fix: cert-manager topology first draft

charts/cert-manager/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/cert-manager/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: mission-control-cert-manager
+description: A Helm chart for the Cert Manager bundle for Flanksource Mission Control
+icon: https://github.com/flanksource/docs/blob/main/docs/images/flanksource-icon.png?raw=true
+type: application
+version: 0.1.0
+appVersion: "1.0.0"

charts/cert-manager/templates/NOTES.txt

@@ -0,0 +1 @@
+cert-manager topology added

charts/cert-manager/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cert-manager.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cert-manager.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cert-manager.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cert-manager.labels" -}}
+helm.sh/chart: {{ include "cert-manager.chart" . }}
+{{ include "cert-manager.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cert-manager.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cert-manager.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cert-manager.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cert-manager.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/cert-manager/templates/cert.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: test-certificate
+  namespace: mission-control # Change this to the namespace where you want the certificate
+spec:
+  secretName: test-certificate-secret # Kubernetes secret where the certificate will be stored
+  duration: 2160h # 90d, optional, specifies the duration of the certificate
+  renewBefore: 360h # 15d, optional, specifies how long before expiration to renew
+  commonName: "example.com" # Common Name of the certificate
+  dnsNames:
+    - "example.com" # List of Subject Alternative Names
+    - "www.example.com"
+  issuerRef:
+    name: letsencrypt-staging # The name of the ClusterIssuer or Issuer to use
+    kind: ClusterIssuer # Could be ClusterIssuer or Issuer depending on your setup
+    group: cert-manager.io

charts/cert-manager/templates/topology.yaml

@@ -0,0 +1,133 @@
+apiVersion: canaries.flanksource.com/v1
+kind: Topology
+metadata:
+  name: {{ .Values.topologyName }}
+spec:
+  icon: cert-manager
+  type: Topology
+  schedule: "@every 5m"
+  components:
+    - name: Controllers
+      icon: pod
+      selectors:
+        - types:
+            - Kubernetes::Pod
+          labelSelector: 'namespace=cert-manager'
+    - name: Certificate
+      icon: certificate
+      components:
+      - name: Certificate Component
+        type: lookup
+        forEach:
+          components:
+            - name: Certificate Requests Component
+              type: lookup
+              lookup:
+                configDB:
+                  - query: | 
+                      SELECT name FROM config_items WHERE config_class = 'CertificateRequest' AND config->'metadata'->'annotations' @>'{"cert-manager.io/certificate-name": "{{ .name }}"}'
+                    display:
+                      expr: |
+                        dyn(results).map(r, {
+                          'name': r.name,
+                          'icon': 'certificate',
+                          'namespace': r.namespace,
+                          'status': r.status,
+                          'status_reason': r.description,
+                          'configs': [{'name': r.name, 'namespace': r.namespace, 'type': 'Kubernetes::CertificateRequest'}],
+                          'properties': [
+                            {'name': 'Message', 'text': r.config.status.conditions[0].message},
+                            {'name': 'State', 'text': r.config.status.conditions[0].type, 'headline': true},
+                          ],
+                        }).toJSON()
+        lookup:
+          catalog:
+            - selector:
+              - types:
+                - Kubernetes::Certificate
+              display:
+                expr: |
+                  dyn(results).map(r, {
+                    'name': r.name,
+                    'icon': 'git',
+                    'namespace': r.namespace,
+                    'status': r.status,
+                    'status_reason': r.description,
+                    'configs': [{'name': r.name, 'namespace': r.namespace, 'type': 'Kubernetes::Certificate'}],
+                    'properties': [
+                      {'name': 'Message', 'text': r.config.status.conditions[0].message},
+                      {'name': 'DNSName', 'text': r.config.spec.dnsNames[0]},
+                      {'name': 'State', 'text': r.config.status.conditions[0].type, 'headline': true},
+                    ],
+                  }).toJSON()
+
+    - name: Certificate Requests
+      icon: certificate
+      components:
+      - name: Certificate Requests Component
+        type: lookup
+        lookup:
+          configDB:
+            - query: SELECT * FROM config_items WHERE config_class = 'CertificateRequest'
+              display:
+                expr: |
+                  results.results.map(r, {
+                    'name': r.name,
+                    'icon': 'git',
+                    'namespace': r.namespace,
+                    'status': r.status,
+                    'status_reason': r.description,
+                    'configs': [{'name': r.name, 'namespace': r.namespace, 'type': 'Kubernetes::CertificateRequest'}],
+                    'properties': [
+                      {'name': 'Message', 'text': r.config.status.conditions[0].message},
+                      {'name': 'State', 'text': r.config.status.conditions[0].type, 'headline': true},
+                    ],
+                  }).toJSON()
+
+    - name: Orders
+      icon: certificate
+      components:
+      - name: Orders Component
+        type: lookup
+        lookup:
+          configDB:
+            - query: SELECT * FROM config_items WHERE config_class = 'Order'
+              display:
+                expr: |
+                  results.results.map(r, {
+                    'name': r.name,
+                    'icon': 'git',
+                    'namespace': r.namespace,
+                    'status': r.status,
+                    'status_reason': r.description,
+                    'configs': [{'name': r.name, 'namespace': r.namespace, 'type': 'Kubernetes::Order'}],
+                    'properties': [
+                      {'name': 'DNS Name', 'text': r.config.spec.dnsNames[0]},
+                      {'name': 'State', 'text': r.config.status.state, 'headline': true},
+                    ],
+                  }).toJSON()
+
+    - name: Challenges
+      icon: certificate
+      components:
+      - name: Challenges Component
+        type: lookup
+        lookup:
+          configDB:
+            - query: SELECT * FROM config_items WHERE config_class = 'Challenge'
+              display:
+                expr: |
+                  results.results.map(r, {
+                    'name': r.name,
+                    'icon': 'git',
+                    'namespace': r.namespace,
+                    'status': r.status,
+                    'status_reason': r.description,
+                    'configs': [{'name': r.name, 'namespace': r.namespace, 'type': 'Kubernetes::Challenge'}],
+                    'properties': [
+                      {'name': 'Message', 'text': r.config.status.reason},
+                      {'name': 'DNS Name', 'text': r.config.spec.dnsName},
+                      {'name': 'State', 'text': r.config.status.state, 'headline': true},
+                    ],
+                  }).toJSON()
+---

charts/cert-manager/values.schema.json

@@ -0,0 +1,24 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Generated schema for Root",
+  "type": "object",
+  "properties": {
+    "nameOverride": {
+      "type": "string"
+    },
+    "fullnameOverride": {
+      "type": "string"
+    },
+    "topologyName": {
+      "type": "string"
+    },
+    "labels": {
+      "type": "object",
+      "properties": {},
+      "required": []
+    }
+  },
+  "required": [
+    "topologyName"
+  ]
+}

charts/cert-manager/values.yaml

@@ -0,0 +1,5 @@
+# yaml-language-server: $schema=./values.schema.json
+nameOverride: ""
+fullnameOverride: ""
+labels: {}
+topologyName: cert-manager