-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
13 changed files
with
130 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
dependencies: | ||
- name: sulfoxide-bromine | ||
repository: oci://ghcr.io/atomicloud/sulfoxide.bromine | ||
version: 1.1.0 | ||
digest: sha256:1f7801f05c546d2c1d85fd3f3a46c41922aaeba3f44eb37f58de73d962c1f55b | ||
generated: "2023-09-28T13:04:48.97515+08:00" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,11 @@ | ||
apiVersion: v2 | ||
name: atomi-cluster-issuer | ||
description: AtomiCloud Cluster Issuer | ||
name: sulfoxide-zinc | ||
description: Helm chart to deploy cluster issuers, which issuer certificate using cert-manager | ||
type: application | ||
version: 1.0.1 | ||
appVersion: "0.1.0" | ||
|
||
dependencies: | ||
- name: sulfoxide-bromine | ||
version: 1.1.0 | ||
repository: oci://ghcr.io/atomicloud/sulfoxide.bromine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,46 @@ | ||
# atomi-cluster-issuer | ||
# sulfoxide-zinc | ||
|
||
![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) | ||
|
||
AtomiCloud Cluster Issuer | ||
Helm chart to deploy cluster issuers, which issuer certificate using cert-manager | ||
|
||
## Requirements | ||
|
||
| Repository | Name | Version | | ||
|------------|------|---------| | ||
| oci://ghcr.io/atomicloud/sulfoxide.bromine | sulfoxide-bromine | 1.1.0 | | ||
|
||
## Values | ||
|
||
| Key | Type | Default | Description | | ||
|-----|------|---------|-------------| | ||
| issuers.letsencrypt | object | `{"email":"[email protected]","secrets":{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"/pichu/opal/cloudflare/token","secretStore":{"kind":"ClusterSecretStore","name":"aws-ssm-secret-store"}},"internal":{"enable":true,"value":""},"key":"api-token","name":"cloudflare-api-token-secret"},"server":"https://acme-v02.api.letsencrypt.org/directory","solvers":[{"dns01":{"cloudflare":{"apiTokenSecretRef":{"key":"api-token","name":"cloudflare-api-token-secret"}}}}],"type":"ClusterIssuer","zones":["atomi.cloud"]}` | Each Issuers | | ||
| issuers.letsencrypt.email | string | `"[email protected]"` | Email for the issuer | | ||
| issuers.letsencrypt.secrets | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"/pichu/opal/cloudflare/token","secretStore":{"kind":"ClusterSecretStore","name":"aws-ssm-secret-store"}},"internal":{"enable":true,"value":""},"key":"api-token","name":"cloudflare-api-token-secret"}` | Secrets | | ||
| issuers | object | `{"letsencrypt":{"email":"[email protected]","secrets":{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"CLOUDFLARE_TOKEN","secretStore":{"kind":"SecretStore","name":"doppler"}},"internal":{"enable":false,"value":""},"key":"api-token","name":"cloudflare-api-token-secret"},"server":"https://acme-v02.api.letsencrypt.org/directory","solvers":[{"dns01":{"cloudflare":{"apiTokenSecretRef":{"key":"api-token","name":"cloudflare-api-token-secret"}}}}],"type":"ClusterIssuer","zones":["atomi.cloud"]}}` | Dictionary of Issuers to configure, where each key is the name of the issuer, and value is the configuration | | ||
| issuers.letsencrypt.email | string | `"[email protected]"` | Email to notify for the issuer | | ||
| issuers.letsencrypt.secrets | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"CLOUDFLARE_TOKEN","secretStore":{"kind":"SecretStore","name":"doppler"}},"internal":{"enable":false,"value":""},"key":"api-token","name":"cloudflare-api-token-secret"}` | Secret for DNS provider to issue certificate | | ||
| issuers.letsencrypt.secrets.external | object | `{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"CLOUDFLARE_TOKEN","secretStore":{"kind":"SecretStore","name":"doppler"}}` | External Secret, use secret from external secret store | | ||
| issuers.letsencrypt.secrets.external.enable | bool | `true` | Enable using external secret | | ||
| issuers.letsencrypt.secrets.external.policy | object | `{"creation":"Owner","deletion":"Retain"}` | Secret policy | | ||
| issuers.letsencrypt.secrets.external.policy.creation | string | `"Owner"` | Creation policy | | ||
| issuers.letsencrypt.secrets.external.policy.deletion | string | `"Retain"` | Deletion policy | | ||
| issuers.letsencrypt.secrets.external.refreshInterval | string | `"1h"` | Refresh Interval for the external secret | | ||
| issuers.letsencrypt.secrets.external.remoteSecretName | string | `"CLOUDFLARE_TOKEN"` | Remote reference for the secret | | ||
| issuers.letsencrypt.secrets.external.secretStore | object | `{"kind":"SecretStore","name":"doppler"}` | Secret store to use | | ||
| issuers.letsencrypt.secrets.external.secretStore.kind | string | `"SecretStore"` | Type of Secret Store: `ClusterSecretStore` or `SecretStore` | | ||
| issuers.letsencrypt.secrets.external.secretStore.name | string | `"doppler"` | Name of secret store to use | | ||
| issuers.letsencrypt.secrets.internal | object | `{"enable":false,"value":""}` | Internal Secret, use secret propogated via Helm | | ||
| issuers.letsencrypt.secrets.internal.enable | bool | `false` | Enable using internal secret | | ||
| issuers.letsencrypt.secrets.internal.value | string | `""` | The actual secret value | | ||
| issuers.letsencrypt.secrets.key | string | `"api-token"` | Key in the secret to use | | ||
| issuers.letsencrypt.secrets.name | string | `"cloudflare-api-token-secret"` | Name of the secret | | ||
| issuers.letsencrypt.server | string | `"https://acme-v02.api.letsencrypt.org/directory"` | ACME compatible server | | ||
| issuers.letsencrypt.type | string | `"ClusterIssuer"` | Type of Issuer: ClusterIssuer or Issuer | | ||
| issuers.letsencrypt.zones | list | `["atomi.cloud"]` | Zones to issue for | | ||
| serviceTree.cluster | string | `"opal"` | | | ||
| serviceTree.landscape | string | `"pichu"` | | | ||
| serviceTree.layer | string | `"1"` | | | ||
| serviceTree.module | string | `"issuer"` | | | ||
| serviceTree.platform | string | `"systems"` | | | ||
| serviceTree.service | string | `"cert-manager"` | | | ||
| issuers.letsencrypt.solvers | list | `[{"dns01":{"cloudflare":{"apiTokenSecretRef":{"key":"api-token","name":"cloudflare-api-token-secret"}}}}]` | TLS Certificate solvers | | ||
| issuers.letsencrypt.type | string | `"ClusterIssuer"` | Type of Issuer: `ClusterIssuer` or `Issuer` | | ||
| issuers.letsencrypt.zones | list | `["atomi.cloud"]` | List zones to issue for | | ||
| serviceTree | object | `{"layer":"1","module":"issuer","platform":"sulfoxide","service":"zinc"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) | | ||
| sulfoxide-bromine | object | `{"rootSecret":{"ref":"SULFOXIDE_ZINC"},"storeName":"doppler"}` | Create SecretStore via secret of secrets pattern | | ||
| sulfoxide-bromine.rootSecret | object | `{"ref":"SULFOXIDE_ZINC"}` | Secret of Secrets reference | | ||
| sulfoxide-bromine.rootSecret.ref | string | `"SULFOXIDE_ZINC"` | DOPPLER Token Reference | | ||
| sulfoxide-bromine.storeName | string | `"doppler"` | Store name to create | | ||
|
||
---------------------------------------------- | ||
Autogenerated from chart metadata using [helm-docs v1.11.1](https://github.com/norwoodj/helm-docs/releases/v1.11.1) |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,47 +1,70 @@ | ||
# -- AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) | ||
serviceTree: | ||
landscape: pichu | ||
cluster: opal | ||
platform: systems | ||
service: cert-manager | ||
platform: sulfoxide | ||
service: zinc | ||
module: issuer | ||
layer: "1" | ||
|
||
# -- Create SecretStore via secret of secrets pattern | ||
sulfoxide-bromine: | ||
# -- Store name to create | ||
storeName: doppler | ||
# -- Secret of Secrets reference | ||
rootSecret: | ||
# -- DOPPLER Token Reference | ||
ref: "SULFOXIDE_ZINC" | ||
|
||
# -- Dictionary of Issuers to configure, where each key is the name of the issuer, and value is the configuration | ||
issuers: | ||
# -- Each Issuers | ||
letsencrypt: | ||
# -- Email for the issuer | ||
# -- Email to notify for the issuer | ||
email: [email protected] | ||
# -- Type of Issuer: ClusterIssuer or Issuer | ||
# -- Type of Issuer: `ClusterIssuer` or `Issuer` | ||
type: ClusterIssuer | ||
# -- ACME compatible server | ||
server: https://acme-v02.api.letsencrypt.org/directory | ||
# -- Zones to issue for | ||
# -- List zones to issue for | ||
zones: | ||
- atomi.cloud | ||
# -- Secrets | ||
# -- Secret for DNS provider to issue certificate | ||
secrets: | ||
# -- Name of the secret | ||
name: cloudflare-api-token-secret | ||
# -- Key in the secret to use | ||
key: api-token | ||
# -- Internal Secret, use secret propogated via Helm | ||
internal: | ||
enable: true | ||
# -- Enable using internal secret | ||
enable: false | ||
# -- The actual secret value | ||
value: "" | ||
# -- External Secret, use secret from external secret store | ||
external: | ||
# -- Enable using external secret | ||
enable: true | ||
# -- Refresh Interval for the external secret | ||
refreshInterval: 1h | ||
remoteSecretName: /pichu/opal/cloudflare/token | ||
# -- Remote reference for the secret | ||
remoteSecretName: CLOUDFLARE_TOKEN | ||
# -- Secret store to use | ||
secretStore: | ||
name: aws-ssm-secret-store | ||
kind: ClusterSecretStore | ||
# -- Name of secret store to use | ||
name: doppler | ||
# -- Type of Secret Store: `ClusterSecretStore` or `SecretStore` | ||
kind: SecretStore | ||
# -- Secret policy | ||
policy: | ||
# -- Creation policy | ||
creation: Owner | ||
# -- Deletion policy | ||
deletion: Retain | ||
# solvers | ||
# -- TLS Certificate solvers | ||
solvers: | ||
- dns01: | ||
cloudflare: | ||
apiTokenSecretRef: | ||
name: cloudflare-api-token-secret | ||
key: api-token | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,7 @@ with packages; | |
bash | ||
jq | ||
yq-go | ||
skopeo | ||
]; | ||
|
||
dev = [ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,6 +27,7 @@ let | |
git | ||
jq | ||
yq-go | ||
skopeo | ||
|
||
nodejs_20 | ||
|
||
|