcm.secretsNamespace }}
+spec:
+  backendType: secretsManager
+  dataFrom:
+    - {{ $issuerParams.secretsManagerSecretName }}
+---
 {{- end }}

charts/dvpe-cluster-issuer/values.schema.json

@@ -3,26 +3,23 @@
   "type": "object",
   "properties": {
     "clcm": {
-      "$ref": "#/definitions/Clcm"
+      "$ref": "#/definitions/clcm"
     },
-    "intranet": {
-      "$ref": "#/definitions/Cert"
-    },
-    "internet": {
-      "$ref": "#/definitions/Cert"
+    "issuers": {
+      "$ref": "#/definitions/issuers"
     }
   },
+  "additionalProperties": false,
   "required": [
     "clcm",
-    "internet",
-    "intranet"
+    "issuers"
   ],
   "definitions": {
-    "Clcm": {
+    "clcm": {
       "type": "object",
       "additionalProperties": false,
       "properties": {
-        "credentialsSecret": {
+        "secretsNamespace": {
           "type": "string"
         },
         "host": {
@@ -37,47 +34,54 @@
         }
       },
       "required": [
-        "credentialsSecret",
+        "secretsNamespace",
         "healthCheckTimeoutInSeconds",
         "host",
         "port"
       ]
     },
-    "Cert": {
+    "issuers": {
       "type": "object",
-      "additionalProperties": false,
-      "properties": {
-        "caInstance": {
-          "type": "string"
-        },
-        "certificateDateCAType": {
-          "type": "string"
-        },
-        "ciID": {
-          "type": "string"
-        },
-        "ciType": {
-          "type": "string"
-        },
-        "ciClient": {
-          "type": "string"
-        },
-        "ciContactEmail": {
-          "type": "string"
+      "additionalProperties": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "secretsManagerSecretName": {
+            "type": "string"
+          },
+          "caInstance": {
+            "type": "string"
+          },
+          "certificateDateCAType": {
+            "type": "string"
+          },
+          "ciID": {
+            "type": "string"
+          },
+          "ciType": {
+            "type": "string"
+          },
+          "ciClient": {
+            "type": "string"
+          },
+          "ciContactEmail": {
+            "type": "string"
+          },
+          "ciRequester": {
+            "type": "string"
+          }
         },
-        "ciRequester": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "caInstance",
-        "certificateDateCAType",
-        "ciClient",
-        "ciContactEmail",
-        "ciID",
-        "ciRequester",
-        "ciType"
-      ]
+        "required": [
+          "secretsManagerSecretName",
+          "caInstance",
+          "certificateDateCAType",
+          "ciClient",
+          "ciContactEmail",
+          "ciID",
+          "ciRequester",
+          "ciType"
+        ]
+      }
     }
   }
 }

charts/dvpe-cluster-issuer/values.yaml

@@ -5,35 +5,25 @@ clcm:
   port:
   # clcm.healthCheckTimeoutInSeconds -- CLCM health check interval in seconds
   healthCheckTimeoutInSeconds: 60
-# internet -- configuration for the internet cluster issuer
-internet:
-  # -- CA instance
-  caInstance:
-  # -- CA type
-  certificateDateCAType:
-  # -- CI id
-  ciID:
-  # -- CI type
-  ciType:
-  # -- CI client
-  ciClient:
-  # -- CI contact e-mail
-  ciContactEmail:
-  # -- CI requester
-  ciRequester:
-# intranet -- configuration for the intranet cluster issuer
-intranet:
-  # -- CA instance
-  caInstance:
-  # -- CA type
-  certificateDateCAType:
-  # -- CI id
-  ciID:
-  # -- CI type
-  ciType:
-  # -- CI client
-  ciClient:
-  # -- CI contact e-mail
-  ciContactEmail:
-  # -- CI requester
-  ciRequester:
+  # clcm.secretsNamespace -- Namespace, where secrets are deployed
+  secretsNamespace: cert-manager-system
+# issuers -- map of objects: each entry describes a new cluster issuer
+issuers:
+  # internet -- configuration for the internet cluster issuer
+  internet:
+    # -- Secret in AWS SecretsManager containing CLCM connect credentials
+    secretsManagerSecretName:
+    # -- CA instance
+    caInstance:
+    # -- CA type
+    certificateDateCAType:
+    # -- CI id
+    ciID:
+    # -- CI type
+    ciType:
+    # -- CI client
+    ciClient:
+    # -- CI contact e-mail
+    ciContactEmail:
+    # -- CI requester
+    ciRequester: