initial config based of jenkins-x/jenkins-x-boot-config with ref v1.0.82

2025-08-30 04:22:49 +00:00 · 2020-04-15 12:37:41 +02:00
commit 9434645ce5
106 changed files with 2971 additions and 0 deletions
--- a/systems/acme/Chart.yaml
+++ b/systems/acme/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+appVersion: 1.0.82
+description: ACME Chart
+maintainers:
+- name: Team
+name: acme
+version: 1.0.82
--- a/systems/acme/templates/cert-manager-prod-certificate.yaml
+++ b/systems/acme/templates/cert-manager-prod-certificate.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "true" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: "tls-{{ .Values.cluster.domain | replace "." "-" }}-p"
+  labels:
+    jenkins.io/letsencrypt-service: production
+spec:
+  secretName: "tls-{{ .Values.cluster.domain | replace "." "-" }}-p"
+  issuerRef:
+    name: letsencrypt-prod
+  commonName: "*.{{ .Values.cluster.domain }}"
+  dnsNames:
+  - "*.{{ .Values.cluster.domain }}"
+{{- end }}
+{{- end }}
--- a/systems/acme/templates/cert-manager-prod-issuer.yaml
+++ b/systems/acme/templates/cert-manager-prod-issuer.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "true" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: "{{ .Values.certmanager.email }}"
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - selector:
+        dnsNames:
+        - "*.{{ .Values.cluster.domain }}"
+        - "{{ .Values.cluster.domain }}"
+      # ACME DNS-01 provider configurations
+      dns01:
+{{- if eq .Values.cluster.provider "gke" }}
+        clouddns:
+          # The project in which to update the DNS zone
+          project: "{{ .Values.cluster.projectID }}"
+          # A secretKeyRef to a google cloud json service account
+          serviceAccountSecretRef:
+            name: external-dns-gcp-sa
+            key: credentials.json
+{{- end }}
+{{- if eq .Values.cluster.provider "eks" }}
+        route53:
+          region: {{ .Values.cluster.region }}
+{{- end }}
+{{- end }}
+{{- end }}
--- a/systems/acme/templates/cert-manager-staging-certificate.yaml
+++ b/systems/acme/templates/cert-manager-staging-certificate.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "false" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: "tls-{{ .Values.cluster.domain | replace "." "-" }}-s"
+  labels:
+    jenkins.io/letsencrypt-service: staging
+spec:
+  secretName: "tls-{{ .Values.cluster.domain | replace "." "-" }}-s"
+  issuerRef:
+    name: letsencrypt-staging
+  commonName: "*.{{ .Values.cluster.domain }}"
+  dnsNames:
+  - "*.{{ .Values.cluster.domain }}"
+{{- end }}
+{{- end }}
--- a/systems/acme/templates/cert-manager-staging-issuer.yaml
+++ b/systems/acme/templates/cert-manager-staging-issuer.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.certmanager.enabled }}
+{{- if eq .Values.certmanager.production "false" }}
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: "{{ .Values.certmanager.email }}"
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - selector:
+        dnsNames:
+        - "*.{{ .Values.cluster.domain }}"
+        - "{{ .Values.cluster.domain }}"
+      # ACME DNS-01 provider configurations
+      dns01:
+{{- if eq .Values.cluster.provider "gke" }}
+        clouddns:
+          # The project in which to update the DNS zone
+          project: "{{ .Values.cluster.projectID }}"
+          # A secretKeyRef to a google cloud json service account
+          serviceAccountSecretRef:
+            name: external-dns-gcp-sa
+            key: credentials.json
+{{- end }}
+{{- if eq .Values.cluster.provider "eks" }}
+        route53:
+          region: {{ .Values.cluster.region }}
+{{- end }}
+{{- end }}
+{{- end }}
--- a/systems/acme/values.tmpl.yaml
+++ b/systems/acme/values.tmpl.yaml
@@ -0,0 +1,20 @@
+cluster:
+  domain: {{ .Requirements.ingress.domain }}
+  provider: {{ .Requirements.cluster.provider }}
+{{- if hasKey .Requirements.cluster "project" }}
+  projectID: {{ .Requirements.cluster.project }}
+{{- else }}
+  projectID: ""
+{{- end }}
+{{- if hasKey .Requirements.cluster "region" }}
+  region: {{ .Requirements.cluster.region }}
+{{- else }}
+  region: ""
+{{- end }}
+
+ {{- if .Requirements.ingress.tls }}
+certmanager:
+  production: "{{ .Requirements.ingress.tls.production }}"
+  email:  "{{ .Requirements.ingress.tls.email }}"
+  enabled: {{ .Requirements.ingress.tls.enabled }}
+{{- end }}