refactor(cert-manager): install with helmraiser (#330)

* Update helm.libsonnet (#331)

* refactor(cert-manager): install with helmraiser

Closes #315, #318, #320

* name port to http-metrics so it gets scraped

* allow to specify vendor folder

* don't install crds from 2 sources

* cert-manager: add readme

* correct $._config name

* docs(cert-manager): add inline comments

Co-authored-by: sh0rez <[email protected]>

Author: Duologic

cert-manager/README.md

@@ -1,6 +1,5 @@
-# Cert-manager jsonnet library (alpha)
+# cert-manager
 
-This library was created as a mostly 1-to-1 rewrite of cert-manager helm chart and is in use internally at Grafana Labs. It should be considered experimental.
-
-In addition to the helm chart content, this jsonnet library also provides `letsencrypt-prod` and `letsencrypt-staging` ClusterIssuers for direct consumption. Please have a look at `config.libsonnet` for configuration parameters.
+This jsonnet lib renders the cert-manager Helm chart with a few Grafana specific overrides.
 
+It depends on the helmraiser functionality available in tanka>=0.12.0-alpha1.

cert-manager/cainjector_deployment.libsonnet

@@ -1,27 +1,3 @@
-(import 'ksonnet-util/kausal.libsonnet') +
-(import 'cert-manager/cainjector_deployment.libsonnet') +
-(import 'cert-manager/cainjector_psp.libsonnet') +
-(import 'cert-manager/cainjector_psp_clusterrole.libsonnet') +
-(import 'cert-manager/cainjector_psp_clusterrolebinding.libsonnet') +
-(import 'cert-manager/cainjector_rbac.libsonnet') +
-(import 'cert-manager/cainjector_serviceaccount.libsonnet') +
-(import 'cert-manager/config.libsonnet') +
-(import 'cert-manager/default_clusterissuers.libsonnet') +
-(import 'cert-manager/deployment.libsonnet') +
-(import 'cert-manager/namespace.libsonnet') +
-(import 'cert-manager/psp.libsonnet') +
-(import 'cert-manager/psp_clusterrole.libsonnet') +
-(import 'cert-manager/psp_clusterrolebinding.libsonnet') +
-(import 'cert-manager/rbac.libsonnet') +
-(import 'cert-manager/service.libsonnet') +
-(import 'cert-manager/serviceaccount.libsonnet') +
-(import 'cert-manager/webhook_deployment.libsonnet') +
-(import 'cert-manager/webhook_mutating_webhook.libsonnet') +
-(import 'cert-manager/webhook_psp_clusterrole.libsonnet') +
-(import 'cert-manager/webhook_psp_clusterrolebinding.libsonnet') +
-(import 'cert-manager/webhook_psp.libsonnet') +
-(import 'cert-manager/webhook_rbac.libsonnet') +
-(import 'cert-manager/webhook_service.libsonnet') +
-(import 'cert-manager/webhook_serviceaccount.libsonnet') +
-(import 'cert-manager/webhook_validating_webhook.libsonnet') +
-(import 'cert-manager/crds.libsonnet')
+(import 'config.libsonnet') +
+(import 'main.libsonnet') +
+(import 'default_clusterissuers.libsonnet')

cert-manager/cainjector_psp.libsonnet

@@ -1,13 +1,9 @@
 {
-  _images+:: {
-    cert_manager: 'quay.io/jetstack/cert-manager-controller:v0.13.0',
-    cert_manager_cainjector: 'quay.io/jetstack/cert-manager-cainjector:v0.13.0',
-    cert_manager_webhook: 'quay.io/jetstack/cert-manager-webhook:v0.13.0',
-  },
-  // Empty for now, used to keep the structure consistent.
   _config+:: {
-    namespace: error '$._config.namespace needs to be configured.',
-    // "letsencrypt-staging" and "letsencrypt-prod" ClusterIssuer is generated automatically.
+    name: 'cert-manager',
+    namespace: error '$._config.namesapce needs to be configured.',
+    version: 'v0.13.0',
+    custom_crds: true,  // newer cert-manager charts can install CRDs
     default_issuer: null,
     default_issuer_group: 'cert-manager.io',
     issuer_email: error '$._config.issuer_email needs to be configured.',