From aaee1db6b1260daa72ac5d62bef51992b5d61ba4 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 25 Oct 2023 17:52:29 +0300 Subject: [PATCH 01/35] http01 ingress class set to default --- .../charts/cert-manager-giantswarm-clusterissuer/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index 45c00fd2..c8561047 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -46,4 +46,4 @@ acme: secretAccessKey: "" http01: enabled: true - ingressClassName: nginx + ingressClassName: "" From dd855e844769799ab2ebeee5f66677d040220324 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 25 Oct 2023 19:30:19 +0300 Subject: [PATCH 02/35] enable cilium policy --- helm/cert-manager/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/values.yaml b/helm/cert-manager/values.yaml index 507ae8c9..95f712bb 100644 --- a/helm/cert-manager/values.yaml +++ b/helm/cert-manager/values.yaml @@ -787,6 +787,6 @@ startupapicheck: enableServiceLinks: false ciliumNetworkPolicy: - enabled: false + enabled: true fullnameOverride: "cert-manager-app" From 91a8d94e4cb5f4fd9f963a1d8f74682edc81e224 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 25 Oct 2023 20:11:39 +0300 Subject: [PATCH 03/35] template test --- .../templates/_helpers.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 0c7e619b..e1291d90 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,7 +65,9 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: + {{- if .Values.acme.http01.ingressClassName }} ingressClassName: {{ .Values.acme.http01.ingressClassName }} + {{- end }} {{ end }} --- {{- end }} From d8100158635b1417f525e005f813e520196eedfe Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 25 Oct 2023 21:31:13 +0300 Subject: [PATCH 04/35] test other parsing --- .../charts/cert-manager-giantswarm-clusterissuer/Chart.yaml | 2 +- .../templates/_helpers.tpl | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml index f5a8f858..b2de4799 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cert-manager-giantswarm-clusterissuer description: Creates the Giant Swarm default cluster issuers. -version: 2.0.0 +version: 2.0.1 appVersion: 1.24.4 home: https://github.com/giantswarm/cert-manager-app icon: https://s.giantswarm.io/app-icons/cert-manager/1/light.svg diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index e1291d90..04c295f9 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,9 +65,7 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: - {{- if .Values.acme.http01.ingressClassName }} - ingressClassName: {{ .Values.acme.http01.ingressClassName }} - {{- end }} + ingressClassName: {{ .Values.acme.http01.ingressClassName | quote }} {{ end }} --- {{- end }} From 8e233509cd7b41da59929d726a5b4d9e4776437e Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 25 Oct 2023 21:49:21 +0300 Subject: [PATCH 05/35] chart version revert --- .../charts/cert-manager-giantswarm-clusterissuer/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml index b2de4799..f5a8f858 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cert-manager-giantswarm-clusterissuer description: Creates the Giant Swarm default cluster issuers. -version: 2.0.1 +version: 2.0.0 appVersion: 1.24.4 home: https://github.com/giantswarm/cert-manager-app icon: https://s.giantswarm.io/app-icons/cert-manager/1/light.svg From 7de59a779000d733a438f1ac7e0c3e1a896eddae Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 25 Oct 2023 22:01:33 +0300 Subject: [PATCH 06/35] clusterissuer chart version change --- helm/cert-manager/Chart.lock | 9 --------- helm/cert-manager/Chart.yaml | 2 +- .../cert-manager-giantswarm-clusterissuer/Chart.yaml | 2 +- 3 files changed, 2 insertions(+), 11 deletions(-) delete mode 100644 helm/cert-manager/Chart.lock diff --git a/helm/cert-manager/Chart.lock b/helm/cert-manager/Chart.lock deleted file mode 100644 index 4d53d004..00000000 --- a/helm/cert-manager/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: cert-manager-giantswarm-clusterissuer - repository: "" - version: 2.0.0 -- name: cert-manager-giantswarm-netpol - repository: "" - version: 0.1.0 -digest: sha256:ccb4a0541a32badf1c6bc34c4ecde3307a9e45fd248ebb2df9e2a71993201506 -generated: "2023-07-26T14:05:01.15873209Z" diff --git a/helm/cert-manager/Chart.yaml b/helm/cert-manager/Chart.yaml index a0f029a7..8d292d96 100644 --- a/helm/cert-manager/Chart.yaml +++ b/helm/cert-manager/Chart.yaml @@ -12,7 +12,7 @@ annotations: kubeVersion: ">=1.22.0-0" dependencies: - name: cert-manager-giantswarm-clusterissuer - version: 2.0.0 + version: 2.0.1 alias: giantSwarmClusterIssuer - name: cert-manager-giantswarm-netpol version: 0.1.0 diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml index f5a8f858..b2de4799 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cert-manager-giantswarm-clusterissuer description: Creates the Giant Swarm default cluster issuers. -version: 2.0.0 +version: 2.0.1 appVersion: 1.24.4 home: https://github.com/giantswarm/cert-manager-app icon: https://s.giantswarm.io/app-icons/cert-manager/1/light.svg From adc0f5245fe3f96f8b00397762fc16d0226627b4 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 01:30:34 +0300 Subject: [PATCH 07/35] test --- .../templates/_helpers.tpl | 4 +++- .../charts/cert-manager-giantswarm-clusterissuer/values.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 04c295f9..4ad26ca8 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,7 +65,9 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: - ingressClassName: {{ .Values.acme.http01.ingressClassName | quote }} + {{- if .Values.acme.http01.ingressClass }} + ingressClass: {{ .Values.acme.http01.ingressClass }} + {{- end }} {{ end }} --- {{- end }} diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index c8561047..c49b98b9 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -46,4 +46,4 @@ acme: secretAccessKey: "" http01: enabled: true - ingressClassName: "" + ingressClass: "" From 04b2694014ea54a90c2372b8f1609334204fde27 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 01:38:03 +0300 Subject: [PATCH 08/35] fix json --- .../cert-manager-giantswarm-clusterissuer/values.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json index 6147a924..371d8d3b 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json @@ -50,7 +50,7 @@ "enabled": { "type": "boolean" }, - "ingressClassName": { + "ingressClass": { "type": "string" } } From f554150f3f05518cdf98afd495a181f0ea4522f8 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 12:14:21 +0300 Subject: [PATCH 09/35] test ver --- helm/cert-manager/Chart.yaml | 2 +- .../charts/cert-manager-giantswarm-clusterissuer/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/cert-manager/Chart.yaml b/helm/cert-manager/Chart.yaml index 8d292d96..a0f029a7 100644 --- a/helm/cert-manager/Chart.yaml +++ b/helm/cert-manager/Chart.yaml @@ -12,7 +12,7 @@ annotations: kubeVersion: ">=1.22.0-0" dependencies: - name: cert-manager-giantswarm-clusterissuer - version: 2.0.1 + version: 2.0.0 alias: giantSwarmClusterIssuer - name: cert-manager-giantswarm-netpol version: 0.1.0 diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml index b2de4799..f5a8f858 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cert-manager-giantswarm-clusterissuer description: Creates the Giant Swarm default cluster issuers. -version: 2.0.1 +version: 2.0.0 appVersion: 1.24.4 home: https://github.com/giantswarm/cert-manager-app icon: https://s.giantswarm.io/app-icons/cert-manager/1/light.svg From 6370a7825324d70c008a567feebec263afecd716 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 12:33:29 +0300 Subject: [PATCH 10/35] ingress tests --- .../templates/_helpers.tpl | 4 +--- .../cert-manager-giantswarm-clusterissuer/values.schema.json | 4 +++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 4ad26ca8..ba8c5341 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,9 +65,7 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: - {{- if .Values.acme.http01.ingressClass }} - ingressClass: {{ .Values.acme.http01.ingressClass }} - {{- end }} + name: {{ .Values.acme.http01.ingressName }} {{ end }} --- {{- end }} diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json index 371d8d3b..8cfca199 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json @@ -50,9 +50,11 @@ "enabled": { "type": "boolean" }, - "ingressClass": { + "ingress": { + "name": { "type": "string" } + } } } } From 07baf2806c111c4ba7e18efcb7509957321f31b2 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 12:36:42 +0300 Subject: [PATCH 11/35] small fix --- .../charts/cert-manager-giantswarm-clusterissuer/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index c49b98b9..40305e69 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -46,4 +46,5 @@ acme: secretAccessKey: "" http01: enabled: true - ingressClass: "" + ingress: + name: "" From fab624a6f8e3bb1032e4645c6fab0969aada06e5 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 13:14:44 +0300 Subject: [PATCH 12/35] solver test --- .../templates/_helpers.tpl | 5 +++++ .../cert-manager-giantswarm-clusterissuer/values.schema.json | 3 +++ .../charts/cert-manager-giantswarm-clusterissuer/values.yaml | 1 + 3 files changed, 9 insertions(+) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index ba8c5341..ffbb86cc 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -64,6 +64,11 @@ spec: {{ end }} {{ if .Values.acme.http01.enabled -}} - http01: + {{- if .Values.acme.http01.ingressClassName }} + ingressClassName: {{ .Values.acme.http01.ingressClassName }} + {{- else }} + ingressClassName: "" + {{- end }} ingress: name: {{ .Values.acme.http01.ingressName }} {{ end }} diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json index 8cfca199..90df1361 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json @@ -50,6 +50,9 @@ "enabled": { "type": "boolean" }, + "ingressClassName": { + "type": "string" + }, "ingress": { "name": { "type": "string" diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index 40305e69..72a9ebcb 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -46,5 +46,6 @@ acme: secretAccessKey: "" http01: enabled: true + ingressClassName: "" ingress: name: "" From 078e50eda5771894df86127a198c2e5db2ae33f8 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 13:27:01 +0300 Subject: [PATCH 13/35] test quotes --- .../templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index ffbb86cc..a52e9732 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -67,7 +67,7 @@ spec: {{- if .Values.acme.http01.ingressClassName }} ingressClassName: {{ .Values.acme.http01.ingressClassName }} {{- else }} - ingressClassName: "" + ingressClassName: {{ quote }} {{- end }} ingress: name: {{ .Values.acme.http01.ingressName }} From b63db23f06299da9f74c6f162bf727fabe98cf51 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 13:37:53 +0300 Subject: [PATCH 14/35] remove quote --- .../templates/_helpers.tpl | 2 -- 1 file changed, 2 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index a52e9732..9969f71b 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -66,8 +66,6 @@ spec: - http01: {{- if .Values.acme.http01.ingressClassName }} ingressClassName: {{ .Values.acme.http01.ingressClassName }} - {{- else }} - ingressClassName: {{ quote }} {{- end }} ingress: name: {{ .Values.acme.http01.ingressName }} From 412b17cbb6158a23933169e1a5353b3e3c3ff90e Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 13:58:11 +0300 Subject: [PATCH 15/35] try ingressClassName default --- .../templates/_helpers.tpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 9969f71b..bb8296f4 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -66,6 +66,8 @@ spec: - http01: {{- if .Values.acme.http01.ingressClassName }} ingressClassName: {{ .Values.acme.http01.ingressClassName }} + {{- else }} + ingressClassName: {{- end }} ingress: name: {{ .Values.acme.http01.ingressName }} From 9901d863163f09ed09d2ee3cd116c6b75871dd30 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 15:47:13 +0300 Subject: [PATCH 16/35] empty ingressclassname --- .../templates/_helpers.tpl | 2 -- 1 file changed, 2 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index bb8296f4..9969f71b 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -66,8 +66,6 @@ spec: - http01: {{- if .Values.acme.http01.ingressClassName }} ingressClassName: {{ .Values.acme.http01.ingressClassName }} - {{- else }} - ingressClassName: {{- end }} ingress: name: {{ .Values.acme.http01.ingressName }} From 4c4cad8f7469dc0f5d80b4ed355ff24c578e6c92 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 15:57:54 +0300 Subject: [PATCH 17/35] test on template --- .../templates/_helpers.tpl | 4 ++-- .../cert-manager-giantswarm-clusterissuer/values.schema.json | 2 +- .../charts/cert-manager-giantswarm-clusterissuer/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 9969f71b..59b681b3 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -64,8 +64,8 @@ spec: {{ end }} {{ if .Values.acme.http01.enabled -}} - http01: - {{- if .Values.acme.http01.ingressClassName }} - ingressClassName: {{ .Values.acme.http01.ingressClassName }} + {{- if .Values.acme.http01.ingressClass }} + ingressClass: {{ .Values.acme.http01.ingressClass }} {{- end }} ingress: name: {{ .Values.acme.http01.ingressName }} diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json index 90df1361..efe462b2 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json @@ -50,7 +50,7 @@ "enabled": { "type": "boolean" }, - "ingressClassName": { + "ingressClass": { "type": "string" }, "ingress": { diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index 72a9ebcb..f283572d 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -46,6 +46,6 @@ acme: secretAccessKey: "" http01: enabled: true - ingressClassName: "" + ingressClass: "" ingress: name: "" From b19d2c2f17ba80b47c59ce26b1d5cf3de452cbf9 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 16:08:53 +0300 Subject: [PATCH 18/35] revert test --- .../templates/_helpers.tpl | 4 ++-- .../cert-manager-giantswarm-clusterissuer/values.schema.json | 2 +- .../charts/cert-manager-giantswarm-clusterissuer/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 59b681b3..e5049969 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -64,8 +64,8 @@ spec: {{ end }} {{ if .Values.acme.http01.enabled -}} - http01: - {{- if .Values.acme.http01.ingressClass }} - ingressClass: {{ .Values.acme.http01.ingressClass }} + {{- with .Values.acme.http01.ingressClassName }} + ingressClassName: {{ . }} {{- end }} ingress: name: {{ .Values.acme.http01.ingressName }} diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json index efe462b2..90df1361 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json @@ -50,7 +50,7 @@ "enabled": { "type": "boolean" }, - "ingressClass": { + "ingressClassName": { "type": "string" }, "ingress": { diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index f283572d..72a9ebcb 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -46,6 +46,6 @@ acme: secretAccessKey: "" http01: enabled: true - ingressClass: "" + ingressClassName: "" ingress: name: "" From 47de6e6c9c5a4cec3431b3573cb70fed4bc4b642 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 17:01:46 +0300 Subject: [PATCH 19/35] script for ingressclass --- .../templates/_helpers.tpl | 11 +++++--- .../templates/job.yaml | 21 ++++++++++++--- .../templates/update-ingress.yaml | 26 +++++++++++++++++++ .../values.schema.json | 5 ---- .../values.yaml | 2 -- 5 files changed, 50 insertions(+), 15 deletions(-) create mode 100644 helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index e5049969..f16a39d6 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -64,12 +64,15 @@ spec: {{ end }} {{ if .Values.acme.http01.enabled -}} - http01: - {{- with .Values.acme.http01.ingressClassName }} - ingressClassName: {{ . }} - {{- end }} ingress: - name: {{ .Values.acme.http01.ingressName }} + {{- if .Values.acme.http01.ingressClassName }} + ingressClassName: {{ .Values.acme.http01.ingressClassName }} + {{- else }} + ingressClassName: + {{- end }} {{ end }} +{{- end }} +{{- end }} --- {{- end }} apiVersion: cert-manager.io/v1 diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml index 4057fc31..80496090 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml @@ -22,6 +22,20 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + initContainers: + - name: update-ingress-script + command: + - /bin/bash + args: + - /scripts/update-ingress.sh + image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' + imagePullPolicy: Always + volumeMounts: + - name: {{ .Values.name }}-script-volume + mountPath: /scripts + - name: {{ .Values.name }} + subPath: clusterissuer.yaml + mountPath: /data/clusterissuer.yaml containers: - name: {{ .Values.name }} image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' @@ -30,10 +44,6 @@ spec: - apply - --filename - /data - volumeMounts: - - name: {{ .Values.name }} - subPath: clusterissuer.yaml - mountPath: /data/clusterissuer.yaml resources: {{- toYaml .Values.resources | nindent 10 }} securityContext: runAsNonRoot: true @@ -49,6 +59,9 @@ spec: - name: {{ .Values.name }} configMap: name: {{ .Values.name }} + - name: {{ .Values.name }}-script-volume + configMap: + name: {{ .Values.name }}-script restartPolicy: Never tolerations: - key: node-role.kubernetes.io/master diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml new file mode 100644 index 00000000..ae3c640c --- /dev/null +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }}-script +data: + update-ingress.sh: | + + # Parse ingressClassName from clusterissuer.yaml + INGRESS_CLASS_NAME=$(grep 'ingressClassName:' /data/clusterissuer.yaml | awk '{print $2}') + + # Check if ingressClassName is set in clusterissuer.yaml + if [[ -z "$INGRESS_CLASS_NAME" ]]; then + # If not set, check for a default IngressClass in the cluster + DEFAULT_INGRESS_CLASS=$(kubectl get ingressclass --all-namespaces -o jsonpath='{.items[?(@.metadata.annotations."ingressclass.kubernetes.io/is-default-class"=="true")].metadata.name}') + + # If no default IngressClass, set to the first available IngressClass + if [[ -z "$DEFAULT_INGRESS_CLASS" ]]; then + FIRST_AVAILABLE_INGRESS_CLASS=$(kubectl get ingressclass --all-namespaces -o jsonpath='{.items[0].metadata.name}') + if [[ -n "$FIRST_AVAILABLE_INGRESS_CLASS" ]]; then + sed -i 's/ingressClassName:.*/ingressClassName: "'"$FIRST_AVAILABLE_INGRESS_CLASS"'"/' /data/clusterissuer.yaml + else + echo "No available IngressClass found" + exit 1 + fi + fi + fi diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json index 90df1361..6147a924 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.schema.json @@ -52,11 +52,6 @@ }, "ingressClassName": { "type": "string" - }, - "ingress": { - "name": { - "type": "string" - } } } } diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index 72a9ebcb..c8561047 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -47,5 +47,3 @@ acme: http01: enabled: true ingressClassName: "" - ingress: - name: "" From 3a537e783d867a8afe0381600de001827721495a Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 17:05:47 +0300 Subject: [PATCH 20/35] helm lint fix --- .../templates/_helpers.tpl | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index f16a39d6..a542bf55 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,14 +65,12 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: - {{- if .Values.acme.http01.ingressClassName }} - ingressClassName: {{ .Values.acme.http01.ingressClassName }} - {{- else }} - ingressClassName: - {{- end }} + {{- if .Values.acme.http01.ingressClassName }} + ingressClassName: {{ .Values.acme.http01.ingressClassName }} + {{- else }} + ingressClassName: + {{- end }} {{ end }} -{{- end }} -{{- end }} --- {{- end }} apiVersion: cert-manager.io/v1 From 44fb98283af4b7f9dd10013f9fa92807d6add3d4 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 17:12:57 +0300 Subject: [PATCH 21/35] bash to sh on script --- .../cert-manager-giantswarm-clusterissuer/templates/job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml index 80496090..a6ce6595 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml @@ -25,7 +25,7 @@ spec: initContainers: - name: update-ingress-script command: - - /bin/bash + - /bin/sh args: - /scripts/update-ingress.sh image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' From 2e6566acfa1f7397fba22c51868b3cafbcf76ecf Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 17:25:24 +0300 Subject: [PATCH 22/35] policy fix --- .../templates/job.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml index a6ce6595..511da6b8 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml @@ -36,6 +36,16 @@ spec: - name: {{ .Values.name }} subPath: clusterissuer.yaml mountPath: /data/clusterissuer.yaml + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsUser: {{ .Values.userID }} + runAsGroup: {{ .Values.groupID }} + seccompProfile: + type: RuntimeDefault containers: - name: {{ .Values.name }} image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' From fa606652049fbd72cf2ec2852681af292b1264ea Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 17:41:22 +0300 Subject: [PATCH 23/35] reverts --- .../templates/_helpers.tpl | 6 ++-- .../templates/job.yaml | 31 +++---------------- .../templates/update-ingress.yaml | 26 ---------------- 3 files changed, 6 insertions(+), 57 deletions(-) delete mode 100644 helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index a542bf55..4ad26ca8 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,10 +65,8 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: - {{- if .Values.acme.http01.ingressClassName }} - ingressClassName: {{ .Values.acme.http01.ingressClassName }} - {{- else }} - ingressClassName: + {{- if .Values.acme.http01.ingressClass }} + ingressClass: {{ .Values.acme.http01.ingressClass }} {{- end }} {{ end }} --- diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml index 511da6b8..4057fc31 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/job.yaml @@ -22,30 +22,6 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault - initContainers: - - name: update-ingress-script - command: - - /bin/sh - args: - - /scripts/update-ingress.sh - image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' - imagePullPolicy: Always - volumeMounts: - - name: {{ .Values.name }}-script-volume - mountPath: /scripts - - name: {{ .Values.name }} - subPath: clusterissuer.yaml - mountPath: /data/clusterissuer.yaml - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsUser: {{ .Values.userID }} - runAsGroup: {{ .Values.groupID }} - seccompProfile: - type: RuntimeDefault containers: - name: {{ .Values.name }} image: '{{ include "registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' @@ -54,6 +30,10 @@ spec: - apply - --filename - /data + volumeMounts: + - name: {{ .Values.name }} + subPath: clusterissuer.yaml + mountPath: /data/clusterissuer.yaml resources: {{- toYaml .Values.resources | nindent 10 }} securityContext: runAsNonRoot: true @@ -69,9 +49,6 @@ spec: - name: {{ .Values.name }} configMap: name: {{ .Values.name }} - - name: {{ .Values.name }}-script-volume - configMap: - name: {{ .Values.name }}-script restartPolicy: Never tolerations: - key: node-role.kubernetes.io/master diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml deleted file mode 100644 index ae3c640c..00000000 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/update-ingress.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.name }}-script -data: - update-ingress.sh: | - - # Parse ingressClassName from clusterissuer.yaml - INGRESS_CLASS_NAME=$(grep 'ingressClassName:' /data/clusterissuer.yaml | awk '{print $2}') - - # Check if ingressClassName is set in clusterissuer.yaml - if [[ -z "$INGRESS_CLASS_NAME" ]]; then - # If not set, check for a default IngressClass in the cluster - DEFAULT_INGRESS_CLASS=$(kubectl get ingressclass --all-namespaces -o jsonpath='{.items[?(@.metadata.annotations."ingressclass.kubernetes.io/is-default-class"=="true")].metadata.name}') - - # If no default IngressClass, set to the first available IngressClass - if [[ -z "$DEFAULT_INGRESS_CLASS" ]]; then - FIRST_AVAILABLE_INGRESS_CLASS=$(kubectl get ingressclass --all-namespaces -o jsonpath='{.items[0].metadata.name}') - if [[ -n "$FIRST_AVAILABLE_INGRESS_CLASS" ]]; then - sed -i 's/ingressClassName:.*/ingressClassName: "'"$FIRST_AVAILABLE_INGRESS_CLASS"'"/' /data/clusterissuer.yaml - else - echo "No available IngressClass found" - exit 1 - fi - fi - fi From 848aa715bc0a8a70a3fe9ad90f365e2cd315ed7e Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 17:42:44 +0300 Subject: [PATCH 24/35] back to nginx --- .../charts/cert-manager-giantswarm-clusterissuer/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml index c8561047..46da2739 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/values.yaml @@ -46,4 +46,4 @@ acme: secretAccessKey: "" http01: enabled: true - ingressClassName: "" + ingressClassName: "nginx" From 60a37e96b404ba16ae044849a1c61f6cc07cd829 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 18:49:21 +0300 Subject: [PATCH 25/35] typo --- .../templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 4ad26ca8..7c9fe87e 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -66,7 +66,7 @@ spec: - http01: ingress: {{- if .Values.acme.http01.ingressClass }} - ingressClass: {{ .Values.acme.http01.ingressClass }} + ingressClassName: {{ .Values.acme.http01.ingressClass }} {{- end }} {{ end }} --- From f5de35981c894f9a7a832796c1bd3f321123df95 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 19:01:31 +0300 Subject: [PATCH 26/35] typo --- .../templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index 7c9fe87e..e1291d90 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,8 +65,8 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: - {{- if .Values.acme.http01.ingressClass }} - ingressClassName: {{ .Values.acme.http01.ingressClass }} + {{- if .Values.acme.http01.ingressClassName }} + ingressClassName: {{ .Values.acme.http01.ingressClassName }} {{- end }} {{ end }} --- From c1a97ca9312f6e507ab4619f16cd594ecc77511a Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 20:47:24 +0300 Subject: [PATCH 27/35] network policies --- .../templates/acme-solvers-networkpolicy.yaml | 16 ++++++++++++++++ .../acme-solvers-ciliumnetworkpolicy.yaml | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml create mode 100644 helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml new file mode 100644 index 00000000..d6ef44d9 --- /dev/null +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Values.name }}-acme-solvers + labels: + {{- include "issuerLabels" . | nindent 4 }} + annotations: + {{- include "issuerAnnotations" . | nindent 4 }} +spec: + podSelector: + matchLabels: + acme.cert-manager.io/http01-solver: "true" + policyTypes: + - Ingress + egress: + - {} \ No newline at end of file diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml new file mode 100644 index 00000000..1720990f --- /dev/null +++ b/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml @@ -0,0 +1,16 @@ +apiVersion: "cilium.io/v2" +kind: CiliumNetworkPolicy +metadata: + name: {{ template "cert-manager.fullname" . }}-clusterissuer-acme-solvers + namespace: giantswarm + labels: + app: {{ template "cert-manager.name" . }}-clusterissuer-acme-solvers + app.kubernetes.io/name: {{ template "cert-manager.name" . }}-clusterissuer-acme-solvers + app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "labels" . | nindent 4 }} +spec: + endpointSelector: + matchLabels: + acme.cert-manager.io/http01-solver: "true" + ingress: + - {} From 08b2b4789a9281f6519260bc3c09aa721dff39f7 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 26 Oct 2023 21:02:13 +0300 Subject: [PATCH 28/35] cure for PR --- .../templates/_helpers.tpl | 2 -- .../templates/acme-solvers-networkpolicy.yaml | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl index e1291d90..0c7e619b 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/_helpers.tpl @@ -65,9 +65,7 @@ spec: {{ if .Values.acme.http01.enabled -}} - http01: ingress: - {{- if .Values.acme.http01.ingressClassName }} ingressClassName: {{ .Values.acme.http01.ingressClassName }} - {{- end }} {{ end }} --- {{- end }} diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml index d6ef44d9..9d8b261d 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: {{ .Values.name }}-acme-solvers + name: {{ .Values.name }}-http01-solvers labels: {{- include "issuerLabels" . | nindent 4 }} annotations: From 40109d673272d96265655f10d282e5e52e9627b7 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Mon, 30 Oct 2023 11:56:37 +0200 Subject: [PATCH 29/35] typo on ingress --- .../templates/acme-solvers-networkpolicy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml index 9d8b261d..6e08dece 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml @@ -12,5 +12,5 @@ spec: acme.cert-manager.io/http01-solver: "true" policyTypes: - Ingress - egress: + ingress: - {} \ No newline at end of file From f32a2d958224ed226ea115d64065207ce83b999f Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Mon, 30 Oct 2023 12:40:12 +0200 Subject: [PATCH 30/35] test both ingress-egress --- .../templates/acme-solvers-ciliumnetworkpolicy.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml index 1720990f..61edf799 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml @@ -14,3 +14,5 @@ spec: acme.cert-manager.io/http01-solver: "true" ingress: - {} + egress: + - {} \ No newline at end of file From c1215dd009d7dbc6978b03d4f78efa0ebf6c22ba Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Mon, 30 Oct 2023 12:59:55 +0200 Subject: [PATCH 31/35] remove cilium netpol --- .../templates/acme-solvers-networkpolicy.yaml | 3 +++ .../acme-solvers-ciliumnetworkpolicy.yaml | 18 ------------------ 2 files changed, 3 insertions(+), 18 deletions(-) delete mode 100644 helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml index 6e08dece..0bd26621 100644 --- a/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml +++ b/helm/cert-manager/charts/cert-manager-giantswarm-clusterissuer/templates/acme-solvers-networkpolicy.yaml @@ -12,5 +12,8 @@ spec: acme.cert-manager.io/http01-solver: "true" policyTypes: - Ingress + - Egress ingress: + - {} + egress: - {} \ No newline at end of file diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml deleted file mode 100644 index 61edf799..00000000 --- a/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: "cilium.io/v2" -kind: CiliumNetworkPolicy -metadata: - name: {{ template "cert-manager.fullname" . }}-clusterissuer-acme-solvers - namespace: giantswarm - labels: - app: {{ template "cert-manager.name" . }}-clusterissuer-acme-solvers - app.kubernetes.io/name: {{ template "cert-manager.name" . }}-clusterissuer-acme-solvers - app.kubernetes.io/instance: {{ .Release.Name }} - {{- include "labels" . | nindent 4 }} -spec: - endpointSelector: - matchLabels: - acme.cert-manager.io/http01-solver: "true" - ingress: - - {} - egress: - - {} \ No newline at end of file From ee2bd66726c18df0c838f70db85a90510b26453e Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Mon, 30 Oct 2023 16:50:41 +0200 Subject: [PATCH 32/35] ciliumNetworkPolicy disabled by default --- helm/cert-manager/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/values.yaml b/helm/cert-manager/values.yaml index 95f712bb..507ae8c9 100644 --- a/helm/cert-manager/values.yaml +++ b/helm/cert-manager/values.yaml @@ -787,6 +787,6 @@ startupapicheck: enableServiceLinks: false ciliumNetworkPolicy: - enabled: true + enabled: false fullnameOverride: "cert-manager-app" From fbc9acbfa54080d864efce6af2ce65cf5e8ae866 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 1 Nov 2023 18:13:02 +0200 Subject: [PATCH 33/35] cilium requred for CAPZ --- helm/cert-manager/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/values.yaml b/helm/cert-manager/values.yaml index 507ae8c9..95f712bb 100644 --- a/helm/cert-manager/values.yaml +++ b/helm/cert-manager/values.yaml @@ -787,6 +787,6 @@ startupapicheck: enableServiceLinks: false ciliumNetworkPolicy: - enabled: false + enabled: true fullnameOverride: "cert-manager-app" From cb46e9c57fd15d1d602260fa07fd549e1fe4fa11 Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Wed, 1 Nov 2023 18:26:58 +0200 Subject: [PATCH 34/35] ciliumnetwork policies for acme solvers --- .../acme-solvers-ciliumnetworkpolicy.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml diff --git a/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml b/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml new file mode 100644 index 00000000..61edf799 --- /dev/null +++ b/helm/cert-manager/charts/cert-manager-giantswarm-netpol/templates/acme-solvers-ciliumnetworkpolicy.yaml @@ -0,0 +1,18 @@ +apiVersion: "cilium.io/v2" +kind: CiliumNetworkPolicy +metadata: + name: {{ template "cert-manager.fullname" . }}-clusterissuer-acme-solvers + namespace: giantswarm + labels: + app: {{ template "cert-manager.name" . }}-clusterissuer-acme-solvers + app.kubernetes.io/name: {{ template "cert-manager.name" . }}-clusterissuer-acme-solvers + app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "labels" . | nindent 4 }} +spec: + endpointSelector: + matchLabels: + acme.cert-manager.io/http01-solver: "true" + ingress: + - {} + egress: + - {} \ No newline at end of file From 2f3742ee6b5041fa928af33504329b8167caf41c Mon Sep 17 00:00:00 2001 From: Spyros Synodinos Date: Thu, 2 Nov 2023 01:12:17 +0200 Subject: [PATCH 35/35] ciliumNetworkPolicy off by default --- helm/cert-manager/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/cert-manager/values.yaml b/helm/cert-manager/values.yaml index 95f712bb..507ae8c9 100644 --- a/helm/cert-manager/values.yaml +++ b/helm/cert-manager/values.yaml @@ -787,6 +787,6 @@ startupapicheck: enableServiceLinks: false ciliumNetworkPolicy: - enabled: true + enabled: false fullnameOverride: "cert-manager-app"