From 246b44945ea17d65fc2011bd8ee1081adb540780 Mon Sep 17 00:00:00 2001
From: Andrei Kvapil <kvapss@gmail.com>
Date: Mon, 24 Jun 2024 18:55:35 +0200
Subject: [PATCH] add certManager addon

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
---
 packages/apps/kubernetes/README.md            |  1 +
 .../templates/helmreleases/cert-manager.yaml  | 34 +++++++++++++++++++
 .../templates/helmreleases/cilium.yaml        |  2 ++
 .../templates/helmreleases/csi.yaml           |  2 ++
 .../templates/helmreleases/delete.yaml        | 22 +++++++-----
 packages/apps/kubernetes/values.yaml          |  6 ++++
 6 files changed, 58 insertions(+), 9 deletions(-)
 create mode 100644 packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml

diff --git a/packages/apps/kubernetes/README.md b/packages/apps/kubernetes/README.md
index 2d5b43a5..8783db67 100644
--- a/packages/apps/kubernetes/README.md
+++ b/packages/apps/kubernetes/README.md
@@ -36,3 +36,4 @@ kubectl get secret -n <namespace> kubernetes-<clusterName>-admin-kubeconfig -o g
 | `host`                  | The hostname used to access the Kubernetes cluster externally (defaults to using the cluster name as a subdomain for the tenant host). | `""`  |
 | `controlPlane.replicas` | Number of replicas for Kubernetes contorl-plane components                                                                             | `2`   |
 | `nodeGroups`            | nodeGroups configuration                                                                                                               | `{}`  |
+| `addons`                | addons configuration                                                                                                                   | `{}`  |
diff --git a/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml
new file mode 100644
index 00000000..175b94b2
--- /dev/null
+++ b/packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.addons.certManager.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-cert-manager
+  labels:
+    cozystack.io/repository: system
+    coztstack.io/target-cluster-name: {{ .Release.Name }}
+spec:
+  interval: 1m
+  releaseName: cert-mnager
+  chart:
+    spec:
+      chart: cozy-cert-manager
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+  kubeConfig:
+    secretRef:
+      name: {{ .Release.Name }}-kubeconfig
+  targetNamespace: cozy-cert-manager
+  storageNamespace: cozy-cert-manager
+  install:
+    createNamespace: true
+  dependsOn:
+  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
+  - name: {{ .Release.Name }}
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  - name: {{ .Release.Name }}-cilium
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
index 4f23ed21..ca99af87 100644
--- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml
@@ -44,5 +44,7 @@ spec:
       enableIPv4Masquerade: true
       ipv4NativeRoutingCIDR: ""
   dependsOn:
+  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}
     namespace: {{ .Release.Namespace }}
+  {{- end }}
diff --git a/packages/apps/kubernetes/templates/helmreleases/csi.yaml b/packages/apps/kubernetes/templates/helmreleases/csi.yaml
index 5ced4163..349da151 100644
--- a/packages/apps/kubernetes/templates/helmreleases/csi.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/csi.yaml
@@ -24,5 +24,7 @@ spec:
   install:
     createNamespace: true
   dependsOn:
+  {{- if lookup "helm.toolkit.fluxcd.io/v2" "HelmRelease" .Release.Namespace .Release.Name }}
   - name: {{ .Release.Name }}
     namespace: {{ .Release.Namespace }}
+  {{- end }}
diff --git a/packages/apps/kubernetes/templates/helmreleases/delete.yaml b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
index 71215c30..f89ac771 100644
--- a/packages/apps/kubernetes/templates/helmreleases/delete.yaml
+++ b/packages/apps/kubernetes/templates/helmreleases/delete.yaml
@@ -22,15 +22,18 @@ spec:
         - name: kubectl
           image: docker.io/clastix/kubectl:v1.29.1
           command:
-            - kubectl
-            - --namespace={{ .Release.Namespace }}
-            - patch
-            - helmrelease
-            - {{ .Release.Name }}-cilium
-            - {{ .Release.Name }}-csi
-            - -p
-            - '{"spec": {"suspend": true}}'
-            - --type=merge
+            - /bin/sh
+            - -c
+            - |
+                kubectl
+                --namespace={{ .Release.Namespace }}
+                patch
+                helmrelease
+                {{ .Release.Name }}-cilium
+                {{ .Release.Name }}-csi
+                {{ .Release.Name }}-cert-manager
+                -p '{"spec": {"suspend": true}}'
+                --type=merge --field-manager=flux-client-side-apply || true
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -60,6 +63,7 @@ rules:
     resourceNames:
       - {{ .Release.Name }}-cilium
       - {{ .Release.Name }}-csi
+      - {{ .Release.Name }}-cert-manager
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
diff --git a/packages/apps/kubernetes/values.yaml b/packages/apps/kubernetes/values.yaml
index 15b5cc2b..c2670a7e 100644
--- a/packages/apps/kubernetes/values.yaml
+++ b/packages/apps/kubernetes/values.yaml
@@ -16,3 +16,9 @@ nodeGroups:
     resources:
       cpu: 2
       memory: 1024Mi
+
+## @param addons [object] addons configuration
+##
+addons:
+  certManager:
+    enabled: false