From 0f7110f21606f21bb553b1c75ac3dfd0454c1074 Mon Sep 17 00:00:00 2001
From: Andri Joos <andri@joos.io>
Date: Mon, 14 Oct 2024 15:19:28 +0200
Subject: [PATCH] add helm chart

---
 .gitlab-ci.yml                     | 12 +++++
 acme-issuer/.helmignore            | 23 ++++++++++
 acme-issuer/Chart.yaml             | 24 ++++++++++
 acme-issuer/templates/_helpers.tpl | 70 ++++++++++++++++++++++++++++++
 acme-issuer/templates/issuer.yaml  | 22 ++++++++++
 acme-issuer/values.yaml            | 13 ++++++
 6 files changed, 164 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 acme-issuer/.helmignore
 create mode 100644 acme-issuer/Chart.yaml
 create mode 100644 acme-issuer/templates/_helpers.tpl
 create mode 100644 acme-issuer/templates/issuer.yaml
 create mode 100644 acme-issuer/values.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..80a0105
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,12 @@
+include:
+- project: charts/ci-templates
+  ref: master
+  file: gitlab_deployment.gitlab-ci.yml
+
+variables:
+  CHART_DIRECTORY: acme-issuer/
+  CHANNEL: stable
+
+deploy_on_gitlab:
+  only:
+  - tags
diff --git a/acme-issuer/.helmignore b/acme-issuer/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/acme-issuer/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/acme-issuer/Chart.yaml b/acme-issuer/Chart.yaml
new file mode 100644
index 0000000..8e0206b
--- /dev/null
+++ b/acme-issuer/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: acme-issuer
+description: An ACME Issuer Helm Chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"
diff --git a/acme-issuer/templates/_helpers.tpl b/acme-issuer/templates/_helpers.tpl
new file mode 100644
index 0000000..f77f46a
--- /dev/null
+++ b/acme-issuer/templates/_helpers.tpl
@@ -0,0 +1,70 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "acme-issuer.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "acme-issuer.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "acme-issuer.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "acme-issuer.labels" -}}
+helm.sh/chart: {{ include "acme-issuer.chart" . }}
+{{ include "acme-issuer.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "acme-issuer.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "acme-issuer.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "acme-issuer.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "acme-issuer.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Issuer
+*/}}
+{{- define "acme-issuer.issuer.labels" -}}
+{{- $merged := merge (include "acme-issuer.labels" . | fromYaml ) .Values.labels }}
+{{- $merged | toYaml }}
+{{- end }}
diff --git a/acme-issuer/templates/issuer.yaml b/acme-issuer/templates/issuer.yaml
new file mode 100644
index 0000000..7eec5ed
--- /dev/null
+++ b/acme-issuer/templates/issuer.yaml
@@ -0,0 +1,22 @@
+apiVersion: cert-manager.io/v1
+kind: {{ .Values.type }}
+metadata:
+  name: {{ .Release.Name }}
+  {{- with .Values.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "acme-issuer.issuer.labels" . | nindent 4 }}
+spec:
+  acme:
+    server: {{ .Values.server }}
+    email: {{ .Values.email }}
+    {{- with .Values.secret.name }}
+    privateKeySecretRef:
+      name: {{ . }}
+    {{- end }}
+    {{- with .Values.solvers }}
+    solvers:
+      {{- . | toYaml | nindent 6 }}
+    {{- end }}
diff --git a/acme-issuer/values.yaml b/acme-issuer/values.yaml
new file mode 100644
index 0000000..21202f8
--- /dev/null
+++ b/acme-issuer/values.yaml
@@ -0,0 +1,13 @@
+type: Issuer # Either Issuer or ClusterIssuer
+
+server: https://acme-v02.api.letsencrypt.org/directory
+
+email: your-email@example.com
+
+solvers: []
+# - http01:
+#     ingress:
+#       class: traefik
+
+secret:
+  name: https-certificate
-- 
GitLab