From 75148f9ba2d1e36aedd60acedbc69b552fecb675 Mon Sep 17 00:00:00 2001
From: Wojtek Siudzinski <admin@suda.pl>
Date: Thu, 29 Jun 2023 14:38:12 +0200
Subject: [PATCH 1/5] Update helm-docs to 1.11.0

---
 .github/helm-docs.sh            | 2 +-
 charts/ackee/README.md          | 2 +-
 charts/documentserver/README.md | 4 ++--
 charts/personal-ovpn/README.md  | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh
index f2e22da..8851e5c 100755
--- a/.github/helm-docs.sh
+++ b/.github/helm-docs.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -euo pipefail
 
-HELM_DOCS_VERSION="1.7.0"
+HELM_DOCS_VERSION="1.11.0"
 
 # install helm-docs
 curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz
diff --git a/charts/ackee/README.md b/charts/ackee/README.md
index 415a896..1e93789 100644
--- a/charts/ackee/README.md
+++ b/charts/ackee/README.md
@@ -93,4 +93,4 @@ $ helm install ackee-release suda/ackee -n ackee --values values.yaml
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| suda | admin@suda.pl | https://suda.pl |
\ No newline at end of file
+| suda | <admin@suda.pl> | <https://suda.pl> |
\ No newline at end of file
diff --git a/charts/documentserver/README.md b/charts/documentserver/README.md
index 610d191..f9bd1b5 100644
--- a/charts/documentserver/README.md
+++ b/charts/documentserver/README.md
@@ -10,7 +10,7 @@ Helm chart for installing ONLYOFFICE Docs in Kubernetes
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| suda | admin@suda.pl | https://suda.pl |
+| suda | <admin@suda.pl> | <https://suda.pl> |
 
 ## Source Code
 
@@ -86,4 +86,4 @@ Helm chart for installing ONLYOFFICE Docs in Kubernetes
 | service.type | string | `"ClusterIP"` | documentserver service type |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.7.0](https://github.com/norwoodj/helm-docs/releases/v1.7.0)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/personal-ovpn/README.md b/charts/personal-ovpn/README.md
index 50d53a8..b1afd06 100644
--- a/charts/personal-ovpn/README.md
+++ b/charts/personal-ovpn/README.md
@@ -45,7 +45,7 @@ But if you really want to, you can enable it by setting `limitTraficToNamespace`
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| suda | admin@suda.pl |  |
+| suda | <admin@suda.pl> |  |
 
 ## Values
 

From 64c72756bbe401fc284a55e271371719be8d9af9 Mon Sep 17 00:00:00 2001
From: Wojtek Siudzinski <admin@suda.pl>
Date: Thu, 29 Jun 2023 14:38:30 +0200
Subject: [PATCH 2/5] Add scaleway-webhook chart

---
 README.md                                     |   1 +
 charts/scaleway-webhook/Chart.yaml            |   5 +
 charts/scaleway-webhook/README.md             |  32 +++++
 .../scaleway-webhook/templates/_helpers.tpl   |  49 +++++++
 .../templates/apiservice.yaml                 |  19 +++
 .../templates/deployment.yaml                 |  78 +++++++++++
 charts/scaleway-webhook/templates/pki.yaml    |  76 ++++++++++
 charts/scaleway-webhook/templates/rbac.yaml   | 130 ++++++++++++++++++
 charts/scaleway-webhook/templates/secret.yaml |  15 ++
 .../scaleway-webhook/templates/service.yaml   |  19 +++
 charts/scaleway-webhook/values.yaml           |  44 ++++++
 11 files changed, 468 insertions(+)
 create mode 100644 charts/scaleway-webhook/Chart.yaml
 create mode 100644 charts/scaleway-webhook/README.md
 create mode 100644 charts/scaleway-webhook/templates/_helpers.tpl
 create mode 100644 charts/scaleway-webhook/templates/apiservice.yaml
 create mode 100644 charts/scaleway-webhook/templates/deployment.yaml
 create mode 100644 charts/scaleway-webhook/templates/pki.yaml
 create mode 100644 charts/scaleway-webhook/templates/rbac.yaml
 create mode 100644 charts/scaleway-webhook/templates/secret.yaml
 create mode 100644 charts/scaleway-webhook/templates/service.yaml
 create mode 100644 charts/scaleway-webhook/values.yaml

diff --git a/README.md b/README.md
index 9a2c5c2..6ca7469 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ See [Artifact Hub](https://artifacthub.io/packages/search?repo=suda) or [charts]
 ## Acknowledgements
 
 * [`documentserver` chart](charts/documentserver) is based on [ONLYOFFICE chart/documentation](https://github.com/ONLYOFFICE/Kubernetes-Docs)
+* [`scaleway-webhook` chart](charts/scaleway-webhook) is based on [`cert-manager-webhook-scaleway` deployment chart](https://github.com/scaleway/cert-manager-webhook-scaleway/tree/main/deploy)
 
 ## License
 
diff --git a/charts/scaleway-webhook/Chart.yaml b/charts/scaleway-webhook/Chart.yaml
new file mode 100644
index 0000000..e4aa579
--- /dev/null
+++ b/charts/scaleway-webhook/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "v0.0.1"
+description: Cert-Manager webhook for Scaleway
+name: scaleway-webhook
+version: 0.0.1
diff --git a/charts/scaleway-webhook/README.md b/charts/scaleway-webhook/README.md
new file mode 100644
index 0000000..f92b8a1
--- /dev/null
+++ b/charts/scaleway-webhook/README.md
@@ -0,0 +1,32 @@
+# scaleway-webhook
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![AppVersion: v0.0.1](https://img.shields.io/badge/AppVersion-v0.0.1-informational?style=flat-square)
+
+Cert-Manager webhook for Scaleway
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| certManager.namespace | string | `"cert-manager"` |  |
+| certManager.serviceAccountName | string | `"cert-manager"` |  |
+| fullnameOverride | string | `""` |  |
+| groupName | string | `"acme.scaleway.com"` |  |
+| image.imagePullSecrets | list | `[]` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"scaleway/cert-manager-webhook-scaleway"` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| pki.caDuration | string | `"43800h"` |  |
+| pki.servingCertificateDuration | string | `"8760h"` |  |
+| resources | object | `{}` |  |
+| secret.accessKey | string | `""` |  |
+| secret.name | string | `"scaleway-webhook-secret"` |  |
+| secret.secretKey | string | `""` |  |
+| service.port | int | `443` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/scaleway-webhook/templates/_helpers.tpl b/charts/scaleway-webhook/templates/_helpers.tpl
new file mode 100644
index 0000000..6f3325a
--- /dev/null
+++ b/charts/scaleway-webhook/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "scaleway-webhook.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "scaleway-webhook.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "scaleway-webhook.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "scaleway-webhook.selfSignedIssuer" -}}
+{{ printf "%s-selfsign" (include "scaleway-webhook.fullname" .) }}
+{{- end -}}
+
+{{- define "scaleway-webhook.rootCAIssuer" -}}
+{{ printf "%s-ca" (include "scaleway-webhook.fullname" .) }}
+{{- end -}}
+
+{{- define "scaleway-webhook.rootCACertificate" -}}
+{{ printf "%s-ca" (include "scaleway-webhook.fullname" .) }}
+{{- end -}}
+
+{{- define "scaleway-webhook.servingCertificate" -}}
+{{ printf "%s-webhook-tls" (include "scaleway-webhook.fullname" .) }}
+{{- end -}}
+
diff --git a/charts/scaleway-webhook/templates/apiservice.yaml b/charts/scaleway-webhook/templates/apiservice.yaml
new file mode 100644
index 0000000..539c0fa
--- /dev/null
+++ b/charts/scaleway-webhook/templates/apiservice.yaml
@@ -0,0 +1,19 @@
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1alpha1.{{ .Values.groupName }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "scaleway-webhook.servingCertificate" . }}"
+spec:
+  group: {{ .Values.groupName }}
+  groupPriorityMinimum: 1000
+  versionPriority: 15
+  service:
+    name: {{ include "scaleway-webhook.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+  version: v1alpha1
diff --git a/charts/scaleway-webhook/templates/deployment.yaml b/charts/scaleway-webhook/templates/deployment.yaml
new file mode 100644
index 0000000..31668bf
--- /dev/null
+++ b/charts/scaleway-webhook/templates/deployment.yaml
@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "scaleway-webhook.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "scaleway-webhook.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ include "scaleway-webhook.fullname" . }}
+      {{- with .Values.image.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - --tls-cert-file=/tls/tls.crt
+            - --tls-private-key-file=/tls/tls.key
+          env:
+            - name: GROUP_NAME
+              value: {{ .Values.groupName | quote }}
+          {{ if and .Values.secret.accessKey .Values.secret.secretKey }}
+          envFrom:
+          - secretRef:
+              name: {{ .Values.secret.name }}
+          {{ end }}
+          ports:
+            - name: https
+              containerPort: 443
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /healthz
+              port: https
+          readinessProbe:
+            timeoutSeconds: 5
+            httpGet:
+              scheme: HTTPS
+              path: /healthz
+              port: https
+          volumeMounts:
+            - name: certs
+              mountPath: /tls
+              readOnly: true
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+      volumes:
+        - name: certs
+          secret:
+            secretName: {{ include "scaleway-webhook.servingCertificate" . }}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
diff --git a/charts/scaleway-webhook/templates/pki.yaml b/charts/scaleway-webhook/templates/pki.yaml
new file mode 100644
index 0000000..b30b40c
--- /dev/null
+++ b/charts/scaleway-webhook/templates/pki.yaml
@@ -0,0 +1,76 @@
+---
+# Create a selfsigned Issuer, in order to create a root CA certificate for
+# signing webhook serving certificates
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "scaleway-webhook.selfSignedIssuer" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  selfSigned: {}
+
+---
+
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "scaleway-webhook.rootCACertificate" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "scaleway-webhook.rootCACertificate" . }}
+  duration: {{ .Values.pki.caDuration }}
+  issuerRef:
+    name: {{ include "scaleway-webhook.selfSignedIssuer" . }}
+  commonName: "ca.scaleway-webhook.cert-manager"
+  isCA: true
+
+---
+
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "scaleway-webhook.rootCAIssuer" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  ca:
+    secretName: {{ include "scaleway-webhook.rootCACertificate" . }}
+
+---
+
+# Finally, generate a serving certificate for the webhook to use
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "scaleway-webhook.servingCertificate" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  secretName: {{ include "scaleway-webhook.servingCertificate" . }}
+  duration: {{ .Values.pki.servingCertificateDuration }}
+  issuerRef:
+    name: {{ include "scaleway-webhook.rootCAIssuer" . }}
+  dnsNames:
+  - {{ include "scaleway-webhook.fullname" . }}
+  - {{ include "scaleway-webhook.fullname" . }}.{{ .Release.Namespace }}
+  - {{ include "scaleway-webhook.fullname" . }}.{{ .Release.Namespace }}.svc
diff --git a/charts/scaleway-webhook/templates/rbac.yaml b/charts/scaleway-webhook/templates/rbac.yaml
new file mode 100644
index 0000000..1660b6c
--- /dev/null
+++ b/charts/scaleway-webhook/templates/rbac.yaml
@@ -0,0 +1,130 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+---
+# Grant the webhook permission to read the secrets containing the credentials
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}:secrets-reader
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups:
+    - ''
+    resources:
+    - 'secrets'
+    verbs:
+    - 'get'
+---
+# Grant the webhook permission to read the secrets containing the credentials
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}:secrets-reader
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "scaleway-webhook.fullname" . }}:secrets-reader
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ include "scaleway-webhook.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+---
+# Grant the webhook permission to read the ConfigMap containing the Kubernetes
+# apiserver's requestheader-ca-certificate.
+# This ConfigMap is automatically created by the Kubernetes apiserver.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}:webhook-authentication-reader
+  namespace: kube-system
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ include "scaleway-webhook.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+---
+# apiserver gets the auth-delegator role to delegate auth decisions to
+# the core apiserver
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}:auth-delegator
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ include "scaleway-webhook.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+---
+# Grant cert-manager permission to validate using our apiserver
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}:domain-solver
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups:
+      - {{ .Values.groupName }}
+    resources:
+      - '*'
+    verbs:
+      - 'create'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}:domain-solver
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "scaleway-webhook.fullname" . }}:domain-solver
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ .Values.certManager.serviceAccountName }}
+    namespace: {{ .Values.certManager.namespace }}
diff --git a/charts/scaleway-webhook/templates/secret.yaml b/charts/scaleway-webhook/templates/secret.yaml
new file mode 100644
index 0000000..092d801
--- /dev/null
+++ b/charts/scaleway-webhook/templates/secret.yaml
@@ -0,0 +1,15 @@
+{{ if and .Values.secret.accessKey .Values.secret.secretKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.secret.name }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+stringData:
+  SCW_ACCESS_KEY: {{ .Values.secret.accessKey }}
+  SCW_SECRET_KEY: {{ .Values.secret.secretKey }}
+{{ end }}
diff --git a/charts/scaleway-webhook/templates/service.yaml b/charts/scaleway-webhook/templates/service.yaml
new file mode 100644
index 0000000..526d90c
--- /dev/null
+++ b/charts/scaleway-webhook/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "scaleway-webhook.fullname" . }}
+  labels:
+    app: {{ include "scaleway-webhook.name" . }}
+    chart: {{ include "scaleway-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: https
+      protocol: TCP
+      name: https
+  selector:
+    app: {{ include "scaleway-webhook.name" . }}
+    release: {{ .Release.Name }}
diff --git a/charts/scaleway-webhook/values.yaml b/charts/scaleway-webhook/values.yaml
new file mode 100644
index 0000000..2dd1d87
--- /dev/null
+++ b/charts/scaleway-webhook/values.yaml
@@ -0,0 +1,44 @@
+groupName: acme.scaleway.com
+
+certManager:
+  namespace: cert-manager
+  serviceAccountName: cert-manager
+
+image:
+  repository: scaleway/cert-manager-webhook-scaleway
+  pullPolicy: IfNotPresent
+  imagePullSecrets: []
+
+nameOverride: ""
+fullnameOverride: ""
+
+pki:
+  caDuration: 43800h # 5y
+  servingCertificateDuration: 8760h # 1y
+
+secret:
+  accessKey: ""
+  secretKey: ""
+  name: scaleway-webhook-secret
+
+service:
+  type: ClusterIP
+  port: 443
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

From aef1ddee8ba22aabcf38f8c43c19d2b05c49d9be Mon Sep 17 00:00:00 2001
From: Wojtek Siudzinski <admin@suda.pl>
Date: Thu, 29 Jun 2023 14:49:13 +0200
Subject: [PATCH 3/5] Fix linting errors

---
 charts/scaleway-webhook/Chart.yaml  | 4 ++++
 charts/scaleway-webhook/values.yaml | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/charts/scaleway-webhook/Chart.yaml b/charts/scaleway-webhook/Chart.yaml
index e4aa579..0fa49d5 100644
--- a/charts/scaleway-webhook/Chart.yaml
+++ b/charts/scaleway-webhook/Chart.yaml
@@ -3,3 +3,7 @@ appVersion: "v0.0.1"
 description: Cert-Manager webhook for Scaleway
 name: scaleway-webhook
 version: 0.0.1
+maintainers:
+  - name: suda
+    email: admin@suda.pl
+    url: https://suda.pl
\ No newline at end of file
diff --git a/charts/scaleway-webhook/values.yaml b/charts/scaleway-webhook/values.yaml
index 2dd1d87..fdcd25f 100644
--- a/charts/scaleway-webhook/values.yaml
+++ b/charts/scaleway-webhook/values.yaml
@@ -13,8 +13,8 @@ nameOverride: ""
 fullnameOverride: ""
 
 pki:
-  caDuration: 43800h # 5y
-  servingCertificateDuration: 8760h # 1y
+  caDuration: 43800h  # 5y
+  servingCertificateDuration: 8760h  # 1y
 
 secret:
   accessKey: ""

From 716237a9df8b4badae42a484aa8c0eec9ac78673 Mon Sep 17 00:00:00 2001
From: Wojtek Siudzinski <admin@suda.pl>
Date: Thu, 29 Jun 2023 14:50:15 +0200
Subject: [PATCH 4/5] Update the readme file

---
 charts/scaleway-webhook/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/charts/scaleway-webhook/README.md b/charts/scaleway-webhook/README.md
index f92b8a1..ac69e03 100644
--- a/charts/scaleway-webhook/README.md
+++ b/charts/scaleway-webhook/README.md
@@ -4,6 +4,12 @@
 
 Cert-Manager webhook for Scaleway
 
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| suda | <admin@suda.pl> | <https://suda.pl> |
+
 ## Values
 
 | Key | Type | Default | Description |

From 5522dc80d6c27c680709a00054f954c9d546ba20 Mon Sep 17 00:00:00 2001
From: Wojtek Siudzinski <admin@suda.pl>
Date: Thu, 29 Jun 2023 14:52:00 +0200
Subject: [PATCH 5/5] Add missing newline

---
 charts/scaleway-webhook/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/scaleway-webhook/Chart.yaml b/charts/scaleway-webhook/Chart.yaml
index 0fa49d5..625bc87 100644
--- a/charts/scaleway-webhook/Chart.yaml
+++ b/charts/scaleway-webhook/Chart.yaml
@@ -6,4 +6,4 @@ version: 0.0.1
 maintainers:
   - name: suda
     email: admin@suda.pl
-    url: https://suda.pl
\ No newline at end of file
+    url: https://suda.pl