Merge pull request #145 from dilallkx/kd_sp41_dev_le

# See the License for the specific language governing permissions and

# limitations under the License.

version: 1.5.4

version: 1.5.5

repo:

  name: AdvantEDGE

      # user supplied sandbox swagger UI located @ .meep/user/sandbox-swagger

      swagger: false

    # platform ingress configuration

    ingress:

      # host name

      host: my-advantedge.com

      # bind to host ports (true) or node ports (false)

      host-ports: true

      # http port number

      http-port: 80

      # https config

      https-port: 443

      # certificate authority (none|self-signed|lets-encrypt) default: none

      ca: self-signed

      # lets-encrypt production server (true) or staging server (false)

      le-server-prod: false

  #------------------------------

  #  Core Subsystem

  #------------------------------

    # Go Applications

    go-apps:

      meep-ingress-certs:

        # enable meepctl build

        build: false

        # location of deployment chart

        chart: charts/meep-ingress-certs

        # user supplied value file located @ .meep/user/values (use below file name)

        chart-user-values: meep-ingress-certs.yaml

        # enable meepctl dockerize

        dockerize: false

        # enable meepctl deploy/delete

        deploy: true

        # supports linting

        lint: false

      meep-mon-engine:

        # location of source code

        src: go-apps/meep-mon-engine

        api: go-apps/meep-mon-engine/api/swagger.yaml

        # list of dependencies pods to monitor

        dependency-pods:

          # - meep-cert-manager

          - meep-couchdb

          - meep-docker-registry

          - meep-grafana

  #  Dependencies

  #------------------------------

  dep:

    meep-cert-manager:

      # enable meepctl build -> deps are never built

      build: false

      # enable meepctl dockerize -> deps are never dockerized

      dockerize: false

      # enable meepctl deploy/delete

      deploy: false

      # location of deployment chart

      chart: charts/cert-manager

      # user supplied value file located @ .meep/user/values (use below file name)

      chart-user-values: meep-cert-manager.yaml

    meep-couchdb:

      # enable meepctl build -> deps are never built

      build: false

        src: go-packages/meep-data-model

        # supports linting

        lint: true

      meep-gis-asset-mgr:

        # location of source code

        src: go-packages/meep-gis-asset-mgr

        # supports linting

        lint: true

      meep-gis-cache:

        # location of source code

        src: go-packages/meep-gis-cache

        # supports linting

        lint: true

      meep-http-logger:

        # location of source code

        src: go-packages/meep-http-logger

        src: go-packages/meep-logger

        # supports linting

        lint: true

      meep-metric-store:

        # location of source code

        src: go-packages/meep-metric-store

        # supports linting

        lint: true

      meep-metrics-engine-notification-client:

        # location of source code

        src: go-packages/meep-metrics-engine-notification-client

        lint: false

        # location of API specification

        api: go-packages/meep-metrics-engine-notification-client/api/swagger.yaml

      meep-metric-store:

        # location of source code

        src: go-packages/meep-metric-store

        # supports linting

        lint: true

      meep-mg-app-client:

        # location of source code

        src: go-packages/meep-mg-app-client

        src: go-packages/meep-net-char-mgr

        # supports linting

        lint: true

      meep-postgis:

        # location of source code

        src: go-packages/meep-postgis

        # supports linting

        lint: true

      meep-redis:

        # location of source code

        src: go-packages/meep-redis

        lint: false

        # location of API specification

        api: go-packages/meep-rnis-notification-client/api/swagger.yaml

      meep-wais-client:

        # location of source code

        src: go-packages/meep-wais-client

        # supports linting

        lint: false

      meep-wais-notification-client:

        # location of source code

        src: go-packages/meep-wais-notification-client

        # supports linting

        lint: false

        # location of API specification

        api: go-packages/meep-wais-notification-client/api/swagger.yaml

      meep-sandbox-ctrl-client:

        # location of source code

        src: go-packages/meep-sandbox-ctrl-client

        src: go-packages/meep-sessions

        # supports linting

        lint: true

      meep-users:

        # location of source code

        src: go-packages/meep-users

        # supports linting

        lint: true

      meep-wais-client:

        # location of source code

        src: go-packages/meep-wais-client

        # supports linting

        lint: false

      meep-wais-notification-client:

        # location of source code

        src: go-packages/meep-wais-notification-client

        # supports linting

        lint: false

        # location of API specification

        api: go-packages/meep-wais-notification-client/api/swagger.yaml

      meep-watchdog:

        # location of source code

        src: go-packages/meep-watchdog

apiVersion: v1

appVersion: v1.0.3

description: A Helm chart for cert-manager

home: https://github.com/jetstack/cert-manager

icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png

keywords:

- cert-manager

- kube-lego

- letsencrypt

- tls

maintainers:

- email: james@jetstack.io

  name: munnerz

name: cert-manager

sources:

- https://github.com/jetstack/cert-manager

version: v1.0.3

# cert-manager

cert-manager is a Kubernetes addon to automate the management and issuance of

TLS certificates from various issuing sources.

It will ensure certificates are valid and up to date periodically, and attempt

to renew certificates at an appropriate time before expiry.

## Prerequisites

- Kubernetes 1.11+

## Installing the Chart

Full installation instructions, including details on how to configure extra

functionality in cert-manager can be found in the [installation docs](https://cert-manager.io/docs/installation/kubernetes/).

Before installing the chart, you must first install the cert-manager CustomResourceDefinition resources.

This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.

```bash

# Kubernetes 1.15+

$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.crds.yaml

# Kubernetes <1.15

$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager-legacy.crds.yaml

```

> **Note**: If you're using a Kubernetes version below `v1.15` you will need to install the legacy version of the custom resource definitions.

> This version does not have API version conversion enabled and only supports `cert-manager.io/v1` API resources.

To install the chart with the release name `my-release`:

```console

## Add the Jetstack Helm repository

$ helm repo add jetstack https://charts.jetstack.io

## Install the cert-manager helm chart

$ helm install --name my-release --namespace cert-manager jetstack/cert-manager

```

In order to begin issuing certificates, you will need to set up a ClusterIssuer

or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them

can be found in [our documentation](https://cert-manager.io/docs/configuration/).

For information on how to configure cert-manager to automatically provision

Certificates for Ingress resources, take a look at the

[Securing Ingresses documentation](https://cert-manager.io/docs/usage/ingress/).

> **Tip**: List all releases using `helm list`

## Upgrading the Chart

Special considerations may be required when upgrading the Helm chart, and these

are documented in our full [upgrading guide](https://cert-manager.io/docs/installation/upgrading/).

**Please check here before performing upgrades!**

## Uninstalling the Chart

To uninstall/delete the `my-release` deployment:

```console

$ helm delete my-release

```

The command removes all the Kubernetes components associated with the chart and deletes the release.

If you want to completely uninstall cert-manager from your cluster, you will also need to

delete the previously installed CustomResourceDefinition resources:

```console

# Kubernetes 1.15+

$ kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.crds.yaml

# Kubernetes <1.15

$ kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager-legacy.crds.yaml

```

## Configuration

The following table lists the configurable parameters of the cert-manager chart and their default values.

| Parameter | Description | Default |

| --------- | ----------- | ------- |

| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` |

| `global.rbac.create` | If `true`, create and use RBAC resources (includes sub-charts) | `true` |

| `global.priorityClassName`| Priority class name for cert-manager and webhook pods | `""` |

| `global.podSecurityPolicy.enabled` | If `true`, create and use PodSecurityPolicy (includes sub-charts) | `false` |

| `global.podSecurityPolicy.useAppArmor` | If `true`, use Apparmor seccomp profile in PSP | `true` |

| `global.leaderElection.namespace` | Override the namespace used to store the ConfigMap for leader election | `kube-system` |

| `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` |

| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` |

| `image.tag` | Image tag | `v1.0.3` |

| `image.pullPolicy` | Image pull policy | `IfNotPresent` |

| `replicaCount`  | Number of cert-manager replicas  | `1` |

| `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod |

| `featureGates` | Comma-separated list of feature gates to enable on the controller pod | `` |

| `extraArgs` | Optional flags for cert-manager | `[]` |

| `extraEnv` | Optional environment variables for cert-manager | `[]` |

| `serviceAccount.create` | If `true`, create a new service account | `true` |

| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template |  |

| `serviceAccount.annotations` | Annotations to add to the service account |  |

| `volumes` | Optional volumes for cert-manager | `[]` |

| `volumeMounts` | Optional volume mounts for cert-manager | `[]` |

| `resources` | CPU/memory resource requests/limits | `{}` |

| `securityContext` | Optional security context. The yaml block should adhere to the [SecurityContext spec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#securitycontext-v1-core) | `{}` |

| `securityContext.enabled` | Deprecated (use `securityContext`) - Enable security context | `false` |

| `containerSecurityContext` | Security context to be set on the controller component container | `{}` |

| `nodeSelector` | Node labels for pod assignment | `{}` |

| `affinity` | Node affinity for pod assignment | `{}` |

| `tolerations` | Node tolerations for pod assignment | `[]` |

| `ingressShim.defaultIssuerName` | Optional default issuer to use for ingress resources |  |

| `ingressShim.defaultIssuerKind` | Optional default issuer kind to use for ingress resources |  |

| `ingressShim.defaultIssuerGroup` | Optional default issuer group to use for ingress resources |  |

| `prometheus.enabled` | Enable Prometheus monitoring | `true` |

| `prometheus.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor monitoring | `false` |

| `prometheus.servicemonitor.namespace` | Define namespace where to deploy the ServiceMonitor resource | (namespace where you are deploying) |

| `prometheus.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default` |

| `prometheus.servicemonitor.targetPort` | Prometheus scrape port | `9402` |

| `prometheus.servicemonitor.path` | Prometheus scrape path | `/metrics` |

| `prometheus.servicemonitor.interval` | Prometheus scrape interval | `60s` |

| `prometheus.servicemonitor.labels` | Add custom labels to ServiceMonitor | |

| `prometheus.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` |

| `podAnnotations` | Annotations to add to the cert-manager pod | `{}` |

| `deploymentAnnotations` | Annotations to add to the cert-manager deployment | `{}` |

| `podDnsPolicy` | Optional cert-manager pod [DNS policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy) |  |

| `podDnsConfig` | Optional cert-manager pod [DNS configurations](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-config) |  |

| `podLabels` | Labels to add to the cert-manager pod | `{}` |

| `http_proxy` | Value of the `HTTP_PROXY` environment variable in the cert-manager pod | |

| `https_proxy` | Value of the `HTTPS_PROXY` environment variable in the cert-manager pod | |

| `no_proxy` | Value of the `NO_PROXY` environment variable in the cert-manager pod | |

| `webhook.replicaCount` | Number of cert-manager webhook replicas | `1` |

| `webhook.podAnnotations` | Annotations to add to the webhook pods | `{}` |

| `webhook.deploymentAnnotations` | Annotations to add to the webhook deployment | `{}` |

| `webhook.mutatingWebhookConfigurationAnnotations` | Annotations to add to the mutating webhook configuration | `{}` |

| `webhook.validatingWebhookConfigurationAnnotations` | Annotations to add to the validating webhook configuration | `{}` |

| `webhook.extraArgs` | Optional flags for cert-manager webhook component | `[]` |

| `webhook.serviceAccount.create` | If `true`, create a new service account for the webhook component | `true` |

| `webhook.serviceAccount.name` | Service account for the webhook component to be used. If not set and `webhook.serviceAccount.create` is `true`, a name is generated using the fullname template |  |

| `webhook.serviceAccount.annotations` | Annotations to add to the service account for the webhook component |  |

| `webhook.resources` | CPU/memory resource requests/limits for the webhook pods | `{}` |

| `webhook.nodeSelector` | Node labels for webhook pod assignment | `{}` |

| `webhook.affinity` | Node affinity for webhook pod assignment | `{}` |

| `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` |

| `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` |

| `webhook.image.tag` | Webhook image tag | `v1.0.3` |

| `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` |

| `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` |

| `webhook.securityContext` | Security context for webhook pod assignment | `{}` |

| `webhook.containerSecurityContext` | Security context to be set on the webhook component container | `{}` |

| `webhook.hostNetwork` | If `true`, run the Webhook on the host network. | `false` |

| `webhook.livenessProbe.failureThreshold` | The livneness probe failure threshold | `3` |

| `webhook.livenessProbe.initialDelaySeconds` | The livneness probe initial delay (in seconds) | `60` |

| `webhook.livenessProbe.periodSeconds` | The livneness probe period (in seconds) | `10` |

| `webhook.livenessProbe.successThreshold` | The livneness probe success threshold | `1` |

| `webhook.livenessProbe.timeoutSeconds` | The livneness probe timeout (in seconds) | `1` |

| `webhook.readinessProbe.failureThreshold` | The readiness probe failure threshold | `3` |

| `webhook.readinessProbe.initialDelaySeconds` | The readiness probe initial delay (in seconds) | `5` |

| `webhook.readinessProbe.periodSeconds` | The readiness probe period (in seconds) | `5` |

| `webhook.readinessProbe.successThreshold` | The readiness probe success threshold | `1` |

| `webhook.readinessProbe.timeoutSeconds` | The readiness probe timeout (in seconds) | `1` |

| `cainjector.enabled` | Toggles whether the cainjector component should be installed (required for the webhook component to work) | `true` |

| `cainjector.replicaCount` | Number of cert-manager cainjector replicas | `1` |

| `cainjector.podAnnotations` | Annotations to add to the cainjector pods | `{}` |

| `cainjector.deploymentAnnotations` | Annotations to add to the cainjector deployment | `{}` |

| `cainjector.extraArgs` | Optional flags for cert-manager cainjector component | `[]` |

| `cainjector.serviceAccount.create` | If `true`, create a new service account for the cainjector component | `true` |

| `cainjector.serviceAccount.name` | Service account for the cainjector component to be used. If not set and `cainjector.serviceAccount.create` is `true`, a name is generated using the fullname template |  |

| `cainjector.serviceAccount.annotations` | Annotations to add to the service account for the cainjector component |  |

| `cainjector.resources` | CPU/memory resource requests/limits for the cainjector pods | `{}` |

| `cainjector.nodeSelector` | Node labels for cainjector pod assignment | `{}` |

| `cainjector.affinity` | Node affinity for cainjector pod assignment | `{}` |

| `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` |

| `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` |

| `cainjector.image.tag` | cainjector image tag | `v1.0.3` |

| `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` |

| `cainjector.securityContext` | Security context for cainjector pod assignment | `{}` |

| `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | `{}` |

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

```console

$ helm install --name my-release -f values.yaml .

```

> **Tip**: You can use the default [values.yaml](https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml)

## Contributing

This chart is maintained at [github.com/jetstack/cert-manager](https://github.com/jetstack/cert-manager/tree/master/deploy/charts/cert-manager).

cert-manager has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer

or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them

can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision

Certificates for Ingress resources, take a look at the `ingress-shim`

documentation:

https://cert-manager.io/docs/usage/ingress/

{{/* vim: set filetype=mustache: */}}

{{/*

Expand the name of the chart.

*/}}

{{- define "cert-manager.name" -}}

{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}

{{- end -}}

{{/*

Create a default fully qualified app name.

We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

*/}}

{{- define "cert-manager.fullname" -}}

{{- if .Values.fullnameOverride -}}

{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}

{{- else -}}

{{- $name := default .Chart.Name .Values.nameOverride -}}

{{- if contains $name .Release.Name -}}

{{- .Release.Name | trunc 63 | trimSuffix "-" -}}

{{- else -}}

{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}

{{- end -}}

{{- end -}}

{{- end -}}

{{/*

Create chart name and version as used by the chart label.

*/}}

{{- define "cert-manager.chart" -}}

{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}

{{- end -}}

{{/*

Create the name of the service account to use

*/}}

{{- define "cert-manager.serviceAccountName" -}}

{{- if .Values.serviceAccount.create -}}

    {{ default (include "cert-manager.fullname" .) .Values.serviceAccount.name }}

{{- else -}}

    {{ default "default" .Values.serviceAccount.name }}

{{- end -}}

{{- end -}}

{{/*

Webhook templates

*/}}

{{/*

Expand the name of the chart.

Manually fix the 'app' and 'name' labels to 'webhook' to maintain

compatibility with the v0.9 deployment selector.

*/}}

{{- define "webhook.name" -}}

{{- printf "webhook" -}}

{{- end -}}

{{/*

Create a default fully qualified app name.

We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

If release name contains chart name it will be used as a full name.

*/}}

{{- define "webhook.fullname" -}}

{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 55 | trimSuffix "-" -}}

{{- printf "%s-webhook" $trimmedName | trunc 63 | trimSuffix "-" -}}

{{- end -}}

{{- define "webhook.caRef" -}}

{{ .Release.Namespace}}/{{ template "webhook.fullname" . }}-ca

{{- end -}}

{{/*

Create chart name and version as used by the chart label.

*/}}

{{- define "webhook.chart" -}}

{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}

{{- end -}}

{{/*

Create the name of the service account to use

*/}}

{{- define "webhook.serviceAccountName" -}}

{{- if .Values.webhook.serviceAccount.create -}}

    {{ default (include "webhook.fullname" .) .Values.webhook.serviceAccount.name }}

{{- else -}}

    {{ default "default" .Values.webhook.serviceAccount.name }}

{{- end -}}

{{- end -}}

{{/*

cainjector templates

*/}}

{{/*

Expand the name of the chart.

Manually fix the 'app' and 'name' labels to 'cainjector' to maintain

compatibility with the v0.9 deployment selector.

*/}}

{{- define "cainjector.name" -}}

{{- printf "cainjector" -}}

{{- end -}}

{{/*

Create a default fully qualified app name.

We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

If release name contains chart name it will be used as a full name.

*/}}

{{- define "cainjector.fullname" -}}

{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 52 | trimSuffix "-" -}}

{{- printf "%s-cainjector" $trimmedName | trunc 63 | trimSuffix "-" -}}

{{- end -}}

{{/*

Create chart name and version as used by the chart label.

*/}}

{{- define "cainjector.chart" -}}

{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}

{{- end -}}

{{/*

Create the name of the service account to use

*/}}

{{- define "cainjector.serviceAccountName" -}}

{{- if .Values.cainjector.serviceAccount.create -}}

    {{ default (include "cainjector.fullname" .) .Values.cainjector.serviceAccount.name }}

{{- else -}}

    {{ default "default" .Values.cainjector.serviceAccount.name }}

{{- end -}}

{{- end -}}