chore(libvirt): add ca and issuer
diff --git a/Earthfile b/Earthfile
index 197fc0d..7a4cb11 100644
--- a/Earthfile
+++ b/Earthfile
@@ -45,16 +45,16 @@
image:
FROM python:3.10-slim
- COPY +build.venv.runtime/venv /venv
- COPY +build.collections/ /usr/share/ansible
ENV ANSIBLE_PIPELINING=True
- ENV PATH=/venv/bin:$PATH
RUN \
apt-get update && \
apt-get install --no-install-recommends -y rsync openssh-client && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
CMD ["/bin/bash"]
+ COPY +build.venv.runtime/venv /venv
+ ENV PATH=/venv/bin:$PATH
+ COPY +build.collections/ /usr/share/ansible
ARG tag=latest
SAVE IMAGE --push ghcr.io/vexxhost/atmosphere:${tag}
diff --git a/charts/libvirt/templates/certificate-ca.yaml b/charts/libvirt/templates/certificate-ca.yaml
new file mode 100644
index 0000000..d2182db
--- /dev/null
+++ b/charts/libvirt/templates/certificate-ca.yaml
@@ -0,0 +1,58 @@
+{{/*
+Copyright (c) 2023 VEXXHOST, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if eq .Values.conf.libvirt.listen_tls "1" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ .Release.Name }}-api-ca
+ namespace: {{ .Release.Namespace }}
+spec:
+ commonName: {{ .Release.Name }}
+ duration: 87600h0m0s
+ isCA: true
+ issuerRef:
+ group: cert-manager.io
+ kind: ClusterIssuer
+ name: self-signed
+ privateKey:
+ algorithm: ECDSA
+ size: 256
+ renewBefore: 720h0m0s
+ secretName: {{ .Release.Name }}-api-ca
+{{- end -}}
+{{- if eq .Values.conf.qemu.vnc_tls "1" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ .Release.Name }}-vnc-ca
+ namespace: {{ .Release.Namespace }}
+spec:
+ commonName: {{ .Release.Name }}
+ duration: 87600h0m0s
+ isCA: true
+ issuerRef:
+ group: cert-manager.io
+ kind: ClusterIssuer
+ name: self-signed
+ privateKey:
+ algorithm: ECDSA
+ size: 256
+ renewBefore: 720h0m0s
+ secretName: {{ .Release.Name }}-vnc-ca
+{{- end -}}
diff --git a/charts/libvirt/templates/issuer.yaml b/charts/libvirt/templates/issuer.yaml
new file mode 100644
index 0000000..ac6cc3e
--- /dev/null
+++ b/charts/libvirt/templates/issuer.yaml
@@ -0,0 +1,38 @@
+{{/*
+Copyright (c) 2023 VEXXHOST, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if eq .Values.conf.libvirt.listen_tls "1" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Release.Name }}-api-ca
+ namespace: {{ .Release.Namespace }}
+spec:
+ ca:
+ secretName: {{ .Release.Name }}-api-ca
+{{- end -}}
+{{- if eq .Values.conf.qemu.vnc_tls "1" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Release.Name }}-vnc-ca
+ namespace: {{ .Release.Namespace }}
+spec:
+ ca:
+ secretName: {{ .Release.Name }}-vnc-ca
+{{- end -}}
diff --git a/charts/libvirt/templates/role-cert-manager.yaml b/charts/libvirt/templates/role-cert-manager.yaml
index 69370fc..d91a23b 100644
--- a/charts/libvirt/templates/role-cert-manager.yaml
+++ b/charts/libvirt/templates/role-cert-manager.yaml
@@ -1,4 +1,6 @@
{{/*
+Copyright (c) 2023 VEXXHOST, Inc.
+
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
@@ -38,6 +40,8 @@
- cert-manager.io
verbs:
- get
+ - list
+ - create
resources:
- certificates
{{- end -}}