├── .gitignore
├── cert-manager-issuers
    ├── OWNERS
    ├── templates
    │   ├── NOTES.txt
    │   ├── issuers.yaml
    │   └── _helpers.tpl
    ├── Chart.yaml
    ├── .helmignore
    ├── values.yaml
    └── README.md
├── repo
    ├── cert-manager-issuers-v0.0.4.tgz
    ├── cert-manager-issuers-v0.0.5.tgz
    └── index.yaml
├── helm-package.bash
├── README.md
├── cloudbuild.yaml
└── Makefile


/.gitignore:
--------------------------------------------------------------------------------
1 | dist/
2 | #version is kept in Chart.yaml
3 | VERSION
4 | 


--------------------------------------------------------------------------------
/cert-manager-issuers/OWNERS:
--------------------------------------------------------------------------------
1 | approvers:
2 | - afirth
3 | reviewers:
4 | - afirth
5 | 


--------------------------------------------------------------------------------
/repo/cert-manager-issuers-v0.0.4.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/puppetlabs/cert-manager-issuers/master/repo/cert-manager-issuers-v0.0.4.tgz


--------------------------------------------------------------------------------
/repo/cert-manager-issuers-v0.0.5.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/puppetlabs/cert-manager-issuers/master/repo/cert-manager-issuers-v0.0.5.tgz


--------------------------------------------------------------------------------
/cert-manager-issuers/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | Try
2 | $ kubectl get clusterissuers
3 | or
4 | $ kubectl get issuers --namespace={{ $.Release.Namespace }}
5 | 


--------------------------------------------------------------------------------
/cert-manager-issuers/Chart.yaml:
--------------------------------------------------------------------------------
 1 | name: cert-manager-issuers
 2 | version: v0.0.5
 3 | appVersion: v0.5.2
 4 | description: A Helm chart for cert-manager issuers
 5 | home: https://github.com/afirth/site-cluster
 6 | keywords:
 7 |   - cert-manager
 8 |   - kube-lego
 9 |   - letsencrypt
10 |   - tls
11 |   - clusterissuer
12 | maintainers:
13 |   - name: bizappdev 
14 |     email: bizappdev@puppet.com 
15 | 


--------------------------------------------------------------------------------
/helm-package.bash:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -eux -o pipefail
 3 | 
 4 | chart_name=cert-manager-issuers
 5 | #get version for release step
 6 | helm inspect chart ./$chart_name | perl -ne 'print if s/.*version: (v[\d.]+.*)/$1/' > VERSION
 7 | 
 8 | rm -rf dist && mkdir dist
 9 | 
10 | #package the chart
11 | helm package --save=false -d dist/ ./$chart_name
12 | 
13 | #sha512 the tarball
14 | (cd dist && find . -name '*.tgz' -type f | xargs -I % sh -c 'shasum -a 512 % > $(basename % .tgz).sha512')
15 | 


--------------------------------------------------------------------------------
/cert-manager-issuers/.helmignore:
--------------------------------------------------------------------------------
 1 | # OWNERS file for Kubernetes
 2 | OWNERS
 3 | 
 4 | # Patterns to ignore when building packages.
 5 | # This supports shell glob matching, relative path matching, and
 6 | # negation (prefixed with !). Only one pattern per line.
 7 | .DS_Store
 8 | # Common VCS dirs
 9 | .git/
10 | .gitignore
11 | .bzr/
12 | .bzrignore
13 | .hg/
14 | .hgignore
15 | .svn/
16 | # Common backup files
17 | *.swp
18 | *.bak
19 | *.tmp
20 | *~
21 | # Various IDEs
22 | .project
23 | .idea/
24 | *.tmproj
25 | 


--------------------------------------------------------------------------------
/cert-manager-issuers/values.yaml:
--------------------------------------------------------------------------------
 1 | # Default values for cert-manager-issuers
 2 | # This is a YAML-formatted file.
 3 | # Declare variables to be passed into your templates.
 4 | 
 5 | email: "you@example.com"
 6 | 
 7 | issuers:
 8 |   - kind: ClusterIssuer
 9 |     # optional override, otherwise values.email is used
10 |     # email: "you@example.com"
11 |     name: letsencrypt-staging
12 |     server: https://acme-staging-v02.api.letsencrypt.org/directory
13 |     method:
14 |       http01: {}
15 |   - kind: ClusterIssuer
16 |     # optional override, otherwise values.email is used
17 |     # email: "you@example.com"
18 |     name: letsencrypt-prod
19 |     server: https://acme-v02.api.letsencrypt.org/directory
20 |     method:
21 |       http01: {}
22 | 


--------------------------------------------------------------------------------
/cert-manager-issuers/templates/issuers.yaml:
--------------------------------------------------------------------------------
 1 | {{- $email := .Values.email -}}
 2 | {{- $release := .Release -}}
 3 | 
 4 | {{- range $issuer := .Values.issuers }}
 5 | ---
 6 | apiVersion: certmanager.k8s.io/v1alpha1
 7 | kind: {{ .kind }}
 8 | metadata:
 9 |   name: {{ .name }}
10 |   namespace: {{ $.Release.Namespace | quote }}
11 |   labels:
12 |     app: {{ template "cert-manager-issuers.name" $ }}
13 |     chart: {{ template "cert-manager-issuers.chart" $ }}
14 |     release: {{ $.Release.Name }}
15 |     heritage: {{ $.Release.Service }}
16 | spec:
17 |   acme:
18 |     server: {{ .server }}
19 |     {{- if .email }}
20 |     email: {{ .email }}
21 |     {{- else }}
22 |     email: {{ $email }}
23 |     {{- end }}
24 |     privateKeySecretRef:
25 |       name: {{ .name }}
26 | {{ toYaml .method | indent 4 }}
27 | 
28 | {{- end }}
29 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # cert-manager-issuers [WIP]
 2 | 
 3 | ## Why
 4 | 
 5 | Due to technical limitations of helm v2, custom resource definitions must be created before a custom resource can be defined. This means that no issuers are included in the [cert-manager helm chart](https://github.com/helm/charts/tree/master/stable/cert-manager), as they would fail to create.
 6 | 
 7 | ## Quickstart
 8 | 
 9 | ```
10 | $ helm repo add github-cert-manager-issuers 'https://raw.githubusercontent.com/afirth/cert-manager-issuers/master/'
11 | $ helm install cert-manager-issuers
12 | ```
13 | 
14 | or if using cloudbuild or the helm docker builder: (https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/helm)
15 | 
16 | ```
17 | $HELM_REPO_NAME=github-cert-manager-issuers
18 | $HELM_REPO_URL=https://raw.githubusercontent.com/afirth/cert-manager-issuers/master/
19 | ```
20 | 
21 | ## TODO
22 | 
23 | move this to a `charts` repo and host the repo on github pages, or get it into incubator
24 | 
25 | ## Contributing
26 | 
27 | PRs are welcome.
28 | 


--------------------------------------------------------------------------------
/cloudbuild.yaml:
--------------------------------------------------------------------------------
 1 | steps:
 2 | - name: gcr.io/cloud-builders/git
 3 |   id: fetch-tags
 4 |   args: [fetch, --depth=100]
 5 | 
 6 | - name: 'gcr.io/${PROJECT_ID}/helm'
 7 |   id: package
 8 |   entrypoint: 'bash'
 9 |   args:
10 |   - './helm-package.bash'
11 | 
12 | - name: 'gcr.io/cloud-builders/go:debian'
13 |   id: release
14 |   entrypoint: 'make'
15 |   args:
16 |   - 'deps'
17 |   - 'release'
18 |   dir: '/workspace'
19 |   env:
20 |   - 'GITHUB_USER=${_GITHUB_USER}' #specify as a GCB substitution
21 |   - 'GITHUB_REPO=${_GITHUB_REPO}' #specify as a GCB substitution
22 |   secretEnv:
23 |   - 'GITHUB_TOKEN'
24 | 
25 | secrets:
26 | # - kmsKeyName: projects/${PROJECT_ID}/locations/global/keyRings/${PROJECT_ID}/cryptoKeys/cloudbuild
27 | - kmsKeyName: projects/flying-blue-mantis/locations/global/keyRings/flying-blue-mantis/cryptoKeys/cloudbuild
28 |   secretEnv:
29 |     GITHUB_TOKEN: CiQA7J4wCQjxDPi/CpckwurLwS+7SIF7/RmhNxZWwei9voaMsK4SUQCQvfKNybVsrtJdOWDvGUn0o1XZ5iZLonw9ASkQW+V1s/NHlSfGfjsHDpjrx43CldNm0t6YcrMxhACki0M+MhFMc6y7ky4DCxUFF4ffQUEidg==
30 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | # @afirth 2018-12
 2 | # checks Chart.yaml for a version, and uploads a release to github
 3 | # GITHUB_USER, GITHUB_TOKEN, and GITHUB_REPO must be set
 4 | # see also https://github.com/c4milo/github-release
 5 | # optimised for gcr.io/cloud-builders/go:debian
 6 | 
 7 | .SHELLFLAGS := -eux -o pipefail -c
 8 | MAKEFLAGS += --warn-undefined-variables
 9 | SHELL=/bin/bash
10 | .SUFFIXES:
11 | 
12 | NAME := $(GITHUB_USER)/$(GITHUB_REPO)
13 | VERSION := $(shell cat VERSION)
14 | 
15 | all: dist release pull
16 | 
17 | #dist creates VERSION
18 | dist:
19 | 	./helm-package.bash
20 | 
21 | release:
22 | 	@latest_tag=$$(git describe --tags `git rev-list --tags --max-count=1` || true); \
23 | 	comparison="$$latest_tag..HEAD"; \
24 | 	version=$$(cat VERSION); \
25 | 	if [ -z "$$latest_tag" ]; then comparison=""; fi; \
26 | 	changelog=$$(git log $$comparison --oneline --no-merges); \
27 | 	$$(go env GOPATH)/bin/github-release $(NAME) $(VERSION) "$$(git rev-parse --abbrev-ref HEAD)" "**Changelog**<br/>$$changelog" 'dist/*'; \
28 | 
29 | pull:
30 | 	git pull
31 | 
32 | deps:
33 | 	go get -v github.com/c4milo/github-release
34 | 
35 | .PHONY: all deps dist release
36 | 


--------------------------------------------------------------------------------
/cert-manager-issuers/templates/_helpers.tpl:
--------------------------------------------------------------------------------
 1 | {{/* vim: set filetype=mustache: */}}
 2 | {{/*
 3 | Expand the name of the chart.
 4 | */}}
 5 | {{- define "cert-manager-issuers.name" -}}
 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 7 | {{- end -}}
 8 | 
 9 | {{/*
10 | Create a default fully qualified app name.
11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
12 | If release name contains chart name it will be used as a full name.
13 | */}}
14 | {{- define "cert-manager-issuers.fullname" -}}
15 | {{- if .Values.fullnameOverride -}}
16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
17 | {{- else -}}
18 | {{- $name := default .Chart.Name .Values.nameOverride -}}
19 | {{- if contains $name .Release.Name -}}
20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
21 | {{- else -}}
22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
23 | {{- end -}}
24 | {{- end -}}
25 | {{- end -}}
26 | 
27 | {{/*
28 | Create chart name and version as used by the chart label.
29 | */}}
30 | {{- define "cert-manager-issuers.chart" -}}
31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
32 | {{- end -}}
33 | 


--------------------------------------------------------------------------------
/repo/index.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | entries:
 3 |   cert-manager-issuers:
 4 |   - appVersion: v0.5.2
 5 |     created: 2019-01-12T15:44:18.687841-08:00
 6 |     description: A Helm chart for cert-manager issuers
 7 |     digest: ba66b5957d030d6e5f494155b15297971802bd2afc5112879e51e3f91515d732
 8 |     home: https://github.com/afirth/site-cluster
 9 |     keywords:
10 |     - cert-manager
11 |     - kube-lego
12 |     - letsencrypt
13 |     - tls
14 |     - clusterissuer
15 |     maintainers:
16 |     - email: bizappdev@puppet.com
17 |       name: bizappdev
18 |     name: cert-manager-issuers
19 |     urls:
20 |     - cert-manager-issuers-v0.0.5.tgz
21 |     version: v0.0.5
22 |   - appVersion: v0.5.2
23 |     created: 2019-01-12T15:44:18.687578-08:00
24 |     description: A Helm chart for cert-manager issuers
25 |     digest: a29655a8c1c03d5f5f2608b3195208f483076e098afa2797cdbfc66a7f4c21af
26 |     home: https://github.com/afirth/site-cluster
27 |     keywords:
28 |     - cert-manager
29 |     - kube-lego
30 |     - letsencrypt
31 |     - tls
32 |     - clusterissuer
33 |     maintainers:
34 |     - email: maintainer@alfirth.com
35 |       name: afirth
36 |     name: cert-manager-issuers
37 |     urls:
38 |     - cert-manager-issuers-v0.0.4.tgz
39 |     version: v0.0.4
40 | generated: 2019-01-12T15:44:18.68712-08:00
41 | 


--------------------------------------------------------------------------------
/cert-manager-issuers/README.md:
--------------------------------------------------------------------------------
 1 | # cert-manager-issuers
 2 | 
 3 | ## Quickstart
 4 | 
 5 | To setup the [letsencrypt](https://letsencrypt.org/) staging and prod http01 ACME endpoints as ClusterIssuers (so you can use the kube-lego style ingress annotation `kubernetes.io/tls-acme: "true"`):
 6 | 
 7 | ### Install cert-manager
 8 | 
 9 | First install the [cert-manager chart](https://github.com/helm/charts/tree/master/stable/cert-manager) with the ingress shim set up:
10 | 
11 | ```
12 | $ helm install --name my-cert-manager-release \
13 | --set ingressShim.defaultIssuerName=letsencrypt-prod,ingressShim.defaultIssuerKind=ClusterIssuer \
14 | stable/cert-manager
15 | ```
16 | 
17 | ### Install the issuers
18 | 
19 | Then install this chart with the default values.yaml and your email address:
20 | 
21 | ```
22 | $ helm install --name my-cert-manager-issuers-release \
23 | -f values.yaml \
24 | --set email=<you@example.com> \
25 | incubator/cert-manager-issuers
26 | ```
27 | 
28 | ### Verifying
29 | 
30 | ```
31 | kubectl logs -l app=cert-manager
32 | ```
33 | 
34 | should show your certificates being provisioned. Note that you _must_ set a valid email address per letsencrypt TOS. @example.com addresses will not work.
35 | 
36 | ## Values
37 | 
38 | ### Commonly used values
39 | 
40 | | Parameter                         | Description                                | Default                                                   |
41 | | --------------------------------- | ------------------------------------------ | --------------------------------------------------------- |
42 | | `email`            | email to use for acme registration               | `you@example.com`                                                     |
43 | 
44 | It is recommended to provide more issuers using a `values.yaml` file. The two letsencrypt http01 endpoints are provided as [ClusterIssuers](http://docs.cert-manager.io/en/latest/reference/issuers.html). Emails set inside an `issuer` override the global one.
45 | 
46 | ## FAQ
47 | 
48 | ### Why isn't this chart part of cert-manager?
49 | 
50 | Due to technical limitations of helm v2, custom resource definitions must be created before a custom resource can be defined. This means that no issuers are included in the [cert-manager helm chart](https://github.com/helm/charts/tree/master/stable/cert-manager), as they would fail to create.
51 | 
52 | ## Stability
53 | 
54 | This chart is in alpha. Backwards incompatible changes will be avoided if possible, but no guarantees.
55 | 
56 | ## Contributing
57 | 
58 | PRs are welcome.
59 | 


--------------------------------------------------------------------------------