kuby-cert-manager 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 339b2e51b6aaa0051e2051cab2e033fc03d43abe95f6957e86f7490790ff6bf7
+  data.tar.gz: b6fe0ee32b9ba4e95a0cdf1ef15899bdf2e8b7e64fa8845f7379248d95620b7c
+SHA512:
+  metadata.gz: 9f22a221166b8e4160802d874b11182c2a95584a32f918facc528d7d3ac879e8138918196f5648231e82288486d55d269ee3316cf3eae4d080f965628b373cfa
+  data.tar.gz: e581dfbbd359583440d8b1fd76433eaecb7dc99c7fc851c5c9f01ff8819334b961cd5312df1f6723843aeb38220546ca4db20f73784bb6284b58c9fcc652d564

data/CHANGELOG.md

@@ -0,0 +1,2 @@
+## 0.1.0
+* Birthday!

data/Gemfile

@@ -0,0 +1,18 @@
+source 'https://rubygems.org'
+
+gemspec
+
+# Declare platform-specific gems here so they install correctly.
+# See: https://github.com/rubygems/rubygems/issues/3646
+gem 'helm-rb'
+
+group :development, :test do
+  gem 'kuby', path: '../kuby'
+  gem 'kuby-kube-db', path: '../kuby-kube-db'
+  gem 'pry-byebug'
+  gem 'rake'
+end
+
+group :test do
+  gem 'rspec', '~> 3.0'
+end

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Cameron Dutro
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/Rakefile

@@ -0,0 +1,14 @@
+require 'bundler'
+require 'rspec/core/rake_task'
+require 'rubygems/package_task'
+
+require 'kuby/cert-manager'
+
+Bundler::GemHelper.install_tasks
+
+task default: :spec
+
+desc 'Run specs'
+RSpec::Core::RakeTask.new do |t|
+  t.pattern = './spec/**/*_spec.rb'
+end

data/kuby-cert-manager.gemspec

@@ -0,0 +1,20 @@
+$:.unshift File.join(File.dirname(__FILE__), 'lib')
+require 'kuby/cert-manager/version'
+
+Gem::Specification.new do |s|
+  s.name     = 'kuby-cert-manager'
+  s.version  = ::Kuby::CertManager::VERSION
+  s.authors  = ['Cameron Dutro']
+  s.email    = ['camertron@gmail.com']
+  s.homepage = 'http://github.com/camertron/kuby-cert-manager'
+
+  s.description = s.summary = 'Kuby plugin for automatically generating TLS certificates.'
+
+  s.platform = Gem::Platform::RUBY
+
+  s.add_dependency 'helm-cli', '~> 0.1'
+  s.add_dependency 'kube-dsl', '~> 0.1'
+
+  s.require_path = 'lib'
+  s.files = Dir['{lib,spec}/**/*', 'Gemfile', 'LICENSE', 'CHANGELOG.md', 'README.md', 'Rakefile', 'kuby-cert-manager.gemspec']
+end

data/lib/kuby/cert-manager.rb

@@ -0,0 +1,15 @@
+require 'kuby/cert-manager/plugin'
+
+module Kuby
+  module CertManager
+    autoload :AcmeStrategy,        'kuby/cert-manager/acme_strategy'
+    autoload :ClusterIssuer,       'kuby/cert-manager/cluster_issuer'
+    autoload :ClusterIssuerSpec,   'kuby/cert-manager/cluster_issuer_spec'
+    autoload :Http01Solver,        'kuby/cert-manager/http01_solver'
+    autoload :Http01SolverIngress, 'kuby/cert-manager/http01_solver_ingress'
+    autoload :PrivateKeySecretRef, 'kuby/cert-manager/private_key_secret_ref'
+    autoload :Solver,              'kuby/cert-manager/solver'
+  end
+end
+
+Kuby.register_plugin(:cert_manager, Kuby::CertManager::Plugin)

data/lib/kuby/cert-manager/acme_strategy.rb

@@ -0,0 +1,22 @@
+module Kuby
+  module CertManager
+    class AcmeStrategy < ::KubeDSL::DSLObject
+      value_fields :server, :email
+      object_field(:private_key_secret_ref) { PrivateKeySecretRef.new }
+      array_field(:solver) { Solver.new }
+
+      def serialize
+        {}.tap do |result|
+          result[:server] = server
+          result[:email] = email
+          result[:privateKeySecretRef] = private_key_secret_ref.serialize
+          result[:solvers] = solvers.map(&:serialize)
+        end
+      end
+
+      def kind_sym
+        :acme_strategy
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/cluster_issuer.rb

@@ -0,0 +1,23 @@
+require 'kube-dsl'
+
+module Kuby
+  module CertManager
+    class ClusterIssuer < ::KubeDSL::DSLObject
+      object_field(:metadata) { ::KubeDSL::DSL::Meta::V1::ObjectMeta.new }
+      object_field(:spec) { ClusterIssuerSpec.new }
+
+      def serialize
+        {}.tap do |result|
+          result[:apiVersion] = "cert-manager.io/v1alpha2"
+          result[:kind] = "ClusterIssuer"
+          result[:metadata] = metadata.serialize
+          result[:spec] = spec.serialize
+        end
+      end
+
+      def kind_sym
+        :cluster_issuer
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/cluster_issuer_spec.rb

@@ -0,0 +1,21 @@
+module Kuby
+  module CertManager
+    class ClusterIssuerSpec < ::KubeDSL::DSLObject
+      object_field(:acme) { AcmeStrategy.new }
+
+      def serialize
+        {}.tap do |result|
+          result[:acme] = acme.serialize
+        end
+      end
+
+      def to_resource
+        ::KubeDSL::Resource.new(serialize)
+      end
+
+      def kind_sym
+        :cluster_issuer_spec
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/http01_solver.rb

@@ -0,0 +1,17 @@
+module Kuby
+  module CertManager
+    class Http01Solver < ::KubeDSL::DSLObject
+      object_field(:ingress) { Http01SolverIngress.new }
+
+      def serialize
+        {}.tap do |result|
+          result[:ingress] = ingress.serialize
+        end
+      end
+
+      def kind_sym
+        :http01_solver
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/http01_solver_ingress.rb

@@ -0,0 +1,17 @@
+module Kuby
+  module CertManager
+    class Http01SolverIngress < ::KubeDSL::DSLObject
+      value_fields :ingress_class
+
+      def serialize
+        {}.tap do |result|
+          result[:class] = ingress_class
+        end
+      end
+
+      def kind_sym
+        :http01_solver_ingress
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/plugin.rb

@@ -0,0 +1,98 @@
+require 'kuby'
+
+module Kuby
+  module CertManager
+    class Plugin < ::Kuby::Kubernetes::Plugin
+      class Config
+        extend ::KubeDSL::ValueFields
+
+        value_fields :email
+      end
+
+      NAMESPACE = 'cert-manager'.freeze
+      CERT_MANAGER_VERSION = '0.13.1'.freeze
+      CERT_MANAGER_RESOURCE = "https://github.com/jetstack/cert-manager/releases/download/v#{CERT_MANAGER_VERSION}/cert-manager.yaml".freeze
+
+      def configure(&block)
+        @config.instance_eval(&block) if block
+      end
+
+      def setup
+        install_cert_manager
+      end
+
+      def resources
+        @resources ||= [cluster_issuer]
+      end
+
+      def annotate_ingress(ingress)
+        context = self
+
+        ingress.metadata do
+          annotations do
+            add :'cert-manager.io/cluster-issuer', context.send(:issuer_name)
+          end
+        end
+      end
+
+      private
+
+      def issuer_name
+        @issuer_name ||= "letsencrypt-#{spec.definition.environment}"
+      end
+
+      # hard-code this stuff for now
+      def cluster_issuer
+        context = self
+        config = @config
+
+        @cluster_issuer ||= ClusterIssuer.new do
+          metadata do
+            name context.send(:issuer_name)
+            namespace NAMESPACE
+          end
+
+          spec do
+            acme do
+              server 'https://acme-v02.api.letsencrypt.org/directory'
+              email config.email
+
+              private_key_secret_ref do
+                name context.send(:issuer_name)
+              end
+
+              solver do
+                http01 do
+                  ingress do
+                    ingress_class 'nginx'
+                  end
+                end
+              end
+            end
+          end
+        end
+      end
+
+      def install_cert_manager
+        Kuby.logger.info('Installing cert-manager...')
+        kubernetes_cli.apply_uri(CERT_MANAGER_RESOURCE)
+        Kuby.logger.info('cert-manager installed successfully!')
+      rescue => e
+        Kuby.logger.fatal(e.message)
+        raise
+      end
+
+      def after_initialize
+        @config = Config.new
+      end
+
+      def spec
+        definition.kubernetes
+      end
+
+      def kubernetes_cli
+        spec.provider.kubernetes_cli
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/private_key_secret_ref.rb

@@ -0,0 +1,17 @@
+module Kuby
+  module CertManager
+    class PrivateKeySecretRef < ::KubeDSL::DSLObject
+      value_fields :name
+
+      def serialize
+        {}.tap do |result|
+          result[:name] = name
+        end
+      end
+
+      def kind_sym
+        :private_key_secret_ref
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/solver.rb

@@ -0,0 +1,17 @@
+module Kuby
+  module CertManager
+    class Solver < ::KubeDSL::DSLObject
+      object_field(:http01) { Http01Solver.new }
+
+      def serialize
+        {}.tap do |result|
+          result[:http01] = http01.serialize
+        end
+      end
+
+      def kind_sym
+        :http01
+      end
+    end
+  end
+end

data/lib/kuby/cert-manager/version.rb

@@ -0,0 +1,5 @@
+module Kuby
+  module CertManager
+    VERSION = '0.1.0'
+  end
+end

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: kuby-cert-manager
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Cameron Dutro
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-06-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: helm-cli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: kube-dsl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: Kuby plugin for automatically generating TLS certificates.
+email:
+- camertron@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- Rakefile
+- kuby-cert-manager.gemspec
+- lib/kuby/cert-manager.rb
+- lib/kuby/cert-manager/acme_strategy.rb
+- lib/kuby/cert-manager/cluster_issuer.rb
+- lib/kuby/cert-manager/cluster_issuer_spec.rb
+- lib/kuby/cert-manager/http01_solver.rb
+- lib/kuby/cert-manager/http01_solver_ingress.rb
+- lib/kuby/cert-manager/plugin.rb
+- lib/kuby/cert-manager/private_key_secret_ref.rb
+- lib/kuby/cert-manager/solver.rb
+- lib/kuby/cert-manager/version.rb
+homepage: http://github.com/camertron/kuby-cert-manager
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.6
+signing_key: 
+specification_version: 4
+summary: Kuby plugin for automatically generating TLS certificates.
+test_files: []