Skip to main content

MetroStar Onyx - cert-manager plugin for Nebari platform

Project description

Nebari Plugin Cert-Manager Chart

PyPI - Version PyPI - Python Version


Overview

This plugin integrates cert-manager into the Nebari platform, allowing X.509 certificate management within Nebari. Utilizing Python, Terraform, Kubernetes, and Helm charts, the plugin provides a configurable deployment.

Design and Architecture

The plugin follows a modular design, leveraging Terraform to define the deployment of cert-manager within a Kubernetes cluster. Key components include:

  • Terraform Configuration: Defines variables, outputs, and resources for deployment, including Helm release and Kubernetes secrets.
  • Helm Chart Integration: Deploys cert-manager as a Helm chart within the specified Kubernetes namespace.

Installation Instructions

pip install nebari-plugin-cert-manager-chart

Usage Instructions

Configurations: Various configurations are available, including email, certificate, issuer, solver, and namespace settings.

Configuration Details

Environment Variable

The below environment variable must be present when deploying Nebari platform to create cloudflare-api Secret for Issuer to retrieve if using Cloudflare solver.

#### cloudflare-apikey

# have to get the client secret from cloudflare manually
export CLOUDFLARE_TOKEN="!!!GetThisFromCloudflareConsole!!!"

Public

Configuration of the cert-manager plugin is controlled through the cert_manager section of the nebari-config.yaml for the environment.

cert_manager:
  # helm release name and namespace - default default (nebari global namespace)
  namespace: cert-manager
  # email address to be associated with the ACME account
  email: sblair@metrostar.com
  # API to manage DNS01 ACME challenge records - default cloudflare
  solver: cloudflare
  # whether to use ACME server's staging or production endpoint - default false
  staging: false
  # list of certificate resources to be created
  certificates:
    # name of certificate
  - name: metrostar-certificate
    # issuer responsible for issuing the certificate
    issuer: letsencrypt
  # list of issuers representing certificate issuing authority
  issuers:
    # name of issuer
  - name: letsencrypt
    # type of issuer
    type: letsencrypt
    # ID of the CA key that the External Account is bound to, if any - leave blank if none
    keyId: ""
    # symmetric MAC key of the External Account Binding, if any - leave blank if none
    existingSecret: ""
  # helm chart values overrides
  values: {}

Internal

The following configuration values apply to the internally managed terraform module and are indirectly controlled through related values in nebari-config.yaml.

  • domain, zone: Domain and zone for the plugin's deployment.
  • create_namespace, namespace: Helm release's namespace configuration.
  • email: Cloudflare email address.
  • solver: Solver type.
  • staging: Flag to use staging or production endpoint environment.
  • certificates: cert-manager Certificate resources to be stored in Kubernetes Secret resources.
  • apikey: Cloudflare API Token.
  • issuers: cert-manager Issuer resources.
  • overrides: Map for overriding default configurations.

Testing Overview

The plugin includes unit tests to validate its core functionalities:

  • Constructor Test: Verifies the default priority.
  • Input Variables Test: Validates namespaces, solver type, staging flag.
  • Default Namespace Test: Tests the default namespace configuration.

License

nebari-plugin-label-studio-chart is distributed under the terms of the Apache license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nebari_plugin_cert_manager_chart-0.0.1.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file nebari_plugin_cert_manager_chart-0.0.1.tar.gz.

File metadata

File hashes

Hashes for nebari_plugin_cert_manager_chart-0.0.1.tar.gz
Algorithm Hash digest
SHA256 b41035724e3bb0e81a1719eba1eaf98c6a10a615526a7eb9ac855e123b30b01d
MD5 4a1f9a57f8df49ccb6d20bda3ead3d54
BLAKE2b-256 847e1436661147142b280961be0de2a6d229d7e20918fac64f2db63b59fff2ca

See more details on using hashes here.

File details

Details for the file nebari_plugin_cert_manager_chart-0.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for nebari_plugin_cert_manager_chart-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 9134f2e1bc8952bd5b7bf7bb42e9570d743178540837e3d9e962317951baad19
MD5 18caab75f4cfc14a15b96733e7765979
BLAKE2b-256 4f4130fada3ae01e54ce9a426a18de0b556e944a13d3093e635852f47ab89c90

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page