Add ACME DNS Resolver for gitlabCD and k8s (#1217)

* wip

* Add csi-s3 and have portainer use it

* Change request @Hrytsuk 1GB max portainer volume size

* Arch Linux Certificates Customization

* Fix pgsql exporter failure

* [Kubernetes] Introduce on-prem persistent Storage (Longhorn) 🎉  (#979)

* Introduce longhorn chart

* Further longhorn configuration

* Longhorn: further settings configuration

* Fix longhorn configuration bugs

Extra: introduce longhorn pv vales for portainer

* Add comment for deletion longhorn

* Further longhorn configuration

* Add README.md for Longhorn wit FAQ

* Update Longhorn readme

* Update readme

* Futher LH configuration

* Update LH's Readme

* Update Longhorn Readme

* Improve LH's Readme

* LH: Reduce reserved default disk space to 5%

Since we use a dedicated disk for LH, we can go ahead with 5%

* Use values to set Longhorn storage class

* Update LH's Readme

* LH Readme: add requirements reference

* PR Review: bring back portainer s3 pv

* LH: decrease portinaer volume size

* Experimental: Try to add tracing to simcore-traefik on master

* Fixes ITISFoundation/osparc-simcore#7363

* Arch Linux Certificates Customization - 2

* wip

* wip

* this might work

* k8s wip

* wip

* wip

---------

Co-authored-by: Dustin Kaiser <[email protected]>
Co-authored-by: YH <[email protected]>

Author: mrnicegyu11

charts/Makefile

@@ -4,7 +4,7 @@ REPO_BASE_DIR := $(shell git rev-parse --show-toplevel)
 include ${REPO_BASE_DIR}/scripts/common.Makefile
 include $(REPO_CONFIG_LOCATION)
 
-CONFIG_DIR := $(shell dirname $(REPO_CONFIG_LOCATION))
+export CONFIG_DIR := $(shell dirname $(REPO_CONFIG_LOCATION))
 CHART_DIRS := $(wildcard $(REPO_BASE_DIR)/charts/*/)
 
 .PHONY: .check-helmfile-installed

charts/cert-manager/values.acme-dns.yaml.gotmpl

@@ -0,0 +1,40 @@
+cert-manager:
+  extraArgs:
+  - --dns01-recursive-nameservers="8.8.8.8:53"
+  - --dns01-recursive-nameservers-only
+  startupapicheck:
+    enabled: false
+  skipDNSResolutionCheck: true
+  maxConcurrentChallenges: 2
+  extraObjects:
+  - |
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: acme-dns-secret
+      namespace: {{ .Release.Namespace }}  # secret must be in same namespace as Cert Manager deployment
+    type: Opaque
+    stringData:
+{{ $configDir := requiredEnv "CONFIG_DIR" }}
+      acmedns.json: |
+{{ readFile (printf "%s/lego-acme-accounts/acme-dns-accounts.json" $configDir) | indent 8 }}
+  - |
+    apiVersion: cert-manager.io/v1
+    kind: ClusterIssuer
+    metadata:
+      name: cert-issuer
+      namespace: {{ .Release.Namespace }}
+    spec:
+      acme:
+        email: {{ requiredEnv "OSPARC_DEVOPS_MAIL_ADRESS" }}
+        server: {{ requiredEnv "DNS_CHALLENGE_ACME_SERVER" }}
+        privateKeySecretRef:
+          name: cert-manager-acme-private-key
+        solvers:
+          - dns01:
+              cnameStrategy: Follow
+              acmeDNS:
+                accountSecretRef:
+                  name: acme-dns-secret
+                  key: acmedns.json
+                host: {{ requiredEnv "ACME_DNS_API_BASE" }}

charts/cert-manager/values.common.yaml.gotmpl

@@ -8,3 +8,8 @@ cert-manager:
 
   webhook:
     securePort: 10250
+  cainjector:
+    replicaCount: 1
+  replicaCount: 1
+  webhook:
+    replicaCount: 1