switch to zot

charts/network-base/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "network-base.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "network-base.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "network-base.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "network-base.labels" -}}
+helm.sh/chart: {{ include "network-base.chart" . }}
+{{ include "network-base.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "network-base.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "network-base.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/network-base/templates/certificate.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  dnsNames:
+  - {{ .Values.domain }}
+  - "*.{{ .Values.domain }}"
+  issuerRef:
+    kind: Issuer
+    name: {{ include "network-base.fullname" . }}
+  secretName: {{ include "network-base.fullname" . }}-cert

charts/network-base/templates/gateway.yaml

@@ -0,0 +1,39 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: grpc-web
+      number: 8080
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: http
+      number: 80
+      protocol: HTTP2
+    tls:
+      httpsRedirect: true
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: https
+      number: 443
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE

charts/network-base/templates/issuer.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  acme:
+    email: {{ .Values.certificate.email }}
+    privateKeySecretRef:
+      name: {{ include "network-base.fullname" . }}-priv-key
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            key: value
+            name: {{ include "network-base.fullname" . }}-clf-token
+          email: {{ .Values.certificate.email }}

charts/network-base/templates/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "network-base.fullname" . }}-clf-token
+  # namespace: cert-manager
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+  value: {{ .Values.certificate.cloudflareToken }}