From be42e2046d92e070ecea845642516eff9e7111be Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 17:06:03 +0000 Subject: [PATCH 01/11] feat(charts): update helm release loki to v6.7.0 (#2852) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 1363efe5f..af279d774 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.12.11 repository: https://helm.linkerd.io/stable - name: loki - version: 6.6.6 + version: 6.7.0 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.16.4 From b1a54e9fb4ee9b4cf31d84320779477bdbbbf20f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 00:10:56 +0000 Subject: [PATCH 02/11] fix(charts): update helm release loki to v6.7.1 (#2853) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index af279d774..71cb32c25 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.12.11 repository: https://helm.linkerd.io/stable - name: loki - version: 6.7.0 + version: 6.7.1 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.16.4 From cc49f0fd762e8ad021180c47127f0c6648110629 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 09:05:50 +0200 Subject: [PATCH 03/11] feat(charts): update helm release traefik to v29 (#2841) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 71cb32c25..a70f4ae81 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -105,7 +105,7 @@ dependencies: version: v3.28.0 repository: https://docs.projectcalico.org/charts - name: traefik - version: 28.3.0 + version: 29.0.1 repository: https://helm.traefik.io/traefik - name: memcached version: 7.4.8 From 01632aaa176b6c10260da56b761a7295a34057df Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 09:06:00 +0200 Subject: [PATCH 04/11] feat(charts): update helm release kube-prometheus-stack to v61 (#2831) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index a70f4ae81..38afc34d9 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -57,7 +57,7 @@ dependencies: version: 2.39.3 repository: https://charts.konghq.com - name: kube-prometheus-stack - version: 60.5.0 + version: 61.3.1 repository: https://prometheus-community.github.io/helm-charts - name: linkerd2-cni version: 30.12.2 From 3ae3e1768531671cea6d5a7af475d49931a615ce Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 09:06:28 +0200 Subject: [PATCH 05/11] feat(charts): update helm release velero to v7 (#2823) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 38afc34d9..9bea99f6a 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -111,7 +111,7 @@ dependencies: version: 7.4.8 repository: https://charts.bitnami.com/bitnami - name: velero - version: 6.7.0 + version: 7.1.1 repository: https://vmware-tanzu.github.io/helm-charts - name: victoria-metrics-k8s-stack version: 0.24.2 From 77f669f378d8659097be13a7f234374ddba761ed Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 07:09:53 +0000 Subject: [PATCH 06/11] fix(charts): update helm release memcached to v7.4.9 (#2854) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 9bea99f6a..6bf269934 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -108,7 +108,7 @@ dependencies: version: 29.0.1 repository: https://helm.traefik.io/traefik - name: memcached - version: 7.4.8 + version: 7.4.9 repository: https://charts.bitnami.com/bitnami - name: velero version: 7.1.1 From 86ea520bef6a7e887dba21acab7bb22a0c1bbf75 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 10:08:56 +0200 Subject: [PATCH 07/11] feat(tf): update terraform terraform-google-modules/kubernetes-engine/google to ~> 31.1.0 (#2832) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- modules/google/cert-manager.tf | 2 +- modules/google/external-dns.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf index a4513c103..18c2d7754 100644 --- a/modules/google/cert-manager.tf +++ b/modules/google/cert-manager.tf @@ -57,7 +57,7 @@ VALUES module "cert_manager_workload_identity" { count = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0 source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 31.0.0" + version = "~> 31.1.0" name = local.cert-manager.service_account_name namespace = local.cert-manager.namespace project_id = local.cert-manager.project_id diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf index 29cd6bf72..abb89db55 100644 --- a/modules/google/external-dns.tf +++ b/modules/google/external-dns.tf @@ -55,7 +55,7 @@ locals { # to be allowed to use the workload identity on GKE. module "external_dns_workload_identity" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 31.0.0" + version = "~> 31.1.0" for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources } From 2ca95a4557c893f290a41bdee81735b84a53666c Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Wed, 17 Jul 2024 10:18:28 +0200 Subject: [PATCH 08/11] chore: fix docs and update pre-commit Signed-off-by: Kevin Lefevre --- .pre-commit-config.yaml | 6 +++--- modules/google/README.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 18a0d67d5..ffc78848a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.88.0 + rev: v1.92.0 hooks: - id: terraform_fmt - id: terraform_validate @@ -9,11 +9,11 @@ repos: - --tf-init-args=-upgrade - id: terraform_docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer - repo: https://github.com/renovatebot/pre-commit-hooks - rev: 37.213.0 + rev: 37.432.0 hooks: - id: renovate-config-validator diff --git a/modules/google/README.md b/modules/google/README.md index 7d15c79e8..cd6676558 100644 --- a/modules/google/README.md +++ b/modules/google/README.md @@ -48,8 +48,8 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP | Name | Source | Version | |------|--------|---------| -| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0.0 | -| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0.0 | +| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.1.0 | +| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.1.0 | | [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 | | [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 | | [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 | From da5efdaefe257426a16ae1325ca094c8ff1ab704 Mon Sep 17 00:00:00 2001 From: Gwenall Date: Wed, 17 Jul 2024 10:24:31 +0200 Subject: [PATCH 09/11] feat(chart): add helm chart stakater/reloader (#2815) * feat(chart): add helm release stakater/reloader * moving reloader to root of repo and link it to sub-modules * add missing variable Signed-off-by: Kevin Lefevre * chore: update docs Signed-off-by: Kevin Lefevre --------- Signed-off-by: Kevin Lefevre Co-authored-by: Kevin Lefevre Co-authored-by: Kevin Lefevre --- README.md | 5 ++ helm-dependencies.yaml | 3 + modules/aws/README.md | 5 ++ modules/aws/reloader.tf | 1 + modules/azure/README.md | 5 ++ modules/azure/reloader.tf | 1 + modules/google/README.md | 5 ++ modules/google/reloader.tf | 1 + modules/scaleway/README.md | 5 ++ modules/scaleway/reloader.tf | 1 + reloader.tf | 106 +++++++++++++++++++++++++++++++++++ variables.tf | 6 ++ 12 files changed, 144 insertions(+) create mode 120000 modules/aws/reloader.tf create mode 120000 modules/azure/reloader.tf create mode 120000 modules/google/reloader.tf create mode 120000 modules/scaleway/reloader.tf create mode 100644 reloader.tf diff --git a/README.md b/README.md index 6f1806401..19c4e6048 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,7 @@ No modules. | [helm_release.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | @@ -167,6 +168,7 @@ No modules. | [kubernetes_namespace.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.promtail](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.reloader](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | @@ -222,6 +224,8 @@ No modules. | [kubernetes_network_policy.promtail_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.secrets-store-csi-driver_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | @@ -300,6 +304,7 @@ No modules. | [prometheus-adapter](#input\_prometheus-adapter) | Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values | `any` | `{}` | no | | [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no | | [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no | +| [reloader](#input\_reloader) | Customize reloader chart, see `reloader.tf` for supported values | `any` | `{}` | no | | [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no | | [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no | | [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no | diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 6bf269934..c94c3171c 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -119,3 +119,6 @@ dependencies: - name: yet-another-cloudwatch-exporter version: 0.14.0 repository: https://nerdswords.github.io/yet-another-cloudwatch-exporter + - name: reloader + version: 1.0.108 + repository: https://stakater.github.io/stakater-charts diff --git a/modules/aws/README.md b/modules/aws/README.md index 4eac086e2..33d53b076 100644 --- a/modules/aws/README.md +++ b/modules/aws/README.md @@ -131,6 +131,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing- | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.prometheus-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.thanos](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | @@ -181,6 +182,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing- | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.prometheus-cloudwatch-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.promtail](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.reloader](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | @@ -262,6 +264,8 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing- | [kubernetes_network_policy.promtail_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.secrets-store-csi-driver_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | @@ -392,6 +396,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing- | [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no | | [prometheus-cloudwatch-exporter](#input\_prometheus-cloudwatch-exporter) | Customize prometheus-cloudwatch-exporter chart, see `prometheus-cloudwatch-exporter.tf` for supported values | `any` | `{}` | no | | [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no | +| [reloader](#input\_reloader) | Customize reloader chart, see `reloader.tf` for supported values | `any` | `{}` | no | | [s3-logging](#input\_s3-logging) | Logging configuration for bucket created by this module | `any` | `{}` | no | | [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no | | [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no | diff --git a/modules/aws/reloader.tf b/modules/aws/reloader.tf new file mode 120000 index 000000000..edfef62c0 --- /dev/null +++ b/modules/aws/reloader.tf @@ -0,0 +1 @@ +../../reloader.tf \ No newline at end of file diff --git a/modules/azure/README.md b/modules/azure/README.md index cb57180d0..8f7435c7d 100644 --- a/modules/azure/README.md +++ b/modules/azure/README.md @@ -60,6 +60,7 @@ No modules. | [helm_release.node-problem-detector](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.tigera-operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | @@ -90,6 +91,7 @@ No modules. | [kubernetes_namespace.node-problem-detector](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.reloader](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.tigera-operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | @@ -133,6 +135,8 @@ No modules. | [kubernetes_network_policy.prometheus-adapter_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.prometheus-blackbox-exporter_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.prometheus-blackbox-exporter_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.secrets-store-csi-driver_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | @@ -210,6 +214,7 @@ No modules. | [prometheus-adapter](#input\_prometheus-adapter) | Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values | `any` | `{}` | no | | [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no | | [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no | +| [reloader](#input\_reloader) | Customize reloader chart, see `reloader.tf` for supported values | `any` | `{}` | no | | [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no | | [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no | | [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no | diff --git a/modules/azure/reloader.tf b/modules/azure/reloader.tf new file mode 120000 index 000000000..edfef62c0 --- /dev/null +++ b/modules/azure/reloader.tf @@ -0,0 +1 @@ +../../reloader.tf \ No newline at end of file diff --git a/modules/google/README.md b/modules/google/README.md index cd6676558..51b9d8f72 100644 --- a/modules/google/README.md +++ b/modules/google/README.md @@ -103,6 +103,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP | [helm_release.node-problem-detector](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.thanos](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | @@ -133,6 +134,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP | [kubernetes_namespace.node-problem-detector](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.promtail](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.reloader](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.secrets-store-csi-driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | @@ -181,6 +183,8 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP | [kubernetes_network_policy.promtail_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.secrets-store-csi-driver_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | @@ -264,6 +268,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP | [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no | | [prometheus-cloudwatch-exporter](#input\_prometheus-cloudwatch-exporter) | Customize prometheus-cloudwatch-exporter chart, see `prometheus-cloudwatch-exporter.tf` for supported values | `any` | `{}` | no | | [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no | +| [reloader](#input\_reloader) | Customize reloader chart, see `reloader.tf` for supported values | `any` | `{}` | no | | [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no | | [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no | | [tags](#input\_tags) | Map of tags for Google resources | `map(any)` | `{}` | no | diff --git a/modules/google/reloader.tf b/modules/google/reloader.tf new file mode 120000 index 000000000..edfef62c0 --- /dev/null +++ b/modules/google/reloader.tf @@ -0,0 +1 @@ +../../reloader.tf \ No newline at end of file diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md index d5b8d66dc..c20eb6b48 100644 --- a/modules/scaleway/README.md +++ b/modules/scaleway/README.md @@ -74,6 +74,7 @@ No modules. | [helm_release.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.promtail](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.scaleway-webhook-dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.sealed-secrets](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.thanos](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | @@ -106,6 +107,7 @@ No modules. | [kubernetes_namespace.prometheus-adapter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.prometheus-blackbox-exporter](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.promtail](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.reloader](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | @@ -158,6 +160,8 @@ No modules. | [kubernetes_network_policy.promtail_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.promtail_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.reloader_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.sealed-secrets_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.traefik_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | @@ -242,6 +246,7 @@ No modules. | [prometheus-adapter](#input\_prometheus-adapter) | Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values | `any` | `{}` | no | | [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no | | [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no | +| [reloader](#input\_reloader) | Customize reloader chart, see `reloader.tf` for supported values | `any` | `{}` | no | | [scaleway](#input\_scaleway) | Scaleway provider customization | `any` | `{}` | no | | [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no | | [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no | diff --git a/modules/scaleway/reloader.tf b/modules/scaleway/reloader.tf new file mode 120000 index 000000000..edfef62c0 --- /dev/null +++ b/modules/scaleway/reloader.tf @@ -0,0 +1 @@ +../../reloader.tf \ No newline at end of file diff --git a/reloader.tf b/reloader.tf new file mode 100644 index 000000000..6f59dc162 --- /dev/null +++ b/reloader.tf @@ -0,0 +1,106 @@ +locals { + + reloader = merge( + local.helm_defaults, + { + name = local.helm_dependencies[index(local.helm_dependencies.*.name, "reloader")].name + chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "reloader")].name + repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "reloader")].repository + chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "reloader")].version + namespace = "reloader" + service_account_name = "reloader" + enabled = false + default_network_policy = true + }, + var.reloader + ) + + values_reloader = <<-VALUES + VALUES +} + +resource "kubernetes_namespace" "reloader" { + count = local.reloader["enabled"] ? 1 : 0 + + metadata { + labels = { + name = local.reloader["namespace"] + } + + name = local.reloader["namespace"] + } +} + +resource "helm_release" "reloader" { + count = local.reloader["enabled"] ? 1 : 0 + repository = local.reloader["repository"] + name = local.reloader["name"] + chart = local.reloader["chart"] + version = local.reloader["chart_version"] + timeout = local.reloader["timeout"] + force_update = local.reloader["force_update"] + recreate_pods = local.reloader["recreate_pods"] + wait = local.reloader["wait"] + atomic = local.reloader["atomic"] + cleanup_on_fail = local.reloader["cleanup_on_fail"] + dependency_update = local.reloader["dependency_update"] + disable_crd_hooks = local.reloader["disable_crd_hooks"] + disable_webhooks = local.reloader["disable_webhooks"] + render_subchart_notes = local.reloader["render_subchart_notes"] + replace = local.reloader["replace"] + reset_values = local.reloader["reset_values"] + reuse_values = local.reloader["reuse_values"] + skip_crds = local.reloader["skip_crds"] + verify = local.reloader["verify"] + values = [ + local.values_reloader, + local.reloader["extra_values"] + ] + namespace = kubernetes_namespace.reloader.*.metadata.0.name[count.index] + + depends_on = [ + kubectl_manifest.prometheus-operator_crds + ] +} + + +resource "kubernetes_network_policy" "reloader_default_deny" { + count = local.reloader["enabled"] && local.reloader["default_network_policy"] ? 1 : 0 + + metadata { + name = "${kubernetes_namespace.reloader.*.metadata.0.name[count.index]}-default-deny" + namespace = kubernetes_namespace.reloader.*.metadata.0.name[count.index] + } + + spec { + pod_selector { + } + policy_types = ["Ingress"] + } +} + +resource "kubernetes_network_policy" "reloader_allow_namespace" { + count = local.reloader["enabled"] && local.reloader["default_network_policy"] ? 1 : 0 + + metadata { + name = "${kubernetes_namespace.reloader.*.metadata.0.name[count.index]}-allow-namespace" + namespace = kubernetes_namespace.reloader.*.metadata.0.name[count.index] + } + + spec { + pod_selector { + } + + ingress { + from { + namespace_selector { + match_labels = { + name = kubernetes_namespace.reloader.*.metadata.0.name[count.index] + } + } + } + } + + policy_types = ["Ingress"] + } +} diff --git a/variables.tf b/variables.tf index 780d64c81..01679a804 100644 --- a/variables.tf +++ b/variables.tf @@ -225,3 +225,9 @@ variable "ip-masq-agent" { type = any default = {} } + +variable "reloader" { + description = "Customize reloader chart, see `reloader.tf` for supported values" + type = any + default = {} +} From 40a3751909a478cc6077cc89d0b56d0d7c732b7c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 08:27:13 +0000 Subject: [PATCH 10/11] fix(charts): update helm release reloader to v1.0.116 (#2855) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index c94c3171c..5d4756d48 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -120,5 +120,5 @@ dependencies: version: 0.14.0 repository: https://nerdswords.github.io/yet-another-cloudwatch-exporter - name: reloader - version: 1.0.108 + version: 1.0.116 repository: https://stakater.github.io/stakater-charts From cebee5d3da70aa17dec45f8ba1dbd50b7c3e3065 Mon Sep 17 00:00:00 2001 From: Gwenall Date: Wed, 17 Jul 2024 12:26:30 +0200 Subject: [PATCH 11/11] feat: adding dns01 solver for cert manager (#2846) * setting dns01 solver in template Signed-off-by: gwen * additional cert-manager dns01 solvers on scaleway Signed-off-by: gwen * set cert-manager vars Signed-off-by: gwen * focus on scaleway changes Signed-off-by: gwen * change template quoting to single quotes Signed-off-by: gwen * KISS Signed-off-by: gwen * fix indentation Signed-off-by: gwen * remove unecessary parameter Signed-off-by: gwen * adding cert manager locals definitions for google provider option * adding cert-manager kube path document vars for google provider --------- Signed-off-by: gwen Co-authored-by: Kevin Lefevre --- modules/scaleway/cert-manager.tf | 56 ++++++++++++------- .../cert-manager-cluster-issuers.yaml.tpl | 39 +++++++++++++ 2 files changed, 76 insertions(+), 19 deletions(-) diff --git a/modules/scaleway/cert-manager.tf b/modules/scaleway/cert-manager.tf index 54337f83f..8d8adb914 100644 --- a/modules/scaleway/cert-manager.tf +++ b/modules/scaleway/cert-manager.tf @@ -3,20 +3,29 @@ locals { cert-manager = merge( local.helm_defaults, { - name = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name - chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name - repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].repository - chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].version - namespace = "cert-manager" - service_account_name = "cert-manager" - enabled = false - default_network_policy = true - acme_email = "contact@acme.com" - acme_http01_enabled = false - acme_http01_ingress_class = "nginx" - acme_dns01_enabled = false - allowed_cidrs = ["0.0.0.0/0"] - csi_driver = false + name = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name + chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name + repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].repository + chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].version + namespace = "cert-manager" + service_account_name = "cert-manager" + enabled = false + default_network_policy = true + acme_email = "contact@acme.com" + acme_http01_enabled = false + acme_http01_ingress_class = "nginx" + acme_dns01_enabled = false + acme_dns01_provider = "" + acme_dns01_hosted_zone_id = "" + acme_dns01_aws_secret = "" + acme_dns01_aws_access_key_id = "" + acme_dns01_aws_access_key_secret = "" + acme_dns01_region = "" + acme_dns01_google_project = "" + acme_dns01_google_secret = "" + acme_dns01_google_service_account_key = "" + allowed_cidrs = ["0.0.0.0/0"] + csi_driver = false }, var.cert-manager ) @@ -144,11 +153,20 @@ resource "kubernetes_secret" "cert-manager_scaleway_credentials" { data "kubectl_path_documents" "cert-manager_cluster_issuers" { pattern = "${path.module}/templates/cert-manager-cluster-issuers.yaml.tpl" vars = { - acme_email = local.cert-manager["acme_email"] - acme_http01_enabled = local.cert-manager["acme_http01_enabled"] - acme_http01_ingress_class = local.cert-manager["acme_http01_ingress_class"] - acme_dns01_enabled = local.cert-manager["acme_dns01_enabled"] - secret_name = local.cert-manager_scaleway_webhook_dns["secret_name"] + acme_email = local.cert-manager["acme_email"] + acme_http01_enabled = local.cert-manager["acme_http01_enabled"] + acme_http01_ingress_class = local.cert-manager["acme_http01_ingress_class"] + acme_dns01_enabled = local.cert-manager["acme_dns01_enabled"] + acme_dns01_provider = local.cert-manager["acme_dns01_provider"] + acme_dns01_hosted_zone_id = local.cert-manager["acme_dns01_hosted_zone_id"] + acme_dns01_aws_secret = local.cert-manager["acme_dns01_aws_secret"] + acme_dns01_aws_access_key_id = local.cert-manager["acme_dns01_aws_access_key_id"] + acme_dns01_aws_access_key_secret = local.cert-manager["acme_dns01_aws_access_key_secret"] + acme_dns01_region = local.cert-manager["acme_dns01_region"] + acme_dns01_google_project = local.cert-manager["acme_dns01_google_project"] + acme_dns01_google_secret = local.cert-manager["acme_dns01_google_secret"] + acme_dns01_google_service_account_key = local.cert-manager["acme_dns01_google_service_account_key"] + secret_name = local.cert-manager_scaleway_webhook_dns["secret_name"] } } diff --git a/modules/scaleway/templates/cert-manager-cluster-issuers.yaml.tpl b/modules/scaleway/templates/cert-manager-cluster-issuers.yaml.tpl index 57f9a7ec1..5b6ab5031 100644 --- a/modules/scaleway/templates/cert-manager-cluster-issuers.yaml.tpl +++ b/modules/scaleway/templates/cert-manager-cluster-issuers.yaml.tpl @@ -11,6 +11,20 @@ spec: name: letsencrypt-staging solvers: %{ if acme_dns01_enabled } + %{ if acme_dns01_provider == "route53" } + - dns01: + route53: + hostedZoneID: ${acme_dns01_hosted_zone_id} + %{ if acme_dns01_region != "" } + region: '${acme_dns01_region}' + %{ endif } + accessKeyIDSecretRef: + name: ${acme_dns01_aws_secret} + key: ${acme_dns01_aws_access_key_id} + secretAccessKeySecretRef: + name: ${acme_dns01_aws_secret} + key: ${acme_dns01_aws_access_key_secret} + %{ else } - dns01: webhook: groupName: acme.scaleway.com @@ -23,6 +37,7 @@ spec: key: SCW_SECRET_KEY name: '${secret_name}' %{ endif } + %{ endif } %{ if acme_http01_enabled } - http01: ingress: @@ -46,6 +61,28 @@ spec: name: letsencrypt solvers: %{ if acme_dns01_enabled } + %{ if acme_dns01_provider == "route53" } + - dns01: + route53: + hostedZoneID: ${acme_dns01_hosted_zone_id} + %{ if acme_dns01_region != "" } + region: '${acme_dns01_region}' + %{ endif } + accessKeyIDSecretRef: + name: ${acme_dns01_aws_secret} + key: ${acme_dns01_aws_access_key_id} + secretAccessKeySecretRef: + name: ${acme_dns01_aws_secret} + key: ${acme_dns01_aws_access_key_secret} + %{ else } + %{if acme_dns01_provider == "google" } + - dns01: + clouddns: + project: '${acme_dns01_google_project}' + serviceAccountSecretRef: + name: '${acme_dns01_google_secret}' + key: '${acme_dns01_google_service_account_key}' + %{ else } - dns01: webhook: groupName: acme.scaleway.com @@ -58,6 +95,8 @@ spec: key: SCW_SECRET_KEY name: '${secret_name}' %{ endif } + %{ endif } + %{ endif } %{ if acme_http01_enabled } - http01: ingress: