#2 OZG-7121 helm: Add server certificate resource

src/main/helm/templates/_helpers.tpl

@@ -34,7 +34,6 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 app.kubernetes.io/part-of: ozgcloud
 app.kubernetes.io/version: {{ .Chart.Version }}
 helm.sh/chart: {{ include "app.chart" . }}
-ozgcloud-mongodb-client: "true"
 {{- end -}}
 
 {{- define "app.matchLabels" }}

src/main/helm/templates/certificate.yaml

+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Release.Name }}-tls-certificate
+  namespace: {{ include "app.namespace" . }}
+  labels:
+    {{- include "app.defaultLabels" . | indent 4 }}
+spec:
+  isCA: false
+  secretName: {{ .Release.Name }}-tls-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: xta-test-cluster-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  duration: 8760h0m0s # 1 Jahr
+  renewBefore: 5840h0m0s # 8 Monate
+  commonName: {{ .Release.Name }}
+  keystores:
+    jks:
+      create: true
+      passwordSecretRef:
+        name: xta-test-server-default-secret
+        key: keystorePassword
+      alias: xta-test-server
+    pkcs12:
+      create: true
+      passwordSecretRef:
+          name: xta-test-server-default-secret
+          key: keystorePassword
+  subject:
+    organisations:
+      - "XtaTestOrga"
+    countries:
+      - DE
+    organizationalUnits:
+      - "XtaTestUnit"
+    localities:
+      - Kiel
+    provinces:
+      - Schleswig-Holstein
+    steetAddresses:
+      - "Test-Str. 4"
+    postalCodes:
+      - "22222"
+  # critical, digitalSignature, nonRepudiation, keyEncipherment, keyAgreement
+  usages:
+    - server auth
+    - digital signature
+    - content commitment # https://cryptography.io/en/latest/x509/reference/#cryptography.x509.KeyUsage.content_commitment
+    - key encipherment
+    - key agreement
+  dnsNames:
+    - "*.{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}"
+    - "{{ .Release.Name }}"
\ No newline at end of file

src/main/helm/templates/default_secret.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: xta-test-server-default-secret
+  namespace: {{ include "app.namespace" . }}
+  labels:
+    {{- include "app.defaultLabels" . | indent 4 }}
+type: Opaque
+data:
+  keystorePassword: password
\ No newline at end of file

src/main/helm/templates/selfsigned_cluster_issuer.yaml

+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: xta-test-cluster-issuer
+  namespace: {{ include "app.namespace" . }}
+  labels:
+    {{- include "app.defaultLabels" . | indent 4 }}
+spec:
+  selfSigned: {}
\ No newline at end of file

src/main/helm/test-values.yaml

+replicaCount: 1
+
+image:
+  repo: docker.ozg-sh.de
+  name: xta-test-server
+  tag: latest
+
+imagePullSecret: ozgcloud-image-pull-secret
+
+env:
+  overrideSpringProfiles: abc, test
+
+baseUrl: test.by.ozg-cloud.de
+
+ozgcloud:
+  bezeichner: xta-test-serverr
+
+networkPolicy:
+  disabled: false
+  dnsServerNamespace: openshift-dns
\ No newline at end of file

src/test/helm/certificate_test.yaml

+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test certificate.yaml
+release:
+  name: xta-test-server-release-name
+  namespace: sh-helm-test
+templates:
+  - templates/certificate.yaml
+set:  
+  ozgcloud:
+    bezeichner: helm
+  baseUrl: test.by.ozg-cloud.de
+
+tests:
+  - it: check Certificate kind
+    asserts:
+      - isKind:
+          of: Certificate
+  - it: should set metadata name
+    asserts:
+      - equal:
+          path: metadata.name
+          value: xta-test-server-release-name-tls-certificate
+  - it: should set secret name
+    asserts:
+      - equal:
+          path: spec.secretName
+          value: xta-test-server-release-name-tls-secret
+  - it: should set common name
+    asserts:
+      - equal:
+          path: spec.commonName
+          value: xta-test-server-release-name
+  - it: should set dns names
+    asserts:
+      - equal:
+          path: spec.dnsNames
+          value:
+            - "*.xta-test-server-release-name.sh-helm-test.svc.cluster.local"
+            - "xta-test-server-release-name.sh-helm-test.svc.cluster.local"
+            - "xta-test-server-release-name.sh-helm-test.svc.cluster"
+            - "xta-test-server-release-name.sh-helm-test.svc"
+            - "xta-test-server-release-name.sh-helm-test"
+            - "xta-test-server-release-name"
+  - it: should contain default lables and component lables
+    asserts:
+      - equal:
+          path: metadata.labels
+          value:
+            app.kubernetes.io/instance: xta-test-server
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/name: xta-test-server-release-name
+            app.kubernetes.io/namespace: sh-helm-test
+            app.kubernetes.io/part-of: ozgcloud
+            app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
+            helm.sh/chart: xta-test-server-0.0.0-MANAGED-BY-JENKINS
\ No newline at end of file

src/test/helm/deployment_defaults_labels_test.yaml

@@ -45,7 +45,6 @@ tests:
             app.kubernetes.io/part-of: ozgcloud
             app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
             helm.sh/chart: xta-test-server-0.0.0-MANAGED-BY-JENKINS
-            ozgcloud-mongodb-client: "true"
 
   - it: should set spec.selector.matchLabels
     asserts:
@@ -69,4 +68,3 @@ tests:
             app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
             component: xta-test-server
             helm.sh/chart: xta-test-server-0.0.0-MANAGED-BY-JENKINS
-            ozgcloud-mongodb-client: "true"
\ No newline at end of file

src/test/helm/deployment_test.yaml

@@ -82,9 +82,6 @@ tests:
       - equal:
           path: spec.template.metadata.labels.component
           value: "xta-test-server"
-      - equal:
-          path: metadata.labels["ozgcloud-mongodb-client"]
-          value: "true"
       - equal:
           path: spec.template.spec.topologySpreadConstraints[0].maxSkew
           value: 1

src/test/helm/service_monitor_test.yaml

@@ -58,7 +58,6 @@ tests:
             app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
             component: xta-test-server-service-monitor
             helm.sh/chart: xta-test-server-0.0.0-MANAGED-BY-JENKINS
-            ozgcloud-mongodb-client: "true"
 
   - it: should have the metrics endpoint configured by default
     asserts:

src/test/helm/service_test.yaml

@@ -93,4 +93,3 @@ tests:
             app.kubernetes.io/version: 0.0.0-MANAGED-BY-JENKINS
             component: xta-test-server-service
             helm.sh/chart: xta-test-server-0.0.0-MANAGED-BY-JENKINS
-            ozgcloud-mongodb-client: "true"
\ No newline at end of file