(cert-manager) : Simplifying the ClusterIssuer template | Fixes for m…

…aking the wildcard certificates feature work Signed-off-by: Archisman <archisman@obmondo.com>
Obmondo · Oct 25, 2024 · 4fb88b7 · 4fb88b7
1 parent 5d4b98b
commit 4fb88b7
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 42 deletions.
diff --git a/argocd-helm-charts/cert-manager/templates/certificate.yaml b/argocd-helm-charts/cert-manager/templates/certificate.yaml
@@ -10,7 +10,6 @@ spec:
     group: cert-manager.io
     kind: ClusterIssuer
     name: {{ $.Values.issuer.name | quote }}
-  commonName: "{{ . }}"
   dnsNames:
   - "{{ . }}"
 

diff --git a/argocd-helm-charts/cert-manager/templates/clusterissuer.yaml b/argocd-helm-charts/cert-manager/templates/clusterissuer.yaml
@@ -16,23 +16,16 @@ spec:
     {{- end -}}
 {{- if kindIs "slice" .Values.issuer.solvers }}
     solvers:
-    {{- range $k, $v := .Values.issuer.solvers -}}
+    {{- range $k, $v := .Values.issuer.solvers }}
     {{- if eq (toString $v.type) "dns"}}
-    {{- if not $v.dnsNames }}
-    {{- fail (printf "Value dnsNames is required for cloudProvider: %s" $v.cloudProvider) }}
-    {{- end }}
-    {{- range $d, $dnsName := $v.dnsNames -}}
-    {{- if not $dnsName}}
-    {{- fail (printf "Value of dnsName can't be empty for cloudProvider: %s" $v.cloudProvider) }}
-    {{- end }}
+    {{- if or (not $v.dnsNames) (has "" $v.dnsNames) }}
+    {{- fail (printf "DNS names are required and cannot be empty for cloudProvider: %s" $v.cloudProvider) }}
     {{- end }}
     {{- if eq (toString $v.cloudProvider) "cloudflare" }}
     - dns01:
         {{ $v.cloudProvider }}:
           email: {{ $v.issuerEmail }}
-          apiTokenSecretRef:
-            name: {{ $v.cloudProviderSecret }}
-            key: api-token
+          apiTokenSecretRef: {{ $v.cloudProviderSecretRef }}
       selector:
         dnsNames:
           {{- range $v.dnsNames }}
@@ -57,33 +50,7 @@ spec:
           class: {{ $v.http01.ingress.ingressClassName }}
     {{- end -}}
     {{- end }}
-{{- else -}}
-    {{- if eq (toString .Values.issuer.cloudProvider) "cloudflare" }}
-    solvers:
-    - dns01:
-        {{ .Values.issuer.cloudProvider }}:
-          email: {{ .Values.issuer.issuerEmail }}
-          apiTokenSecretRef:
-            name: {{ .Values.issuer.cloudProviderSecret }}
-            key: api-token
-    {{- else if eq (toString .Values.issuer.cloudProvider) "route53" }}
-    solvers:
-    - dns01:
-        {{ .Values.issuer.cloudProvider }}:
-          region: {{ .Values.issuer.region }}
-          {{- if .Values.issuer.hostedZoneID }}
-          hostedZoneID: {{ .Values.issuer.hostedZoneID }}
-          {{- end }}
-      selector:
-        dnsZones:
-          {{- range.Values.issuer.dnsZones }}
-          - {{ . | quote }}
-          {{- end }}
-    {{- else }}
-    solvers:
-    - http01:
-        ingress:
-          class: traefik-cert-manager
-    {{- end -}}
-{{- end -}}
-{{- end -}}
+{{- else }}
+{{- fail "Error: .Values.issuer.solvers should be of type slice (list)." }}
+{{- end }}
+{{- end }}
diff --git a/argocd-helm-charts/cert-manager/templates/ingressclass.yaml b/argocd-helm-charts/cert-manager/templates/ingressclass.yaml
@@ -1,6 +1,10 @@
+{{- range $k, $v := .Values.issuer.solvers -}}
+{{- if and (eq (toString $v.type) "http") (eq $v.http01.ingress.ingressClassName "traefik-cert-manager") }}
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
   name: traefik-cert-manager
 spec:
   controller: traefik.io/ingress-controller
+{{- end }}
+{{- end }}
diff --git a/argocd-helm-charts/cert-manager/values.yaml b/argocd-helm-charts/cert-manager/values.yaml
@@ -31,11 +31,18 @@ cert-manager:
       requests:
         cpu: 1m
         memory: 16Mi
+
 issuer:
   name: letsencrypt
   enabled: false
   production: false
   preferredChain: null
+  solvers:
+    - type: http
+      http01:
+        ingress:
+          ingressClassName: traefik-cert-manager
+
 networkpolicies: false
 enableCertificateOwnerRef: true