Updated chart templates and added apikey in main.go

.gitignore

@@ -4,3 +4,5 @@
 
 /.vs
 apiserver.local.config
+charts
+_test

deploy/sthome-webhook/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "1.0"
+appVersion: "v0.0.1"
-description: A Helm chart for Kubernetes
+description: Cert-Manager webhook for sthome
 name: sthome-webhook
-version: 0.1.0
+version: 0.0.1

deploy/sthome-webhook/templates/_helpers.tpl

@@ -46,3 +46,10 @@ Create chart name and version as used by the chart label.
 {{- define "sthome-webhook.servingCertificate" -}}
 {{ printf "%s-webhook-tls" (include "sthome-webhook.fullname" .) }}
 {{- end -}}
+
+{{/*
+Create base64 imagePullSecret using username and password.
+*/}}
+{{- define "imagePullSecret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
+{{- end }}

deploy/sthome-webhook/templates/deployment.yaml

@@ -21,6 +21,8 @@ spec:
         release: {{ .Release.Name }}
     spec:
       serviceAccountName: {{ include "sthome-webhook.fullname" . }}
+      imagePullSecrets:
+      - name: {{ .Values.imageCredentials.name }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"

deploy/sthome-webhook/values.yaml

@@ -1,6 +1,6 @@
 # The GroupName here is used to identify your company or business unit that
 # created this webhook.
-# For sthome, this may be "acme.sthome.net".
+# For sthome, this may be "webhook.acme.cert-manager.io".
 # This name will need to be referenced in each Issuer's `webhook` stanza to
 # inform cert-manager of where to send ChallengePayload resources in order to
 # solve the DNS01 challenge.
@@ -9,17 +9,32 @@
 groupName: acme.sthome.net
 
 certManager:
-  namespace: cert-manager
+  namespace: ix-cert-manager
   serviceAccountName: cert-manager
 
 image:
-  repository: sthome/webhook-image
+  repository: stuurmcp/cert-manager-webhook-sthome
-  tag: latest
+  tag: 0.0.1
-  pullPolicy: IfNotPresent
+  #pullPolicy should be IfNotPresent. Set to Always for testing purposes
+  pullPolicy: Always
+
+imageCredentials: 
+  name: docker-registry-credentials
 
 nameOverride: ""
 fullnameOverride: ""
 
+replicaCount: 1
+
+pki:
+  caDuration: 43800h # 5y
+  servingCertificateDuration: 8760h # 1y
+
+secret:
+  accessKey: ""
+  secretKey: ""
+  name: sthome-webhook-secret 
+
 service:
   type: ClusterIP
   port: 443
@@ -41,3 +56,4 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+  

main.go

@@ -9,6 +9,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 
+	cmmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
 	"github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util"
@@ -24,12 +25,6 @@ func main() {
 	if GroupName == "" {
 		panic("GROUP_NAME must be specified")
 	}
-
-	// This will register our sthome DNS provider with the webhook serving
-	// library, making it available as an API under the provided GroupName.
-	// You can register multiple DNS provider implementations with a single
-	// webhook, where the Name() method will be used to disambiguate between
-	// the different implementations.
 	cmd.RunWebhookServer(GroupName,
 		&sthomeDNSProviderSolver{},
 	)
@@ -70,7 +65,7 @@ type sthomeDNSProviderConfig struct {
 	// `issuer.spec.acme.dns01.providers.webhook.config` field.
 
 	Email string `json:"email"`
-	//APIKeySecretRef v1alpha1.SecretKeySelector `json:"apiKeySecretRef"`
+	APIKeySecretRef cmmetav1.SecretKeySelector `json:"apiKeySecretRef"`
 }
 
 // Name is used as the name for this DNS solver when referencing it on the ACME