chore(chart): Add cert-manager chart

- #3
BaeKY · Jan 6, 2023 · 8a7bab6 · 8a7bab6
1 parent f4074cd
commit 8a7bab6
Show file tree

Hide file tree

Showing 13 changed files with 6,612 additions and 26 deletions.
diff --git a/chart/chart-config.yaml b/chart/chart-config.yaml
@@ -1,4 +1,4 @@
 env:
   LB_IP_ADDRESS_POOL: 10.0.0.1/32
   NS_IP: 10.0.0.1
-  CUSTOM_DOMAIN: localhost
+  CUSTOM_DOMAIN: cloud
diff --git a/chart/helm-charts.yaml b/chart/helm-charts.yaml
@@ -31,3 +31,7 @@ charts:
     chart: harbor
     url: https://helm.goharbor.io
     version: 1.11.0
+  - repo: jetstack
+    chart: cert-manager
+    url: https://charts.jetstack.io
+    version: 1.10.1
diff --git a/chart/manifest/0003-cert-manager.k8s.yaml b/chart/manifest/0003-cert-manager.k8s.yaml
diff --git a/chart/manifest/0003-argo.k8s.yaml → chart/manifest/0004-argo.k8s.yaml b/chart/manifest/0003-argo.k8s.yaml → chart/manifest/0004-argo.k8s.yaml
diff --git a/chart/manifest/0004-harbor.k8s.yaml → chart/manifest/0005-harbor.k8s.yaml b/chart/manifest/0004-harbor.k8s.yaml → chart/manifest/0005-harbor.k8s.yaml
diff --git a/chart/manifest/construct-metadata.json b/chart/manifest/construct-metadata.json
diff --git a/chart/src/charts/cert-manager.chart.ts b/chart/src/charts/cert-manager.chart.ts
@@ -0,0 +1,22 @@
+import { ChartLoader, HelmLoader, HelmProps } from '@package/cdk8s-loader'
+import { PartialRecursive, scope } from '@package/common'
+import { CertManagerHelmParam } from '../helm-values'
+import { LoadingChart } from '../types'
+
+const helmChartName = 'jetstack/cert-manager'
+
+export const certManagerChart: LoadingChart<{
+  helmProps: Omit<HelmProps<PartialRecursive<CertManagerHelmParam>>, 'chart' | 'repo'>
+}> = (id, props) => {
+  const { chartProps, helmProps } = props
+  const chartLoader = new ChartLoader(id, chartProps)
+
+  const namespace = chartProps.namespace ?? 'default'
+
+  const scopeHelmProps = scope<HelmProps<CertManagerHelmParam>>({
+    chart: helmChartName,
+    namespace
+  }).merge(helmProps as any)
+
+  return chartLoader.addHelm(() => new HelmLoader(`${id}-helm`, scopeHelmProps.get()))
+}
diff --git a/chart/src/charts/index.ts b/chart/src/charts/index.ts
@@ -1,4 +1,5 @@
 export * from './argocd.chart'
+export * from './cert-manager.chart'
 export * from './dns.chart'
 export * from './ingress-nginx.chart'
 export * from './metallb.chart'

diff --git a/chart/src/helm-values/index.ts b/chart/src/helm-values/index.ts
@@ -4,6 +4,7 @@ import externalDnsDefaultValues, { ExternalDnsHelmParam } from './external-dns/e
 import harborDefaultValues, { HarborHelmParam } from './harbor/harbor'
 import ingressNginxDefaultValues, { IngressNginxHelmParam } from './ingress-nginx/ingress-nginx'
 import jenkinsDefaultValues, { JenkinsHelmParam } from './jenkins/jenkins'
+import certManagerDefaultValues, { CertManagerHelmParam } from './jetstack/cert-manager'
 import metallbDefaultValues, { MetallbHelmParam } from './metallb/metallb'
 import kubePrometheusStackDefaultValues, {
   KubePrometheusStackHelmParam
@@ -12,12 +13,14 @@ import kubePrometheusStackDefaultValues, {
 export {
   harborDefaultValues,
   corednsDefaultValues,
+  certManagerDefaultValues,
   argoCdDefaultValues,
   externalDnsDefaultValues,
   ingressNginxDefaultValues,
   jenkinsDefaultValues,
   metallbDefaultValues,
   kubePrometheusStackDefaultValues,
+  CertManagerHelmParam,
   CorednsHelmParam,
   ExternalDnsHelmParam,
   IngressNginxHelmParam,

diff --git a/chart/src/helm-values/jetstack/cert-manager/default-values.json b/chart/src/helm-values/jetstack/cert-manager/default-values.json
@@ -0,0 +1,261 @@
+{
+  "global": {
+    "imagePullSecrets": [],
+    "commonLabels": {},
+    "priorityClassName": "",
+    "rbac": {
+      "create": true,
+      "aggregateClusterRoles": true
+    },
+    "podSecurityPolicy": {
+      "enabled": false,
+      "useAppArmor": true
+    },
+    "logLevel": 2,
+    "leaderElection": {
+      "namespace": "kube-system"
+    }
+  },
+  "installCRDs": false,
+  "replicaCount": 1,
+  "strategy": {},
+  "featureGates": "",
+  "image": {
+    "repository": "quay.io/jetstack/cert-manager-controller",
+    "pullPolicy": "IfNotPresent"
+  },
+  "clusterResourceNamespace": "",
+  "namespace": "",
+  "serviceAccount": {
+    "create": true,
+    "automountServiceAccountToken": true
+  },
+  "extraArgs": [],
+  "extraEnv": [],
+  "resources": {},
+  "securityContext": {
+    "runAsNonRoot": true,
+    "seccompProfile": {
+      "type": "RuntimeDefault"
+    }
+  },
+  "containerSecurityContext": {
+    "allowPrivilegeEscalation": false,
+    "capabilities": {
+      "drop": [
+        "ALL"
+      ]
+    }
+  },
+  "volumes": [],
+  "volumeMounts": [],
+  "podLabels": {},
+  "nodeSelector": {
+    "kubernetes.io/os": "linux"
+  },
+  "ingressShim": {},
+  "prometheus": {
+    "enabled": true,
+    "servicemonitor": {
+      "enabled": false,
+      "prometheusInstance": "default",
+      "targetPort": 9402,
+      "path": "/metrics",
+      "interval": "60s",
+      "scrapeTimeout": "30s",
+      "labels": {},
+      "annotations": {},
+      "honorLabels": false
+    }
+  },
+  "affinity": {},
+  "tolerations": [],
+  "topologySpreadConstraints": [],
+  "webhook": {
+    "replicaCount": 1,
+    "timeoutSeconds": 10,
+    "config": null,
+    "strategy": {},
+    "securityContext": {
+      "runAsNonRoot": true,
+      "seccompProfile": {
+        "type": "RuntimeDefault"
+      }
+    },
+    "containerSecurityContext": {
+      "allowPrivilegeEscalation": false,
+      "capabilities": {
+        "drop": [
+          "ALL"
+        ]
+      }
+    },
+    "extraArgs": [],
+    "resources": {},
+    "livenessProbe": {
+      "failureThreshold": 3,
+      "initialDelaySeconds": 60,
+      "periodSeconds": 10,
+      "successThreshold": 1,
+      "timeoutSeconds": 1
+    },
+    "readinessProbe": {
+      "failureThreshold": 3,
+      "initialDelaySeconds": 5,
+      "periodSeconds": 5,
+      "successThreshold": 1,
+      "timeoutSeconds": 1
+    },
+    "nodeSelector": {
+      "kubernetes.io/os": "linux"
+    },
+    "affinity": {},
+    "tolerations": [],
+    "topologySpreadConstraints": [],
+    "podLabels": {},
+    "serviceLabels": {},
+    "image": {
+      "repository": "quay.io/jetstack/cert-manager-webhook",
+      "pullPolicy": "IfNotPresent"
+    },
+    "serviceAccount": {
+      "create": true,
+      "automountServiceAccountToken": true
+    },
+    "securePort": 10250,
+    "hostNetwork": false,
+    "serviceType": "ClusterIP",
+    "url": {},
+    "networkPolicy": {
+      "enabled": false,
+      "ingress": [
+        {
+          "from": [
+            {
+              "ipBlock": {
+                "cidr": "0.0.0.0/0"
+              }
+            }
+          ]
+        }
+      ],
+      "egress": [
+        {
+          "ports": [
+            {
+              "port": 80,
+              "protocol": "TCP"
+            },
+            {
+              "port": 443,
+              "protocol": "TCP"
+            },
+            {
+              "port": 53,
+              "protocol": "TCP"
+            },
+            {
+              "port": 53,
+              "protocol": "UDP"
+            }
+          ],
+          "to": [
+            {
+              "ipBlock": {
+                "cidr": "0.0.0.0/0"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  },
+  "cainjector": {
+    "enabled": true,
+    "replicaCount": 1,
+    "strategy": {},
+    "securityContext": {
+      "runAsNonRoot": true,
+      "seccompProfile": {
+        "type": "RuntimeDefault"
+      }
+    },
+    "containerSecurityContext": {
+      "allowPrivilegeEscalation": false,
+      "capabilities": {
+        "drop": [
+          "ALL"
+        ]
+      }
+    },
+    "extraArgs": [],
+    "resources": {},
+    "nodeSelector": {
+      "kubernetes.io/os": "linux"
+    },
+    "affinity": {},
+    "tolerations": [],
+    "topologySpreadConstraints": [],
+    "podLabels": {},
+    "image": {
+      "repository": "quay.io/jetstack/cert-manager-cainjector",
+      "pullPolicy": "IfNotPresent"
+    },
+    "serviceAccount": {
+      "create": true,
+      "automountServiceAccountToken": true
+    }
+  },
+  "startupapicheck": {
+    "enabled": true,
+    "securityContext": {
+      "runAsNonRoot": true,
+      "seccompProfile": {
+        "type": "RuntimeDefault"
+      }
+    },
+    "containerSecurityContext": {
+      "allowPrivilegeEscalation": false,
+      "capabilities": {
+        "drop": [
+          "ALL"
+        ]
+      }
+    },
+    "timeout": "1m",
+    "backoffLimit": 4,
+    "jobAnnotations": {
+      "helm.sh/hook": "post-install",
+      "helm.sh/hook-weight": "1",
+      "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+    },
+    "extraArgs": [],
+    "resources": {},
+    "nodeSelector": {
+      "kubernetes.io/os": "linux"
+    },
+    "affinity": {},
+    "tolerations": [],
+    "podLabels": {},
+    "image": {
+      "repository": "quay.io/jetstack/cert-manager-ctl",
+      "pullPolicy": "IfNotPresent"
+    },
+    "rbac": {
+      "annotations": {
+        "helm.sh/hook": "post-install",
+        "helm.sh/hook-weight": "-5",
+        "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+      }
+    },
+    "serviceAccount": {
+      "create": true,
+      "annotations": {
+        "helm.sh/hook": "post-install",
+        "helm.sh/hook-weight": "-5",
+        "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
+      },
+      "automountServiceAccountToken": true
+    }
+  }
+}
diff --git a/chart/src/helm-values/jetstack/cert-manager/index.ts b/chart/src/helm-values/jetstack/cert-manager/index.ts
@@ -0,0 +1,9 @@
+import * as fs from 'fs'
+import * as path from 'path'
+import { CertManagerHelmParam } from './types'
+
+export * from './types'
+const defaultValues: CertManagerHelmParam = JSON.parse(
+  fs.readFileSync(path.resolve(__dirname, 'default-values.json')).toString()
+)
+export default defaultValues