From 158c631c30571378eaa19eb97f5c8c714cf7f665 Mon Sep 17 00:00:00 2001 From: Florian Fordermaier Date: Sat, 2 May 2020 16:23:31 +0200 Subject: [PATCH] Update cert-manager --- package.json | 2 +- src/cert-manager/v0.14.0/certificate.ts | 30 +++++++++++ src/cert-manager/v0.14.0/clusterissuer.ts | 66 +++++++++++++++++++++++ 3 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 src/cert-manager/v0.14.0/certificate.ts create mode 100644 src/cert-manager/v0.14.0/clusterissuer.ts diff --git a/package.json b/package.json index 59c6de0..1a5fce6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "pulumix", - "version": "1.0.0", + "version": "1.1.1", "description": "Some simple extensions and helpers for use with pulumi.", "main": "index.js", "scripts": { diff --git a/src/cert-manager/v0.14.0/certificate.ts b/src/cert-manager/v0.14.0/certificate.ts new file mode 100644 index 0000000..ce2c0fe --- /dev/null +++ b/src/cert-manager/v0.14.0/certificate.ts @@ -0,0 +1,30 @@ +import TempYaml from "../../TempYaml" + +class Certificate { + /** + * Creates a ClusterIssuer resource using letsencrypt staging servers and returns the yaml as string. + * + * @param name Name of the cluster issuer resource + */ + public createCertificate(certName: string, namespace: string, dnsName: string, clusterIssuer: string) : TempYaml { + + var certificateTemplate = +`apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: ${certName} + namespace: ${namespace} +spec: + secretName: ${certName} + commonName: ${dnsName} + dnsNames: + - ${dnsName} + issuerRef: + name: ${clusterIssuer} + kind: ClusterIssuer`; + + return new TempYaml(certificateTemplate); + } +} + +export default Certificate; \ No newline at end of file diff --git a/src/cert-manager/v0.14.0/clusterissuer.ts b/src/cert-manager/v0.14.0/clusterissuer.ts new file mode 100644 index 0000000..9c7ac96 --- /dev/null +++ b/src/cert-manager/v0.14.0/clusterissuer.ts @@ -0,0 +1,66 @@ +import TempYaml from "../../TempYaml" + +class ClusterIssuer { + + /** + * Creates a ClusterIssuer resource using letsencrypt staging servers and returns the yaml as string. + * + * @param name Name of the cluster issuer resource + */ + public createForStaging(name: String) : TempYaml { + return this.createYaml(name, true); + } + + /** + * Creates a ClusterIssuer resource using letsencrypt production servers and returns the yaml as string. + * + * @param name Name of the cluster issuer resource + */ + public createForProd(name: String) : TempYaml { + return this.createYaml(name, false); + } + + private createYaml(name: String, forStaging: Boolean) : TempYaml { + const acmeServer = + forStaging + ? "https://acme-staging-v02.api.letsencrypt.org/directory" + : "https://acme-v02.api.letsencrypt.org/directory"; + + const clusterIssuerTemplate = +`apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: ${name} + namespace: default +spec: + acme: + server: ${acmeServer} + email: support@sarooma.de + privateKeySecretRef: + name: ${name} + + # this is the 'new' way of defining solvers + solvers: + # empty selector will match all Certificate resources that reference this issuer. + # for selecting a specific solver from a Certificate resource (not required right now), see + # https://docs.cert-manager.io/en/latest/tasks/upgrading/upgrading-0.7-0.8.html#performing-an-incremental-switch-to-the-new-format + - selector: {} + dns01: + digitalocean: + tokenSecretRef: + name: dns01-solver-secret + key: token + - selector: + matchLabels: + use-http01-solver: "true" + http01: + ingress: + class: nginx`; + + return new TempYaml(clusterIssuerTemplate); + } +} + +export default ClusterIssuer; +export { ClusterIssuer }; +