feat(helm): add subjects for cert-manager certificate (#346)

* ci(helm): fix helm e2e installer Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * feat(chart): add cert subjects and bump app version 0.4.7 Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
projectcapsule · Dec 8, 2023 · 2333253 · 2333253
1 parent d188f12
commit 2333253
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -107,11 +107,16 @@ helm-test: helm-controller-version kind ct ko-build-all
  @kind create cluster --wait=60s --name capsule-charts
  @kind load docker-image --name capsule-charts $(CAPSULE_PROXY_IMG):$(VERSION)
  @kubectl create ns capsule-system
- @kubectl create -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
- @kubectl create -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml
+ @make helm-install
+
+helm-install:
+ @kubectl apply --server-side=true -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
+ @make install-capsule
+ @kubectl apply --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml
  @ct install --config $(SRC_ROOT)/.github/configs/ct.yaml --namespace=capsule-system --all --debug
- @kind delete cluster --name capsule-charts
 
+helm-destroy:
+ @kind delete cluster --name capsule-charts
 
 ####################
 # -- Testing

diff --git a/charts/capsule-proxy/Chart.yaml b/charts/capsule-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.4.6
+appVersion: 0.4.7
 description: Helm Chart for Capsule Proxy, addon for Capsule, the multi-tenant Operator
 name: capsule-proxy
 type: application
@@ -21,7 +21,7 @@ maintainers:
  - name: capsule-maintainers
  email: cncf-capsule-maintainers@lists.cncf.io
 annotations:
- artifacthub.io/containsSecurityUpdates: "true"
+ artifacthub.io/containsSecurityUpdates: "false"
  artifacthub.io/operator: "true"
  artifacthub.io/prerelease: "false"
  artifacthub.io/category: security
@@ -34,6 +34,4 @@ annotations:
  url: https://capsule.clastix.io/
  artifacthub.io/changes: |
  - kind: added
- description: artifacthub annotations
- - kind: changed
- description: maintainers contact
+ description: add subjects for cert-manager certificate
diff --git a/charts/capsule-proxy/README.md b/charts/capsule-proxy/README.md
@@ -61,6 +61,9 @@ If you only need to make minor customizations, you can specify them on the comma
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Set affinity rules for the capsule-proxy pod. |
+| certManager.certificate.dnsNames | list | `[]` | Additional DNS Names to include in certificate |
+| certManager.certificate.ipAddresses | list | `[]` | Additional IP Addresses to include in certificate |
+| certManager.certificate.uris | list | `[]` | Additional URIs to include in certificate |
 | certManager.externalCA.enabled | bool | `false` | Set if want cert manager to sign certificates with an external CA |
 | certManager.externalCA.secretName | string | `""` | |
 | certManager.generateCertificates | bool | `false` | Set if the cert manager will generate SSL certificates (self-signed or CA-signed) |

diff --git a/charts/capsule-proxy/ci/cert-manager-values.yaml b/charts/capsule-proxy/ci/cert-manager-values.yaml
@@ -0,0 +1,12 @@
+options:
+ enableSSL: true
+ generateCertificates: false
+certManager:
+ generateCertificates: true
+ certificate:
+ dnsNames:
+ - "localhost"
+ ipAddresses:
+ - "127.0.0.1"
+ uris:
+ - "spiffe://cluster.local/ns/sandbox/sa/example"
diff --git a/charts/capsule-proxy/templates/certmanager.yaml b/charts/capsule-proxy/templates/certmanager.yaml
@@ -45,8 +45,23 @@ spec:
  - {{ $hosts.host }}
  {{- end }}
  {{- end }}
+ {{- range $dns := .Values.certManager.certificate.dnsNames }}
+ - {{ $dns }}
+ {{- end }}
  - {{ include "capsule-proxy.fullname" . }}
  - {{ include "capsule-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
+ {{- with .Values.certManager.certificate.ipAddresses }}
+ ipAddresses:
+ {{- range $ip := . }}
+ - {{ $ip }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.certManager.certificate.uris }}
+ uris:
+ {{- range $uri := . }}
+ - {{ $uri }}
+ {{- end }}
+ {{- end }}
  issuerRef:
  kind: {{ .Values.certManager.issuer.kind }}
  name: {{ include "capsule-proxy.certManager.issuerName" . }}

diff --git a/charts/capsule-proxy/values.yaml b/charts/capsule-proxy/values.yaml
@@ -99,6 +99,13 @@ certManager:
  kind: Issuer # Issuer or ClusterIssuer
  # -- Set the name of the ClusterIssuer if issuer kind is ClusterIssuer and if cert manager will generate CA signed SSL certificates
  name: "" # Name of the ClusterIssuer
+ certificate:
+ # -- Additional DNS Names to include in certificate
+ dnsNames: []
+ # -- Additional IP Addresses to include in certificate
+ ipAddresses: []
+ # -- Additional URIs to include in certificate
+ uris: []
 
 
 # ServiceAccount