kuby-cert-manager 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 339b2e51b6aaa0051e2051cab2e033fc03d43abe95f6957e86f7490790ff6bf7
4
+ data.tar.gz: b6fe0ee32b9ba4e95a0cdf1ef15899bdf2e8b7e64fa8845f7379248d95620b7c
5
+ SHA512:
6
+ metadata.gz: 9f22a221166b8e4160802d874b11182c2a95584a32f918facc528d7d3ac879e8138918196f5648231e82288486d55d269ee3316cf3eae4d080f965628b373cfa
7
+ data.tar.gz: e581dfbbd359583440d8b1fd76433eaecb7dc99c7fc851c5c9f01ff8819334b961cd5312df1f6723843aeb38220546ca4db20f73784bb6284b58c9fcc652d564
@@ -0,0 +1,2 @@
1
+ ## 0.1.0
2
+ * Birthday!
data/Gemfile ADDED
@@ -0,0 +1,18 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ # Declare platform-specific gems here so they install correctly.
6
+ # See: https://github.com/rubygems/rubygems/issues/3646
7
+ gem 'helm-rb'
8
+
9
+ group :development, :test do
10
+ gem 'kuby', path: '../kuby'
11
+ gem 'kuby-kube-db', path: '../kuby-kube-db'
12
+ gem 'pry-byebug'
13
+ gem 'rake'
14
+ end
15
+
16
+ group :test do
17
+ gem 'rspec', '~> 3.0'
18
+ end
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2020 Cameron Dutro
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,14 @@
1
+ require 'bundler'
2
+ require 'rspec/core/rake_task'
3
+ require 'rubygems/package_task'
4
+
5
+ require 'kuby/cert-manager'
6
+
7
+ Bundler::GemHelper.install_tasks
8
+
9
+ task default: :spec
10
+
11
+ desc 'Run specs'
12
+ RSpec::Core::RakeTask.new do |t|
13
+ t.pattern = './spec/**/*_spec.rb'
14
+ end
@@ -0,0 +1,20 @@
1
+ $:.unshift File.join(File.dirname(__FILE__), 'lib')
2
+ require 'kuby/cert-manager/version'
3
+
4
+ Gem::Specification.new do |s|
5
+ s.name = 'kuby-cert-manager'
6
+ s.version = ::Kuby::CertManager::VERSION
7
+ s.authors = ['Cameron Dutro']
8
+ s.email = ['camertron@gmail.com']
9
+ s.homepage = 'http://github.com/camertron/kuby-cert-manager'
10
+
11
+ s.description = s.summary = 'Kuby plugin for automatically generating TLS certificates.'
12
+
13
+ s.platform = Gem::Platform::RUBY
14
+
15
+ s.add_dependency 'helm-cli', '~> 0.1'
16
+ s.add_dependency 'kube-dsl', '~> 0.1'
17
+
18
+ s.require_path = 'lib'
19
+ s.files = Dir['{lib,spec}/**/*', 'Gemfile', 'LICENSE', 'CHANGELOG.md', 'README.md', 'Rakefile', 'kuby-cert-manager.gemspec']
20
+ end
@@ -0,0 +1,15 @@
1
+ require 'kuby/cert-manager/plugin'
2
+
3
+ module Kuby
4
+ module CertManager
5
+ autoload :AcmeStrategy, 'kuby/cert-manager/acme_strategy'
6
+ autoload :ClusterIssuer, 'kuby/cert-manager/cluster_issuer'
7
+ autoload :ClusterIssuerSpec, 'kuby/cert-manager/cluster_issuer_spec'
8
+ autoload :Http01Solver, 'kuby/cert-manager/http01_solver'
9
+ autoload :Http01SolverIngress, 'kuby/cert-manager/http01_solver_ingress'
10
+ autoload :PrivateKeySecretRef, 'kuby/cert-manager/private_key_secret_ref'
11
+ autoload :Solver, 'kuby/cert-manager/solver'
12
+ end
13
+ end
14
+
15
+ Kuby.register_plugin(:cert_manager, Kuby::CertManager::Plugin)
@@ -0,0 +1,22 @@
1
+ module Kuby
2
+ module CertManager
3
+ class AcmeStrategy < ::KubeDSL::DSLObject
4
+ value_fields :server, :email
5
+ object_field(:private_key_secret_ref) { PrivateKeySecretRef.new }
6
+ array_field(:solver) { Solver.new }
7
+
8
+ def serialize
9
+ {}.tap do |result|
10
+ result[:server] = server
11
+ result[:email] = email
12
+ result[:privateKeySecretRef] = private_key_secret_ref.serialize
13
+ result[:solvers] = solvers.map(&:serialize)
14
+ end
15
+ end
16
+
17
+ def kind_sym
18
+ :acme_strategy
19
+ end
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,23 @@
1
+ require 'kube-dsl'
2
+
3
+ module Kuby
4
+ module CertManager
5
+ class ClusterIssuer < ::KubeDSL::DSLObject
6
+ object_field(:metadata) { ::KubeDSL::DSL::Meta::V1::ObjectMeta.new }
7
+ object_field(:spec) { ClusterIssuerSpec.new }
8
+
9
+ def serialize
10
+ {}.tap do |result|
11
+ result[:apiVersion] = "cert-manager.io/v1alpha2"
12
+ result[:kind] = "ClusterIssuer"
13
+ result[:metadata] = metadata.serialize
14
+ result[:spec] = spec.serialize
15
+ end
16
+ end
17
+
18
+ def kind_sym
19
+ :cluster_issuer
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,21 @@
1
+ module Kuby
2
+ module CertManager
3
+ class ClusterIssuerSpec < ::KubeDSL::DSLObject
4
+ object_field(:acme) { AcmeStrategy.new }
5
+
6
+ def serialize
7
+ {}.tap do |result|
8
+ result[:acme] = acme.serialize
9
+ end
10
+ end
11
+
12
+ def to_resource
13
+ ::KubeDSL::Resource.new(serialize)
14
+ end
15
+
16
+ def kind_sym
17
+ :cluster_issuer_spec
18
+ end
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,17 @@
1
+ module Kuby
2
+ module CertManager
3
+ class Http01Solver < ::KubeDSL::DSLObject
4
+ object_field(:ingress) { Http01SolverIngress.new }
5
+
6
+ def serialize
7
+ {}.tap do |result|
8
+ result[:ingress] = ingress.serialize
9
+ end
10
+ end
11
+
12
+ def kind_sym
13
+ :http01_solver
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,17 @@
1
+ module Kuby
2
+ module CertManager
3
+ class Http01SolverIngress < ::KubeDSL::DSLObject
4
+ value_fields :ingress_class
5
+
6
+ def serialize
7
+ {}.tap do |result|
8
+ result[:class] = ingress_class
9
+ end
10
+ end
11
+
12
+ def kind_sym
13
+ :http01_solver_ingress
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,98 @@
1
+ require 'kuby'
2
+
3
+ module Kuby
4
+ module CertManager
5
+ class Plugin < ::Kuby::Kubernetes::Plugin
6
+ class Config
7
+ extend ::KubeDSL::ValueFields
8
+
9
+ value_fields :email
10
+ end
11
+
12
+ NAMESPACE = 'cert-manager'.freeze
13
+ CERT_MANAGER_VERSION = '0.13.1'.freeze
14
+ CERT_MANAGER_RESOURCE = "https://github.com/jetstack/cert-manager/releases/download/v#{CERT_MANAGER_VERSION}/cert-manager.yaml".freeze
15
+
16
+ def configure(&block)
17
+ @config.instance_eval(&block) if block
18
+ end
19
+
20
+ def setup
21
+ install_cert_manager
22
+ end
23
+
24
+ def resources
25
+ @resources ||= [cluster_issuer]
26
+ end
27
+
28
+ def annotate_ingress(ingress)
29
+ context = self
30
+
31
+ ingress.metadata do
32
+ annotations do
33
+ add :'cert-manager.io/cluster-issuer', context.send(:issuer_name)
34
+ end
35
+ end
36
+ end
37
+
38
+ private
39
+
40
+ def issuer_name
41
+ @issuer_name ||= "letsencrypt-#{spec.definition.environment}"
42
+ end
43
+
44
+ # hard-code this stuff for now
45
+ def cluster_issuer
46
+ context = self
47
+ config = @config
48
+
49
+ @cluster_issuer ||= ClusterIssuer.new do
50
+ metadata do
51
+ name context.send(:issuer_name)
52
+ namespace NAMESPACE
53
+ end
54
+
55
+ spec do
56
+ acme do
57
+ server 'https://acme-v02.api.letsencrypt.org/directory'
58
+ email config.email
59
+
60
+ private_key_secret_ref do
61
+ name context.send(:issuer_name)
62
+ end
63
+
64
+ solver do
65
+ http01 do
66
+ ingress do
67
+ ingress_class 'nginx'
68
+ end
69
+ end
70
+ end
71
+ end
72
+ end
73
+ end
74
+ end
75
+
76
+ def install_cert_manager
77
+ Kuby.logger.info('Installing cert-manager...')
78
+ kubernetes_cli.apply_uri(CERT_MANAGER_RESOURCE)
79
+ Kuby.logger.info('cert-manager installed successfully!')
80
+ rescue => e
81
+ Kuby.logger.fatal(e.message)
82
+ raise
83
+ end
84
+
85
+ def after_initialize
86
+ @config = Config.new
87
+ end
88
+
89
+ def spec
90
+ definition.kubernetes
91
+ end
92
+
93
+ def kubernetes_cli
94
+ spec.provider.kubernetes_cli
95
+ end
96
+ end
97
+ end
98
+ end
@@ -0,0 +1,17 @@
1
+ module Kuby
2
+ module CertManager
3
+ class PrivateKeySecretRef < ::KubeDSL::DSLObject
4
+ value_fields :name
5
+
6
+ def serialize
7
+ {}.tap do |result|
8
+ result[:name] = name
9
+ end
10
+ end
11
+
12
+ def kind_sym
13
+ :private_key_secret_ref
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,17 @@
1
+ module Kuby
2
+ module CertManager
3
+ class Solver < ::KubeDSL::DSLObject
4
+ object_field(:http01) { Http01Solver.new }
5
+
6
+ def serialize
7
+ {}.tap do |result|
8
+ result[:http01] = http01.serialize
9
+ end
10
+ end
11
+
12
+ def kind_sym
13
+ :http01
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,5 @@
1
+ module Kuby
2
+ module CertManager
3
+ VERSION = '0.1.0'
4
+ end
5
+ end
metadata ADDED
@@ -0,0 +1,85 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: kuby-cert-manager
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Cameron Dutro
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2020-06-04 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: helm-cli
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.1'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.1'
27
+ - !ruby/object:Gem::Dependency
28
+ name: kube-dsl
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.1'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.1'
41
+ description: Kuby plugin for automatically generating TLS certificates.
42
+ email:
43
+ - camertron@gmail.com
44
+ executables: []
45
+ extensions: []
46
+ extra_rdoc_files: []
47
+ files:
48
+ - CHANGELOG.md
49
+ - Gemfile
50
+ - LICENSE
51
+ - Rakefile
52
+ - kuby-cert-manager.gemspec
53
+ - lib/kuby/cert-manager.rb
54
+ - lib/kuby/cert-manager/acme_strategy.rb
55
+ - lib/kuby/cert-manager/cluster_issuer.rb
56
+ - lib/kuby/cert-manager/cluster_issuer_spec.rb
57
+ - lib/kuby/cert-manager/http01_solver.rb
58
+ - lib/kuby/cert-manager/http01_solver_ingress.rb
59
+ - lib/kuby/cert-manager/plugin.rb
60
+ - lib/kuby/cert-manager/private_key_secret_ref.rb
61
+ - lib/kuby/cert-manager/solver.rb
62
+ - lib/kuby/cert-manager/version.rb
63
+ homepage: http://github.com/camertron/kuby-cert-manager
64
+ licenses: []
65
+ metadata: {}
66
+ post_install_message:
67
+ rdoc_options: []
68
+ require_paths:
69
+ - lib
70
+ required_ruby_version: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: '0'
75
+ required_rubygems_version: !ruby/object:Gem::Requirement
76
+ requirements:
77
+ - - ">="
78
+ - !ruby/object:Gem::Version
79
+ version: '0'
80
+ requirements: []
81
+ rubygems_version: 3.0.6
82
+ signing_key:
83
+ specification_version: 4
84
+ summary: Kuby plugin for automatically generating TLS certificates.
85
+ test_files: []