MetroStar Onyx - cert-manager plugin for Nebari platform
Project description
Nebari Plugin Cert-Manager Chart
Overview
This plugin integrates cert-manager into the Nebari platform, allowing X.509 certificate management within Nebari. Utilizing Python, Terraform, Kubernetes, and Helm charts, the plugin provides a configurable deployment.
Design and Architecture
The plugin follows a modular design, leveraging Terraform to define the deployment of cert-manager within a Kubernetes cluster. Key components include:
- Terraform Configuration: Defines variables, outputs, and resources for deployment, including Helm release and Kubernetes secrets.
- Helm Chart Integration: Deploys cert-manager as a Helm chart within the specified Kubernetes namespace.
Installation Instructions
pip install nebari-plugin-cert-manager-chart
Usage Instructions
Configurations: Various configurations are available, including email, certificate, issuer, solver, and namespace settings.
Configuration Details
Environment Variable
The below environment variable must be present when deploying Nebari platform to create cloudflare-api Secret for Issuer to retrieve if using Cloudflare solver.
#### cloudflare-apikey
# have to get the client secret from cloudflare manually
export CLOUDFLARE_TOKEN="!!!GetThisFromCloudflareConsole!!!"
Public
Configuration of the cert-manager plugin is controlled through the cert_manager
section of the nebari-config.yaml
for the environment.
cert_manager:
# helm release name and namespace - default default (nebari global namespace)
namespace: cert-manager
# email address to be associated with the ACME account
email: sblair@metrostar.com
# API to manage DNS01 ACME challenge records - default cloudflare
solver: cloudflare
# whether to use ACME server's staging or production endpoint - default false
staging: false
# list of certificate resources to be created
certificates:
# name of certificate
- name: metrostar-certificate
# issuer responsible for issuing the certificate
issuer: letsencrypt
# list of issuers representing certificate issuing authority
issuers:
# name of issuer
- name: letsencrypt
# type of issuer
type: letsencrypt
# ID of the CA key that the External Account is bound to, if any - leave blank if none
keyId: ""
# symmetric MAC key of the External Account Binding, if any - leave blank if none
existingSecret: ""
# helm chart values overrides
values: {}
Internal
The following configuration values apply to the internally managed terraform module and are indirectly controlled through related values in nebari-config.yaml
.
domain
,zone
: Domain and zone for the plugin's deployment.create_namespace
,namespace
: Helm release's namespace configuration.email
: Cloudflare email address.solver
: Solver type.staging
: Flag to use staging or production endpoint environment.certificates
: cert-manager Certificate resources to be stored in Kubernetes Secret resources.apikey
: Cloudflare API Token.issuers
: cert-manager Issuer resources.overrides
: Map for overriding default configurations.
Testing Overview
The plugin includes unit tests to validate its core functionalities:
- Constructor Test: Verifies the default priority.
- Input Variables Test: Validates namespaces, solver type, staging flag.
- Default Namespace Test: Tests the default namespace configuration.
License
nebari-plugin-label-studio-chart
is distributed under the terms of the Apache license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file nebari_plugin_cert_manager_chart-0.0.1.tar.gz
.
File metadata
- Download URL: nebari_plugin_cert_manager_chart-0.0.1.tar.gz
- Upload date:
- Size: 11.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | b41035724e3bb0e81a1719eba1eaf98c6a10a615526a7eb9ac855e123b30b01d |
|
MD5 | 4a1f9a57f8df49ccb6d20bda3ead3d54 |
|
BLAKE2b-256 | 847e1436661147142b280961be0de2a6d229d7e20918fac64f2db63b59fff2ca |
File details
Details for the file nebari_plugin_cert_manager_chart-0.0.1-py3-none-any.whl
.
File metadata
- Download URL: nebari_plugin_cert_manager_chart-0.0.1-py3-none-any.whl
- Upload date:
- Size: 13.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9134f2e1bc8952bd5b7bf7bb42e9570d743178540837e3d9e962317951baad19 |
|
MD5 | 18caab75f4cfc14a15b96733e7765979 |
|
BLAKE2b-256 | 4f4130fada3ae01e54ce9a426a18de0b556e944a13d3093e635852f47ab89c90 |