Feat: Cert Manager Self Signed (#99)

- Add SelfSigned Cluster Issuer - Add Certificate components
stakpak · Jul 3, 2024 · 6b60d02 · 6b60d02
1 parent 41ed08c
commit 6b60d02
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 0 deletions.
diff --git a/k8s/services/certm/components/certificates.cue b/k8s/services/certm/components/certificates.cue
@@ -0,0 +1,41 @@
+package components
+
+import (
+	"stakpak.dev/devx/v1/traits"
+	"stakpak.dev/devx/k8s/services/certm/resources"
+)
+
+#SelfSignedCertifcate: {
+	traits.#KubernetesResources
+	k8s: _
+	certIssuer: {
+		name: string
+		kind: "Issuer" | *"ClusterIssuer"
+	}
+	certificate: {
+		commonName: string
+		secretName: string
+	}
+	k8sResources: {
+		"cert-self-certificate-\(certificate.commonName)": resources.#Certificate & {
+			metadata: {
+				name:      certificate.commonName
+				namespace: k8s.namespace
+			}
+			spec: {
+                isCA: true
+				commonName: certificate.commonName
+				secretName: certificate.secretName
+				issuerRef: {
+					name:  certIssuer.name
+					kind:  certIssuer.kind
+					group: "cert-manager.io"
+				}
+				privateKey: {
+					algorithm: "ECDSA"
+					size:      256
+				}
+			}
+		}
+	}
+}
diff --git a/k8s/services/certm/components/issuers.cue b/k8s/services/certm/components/issuers.cue
@@ -68,3 +68,17 @@ import (
 		}
 	}
 }
+
+#SelfSignedClusterIssuer: {
+	traits.#KubernetesResources
+	certIssuer: {
+		name: string | *"selfsigned-issuer"
+	}
+	k8sResources: {
+		"cert-self-issuer-\(certIssuer.name)": resources.#SelfSignedClusterIssuer & {
+			metadata: {
+				name: certIssuer.name
+			}
+		}
+	}
+}
diff --git a/k8s/services/certm/resources/resources.cue b/k8s/services/certm/resources/resources.cue
@@ -33,6 +33,14 @@ import (
 	spec: acme: preferredChain: "ISRG Root X1"
 }
 
+#SelfSignedClusterIssuer: {
+	k8s.#KubernetesResource
+	v1.#ClusterIssuer
+	apiVersion: "cert-manager.io/v1"
+	kind:       "ClusterIssuer"
+	spec: selfSigned: {}
+}
+
 // #ClusterIssuer: v1.#Trait & {
 // 	$metadata: traits: ClusterIssuer: null
 // 	cert: {