Merge pull request #2 from minmzzhang/externalizing-charts

feat: Externalize ZTVP charts: cert-manager

Author: minmzzhang

.github/linters/.checkov.yaml

@@ -5,8 +5,13 @@ directory:
 skip-path:
   - tests
 skip-check:
-  - CKV_K8S_49 # Minimize wildcard use in Roles and ClusterRoles
-  - CKV_K8S_155 # Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations
-  - CKV_K8S_156 # Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests
-  - CKV_K8S_157 # Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings
-  - CKV_K8S_158 # Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles
+  # CKV_K8S_49: Minimize wildcard use in Roles and ClusterRoles
+  - CKV_K8S_49
+  # CKV_K8S_155: ClusterRoles for admission webhook configurations
+  - CKV_K8S_155
+  # CKV_K8S_156: ClusterRoles to approve CertificateSigningRequests
+  - CKV_K8S_156
+  # CKV_K8S_157: Roles/ClusterRoles to bind RoleBindings or ClusterRoleBindings
+  - CKV_K8S_157
+  # CKV_K8S_158: Roles/ClusterRoles to escalate Roles or ClusterRoles
+  - CKV_K8S_158

.github/workflows/superlinter.yml

@@ -14,3 +14,5 @@ jobs:
     with:
       sl_env: |
         VALIDATE_BIOME_FORMAT=false
+        # Exclude Helm chart templates (contain {{ }}; not valid YAML)
+        FILTER_REGEX_EXCLUDE=.*/templates/.*

.github/workflows/update-helm-repo.yml

@@ -1,3 +1,4 @@
+---
 # This invokes the workflow named 'publish-charts' in the umbrella repo
 # It expects to have a secret called CHARTS_REPOS_TOKEN which contains
 # the GitHub token that has permissions to invoke workflows and commit code
@@ -23,13 +24,15 @@ permissions:
 
 jobs:
   helmlint:
-    uses: validatedpatterns/helm-charts/.github/workflows/helmlint.yml@69fd10ef9199eecd093fca715ae9765c78750efc # October 6, 2025
+    # October 6, 2025
+    uses: validatedpatterns/helm-charts/.github/workflows/helmlint.yml@69fd10ef9199eecd093fca715ae9765c78750efc
     permissions:
       contents: read
 
   update-helm-repo:
     needs: [helmlint]
-    uses: validatedpatterns/helm-charts/.github/workflows/update-helm-repo.yml@69fd10ef9199eecd093fca715ae9765c78750efc # October 6, 2025
+    # October 6, 2025
+    uses: validatedpatterns/helm-charts/.github/workflows/update-helm-repo.yml@69fd10ef9199eecd093fca715ae9765c78750efc
     permissions:
       contents: read
     secrets:

.prettierignore

@@ -0,0 +1,4 @@
+# Helm template files contain {{ }} and are not plain YAML
+templates/
+# Keep [ ] for yamllint; Prettier would change to []
+values.yaml

.yamllint

@@ -0,0 +1,12 @@
+extends: default
+ignore:
+  - templates/
+  - templates/**
+  - "**/templates/**"
+rules:
+  document-start: disable
+  line-length:
+    max: 80
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 1

Chart.yaml

@@ -1,6 +1,23 @@
+---
 apiVersion: v2
-description: A Helm chart to serve as the Validated Patterns Template
+name: ocp-certmanager
+description: >
+  A Helm chart to deploy OpenShift cert-manager operator with proper
+  DNS nameserver configuration.
+type: application
+# This is the chart version. This version number should be incremented each
+# time you make changes to the chart and its templates, including the app
+# version. Versions are expected to follow Semantic Versioning (semver.org).
+version: 0.2.0
+
+home: https://github.com/validatedpatterns/ocp-certmanager-chart
+maintainers:
+  - name: Validated Patterns Team
+    email: validatedpatterns@googlegroups.com
+icon: https://validatedpatterns.io/images/validated-patterns.png
 keywords:
-  - pattern
-name: vp-template
-version: 0.0.1
+  - cert-manager
+  - ssl
+  - tls
+  - certificates
+  - openshift

Makefile

@@ -36,8 +36,10 @@ test: helm-lint helm-unittest ## Runs helm lint and unit tests
 .PHONY: super-linter
 super-linter: ## Runs super linter locally
 	rm -rf .mypy_cache
-	podman run -e RUN_LOCAL=true -e USE_FIND_ALGORITHM=true	\
-					-e VALIDATE_BIOME_FORMAT=false \
-					-v $(PWD):/tmp/lint:rw,z \
-					-w /tmp/lint \
-					ghcr.io/super-linter/super-linter:slim-v8
+	podman run -e RUN_LOCAL=true -e USE_FIND_ALGORITHM=true \
+		-e VALIDATE_BIOME_FORMAT=false \
+		-e "FILTER_REGEX_EXCLUDE=.*/templates/.*" \
+		-e VALIDATE_GITHUB_ACTIONS_ZIZMOR=false \
+		-v $(PWD):/tmp/lint:rw,z \
+		-w /tmp/lint \
+		ghcr.io/super-linter/super-linter:slim-v8

README.md

@@ -1,13 +1,45 @@
-# vp-template
+# ocp-certmanager
 
-![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square)
+<!-- markdownlint-disable MD013 -->
 
-A Helm chart to serve as the Validated Patterns Template
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+<!-- markdownlint-enable MD013 -->
+
+<!-- markdownlint-disable MD013 -->
+
+A Helm chart to deploy OpenShift cert-manager operator with proper DNS nameserver configuration.
+
+<!-- markdownlint-enable MD013 -->
 
 This chart is used to serve as the template for Validated Patterns Charts
 
 ## Notable changes
 
+**Homepage:** <https://github.com/validatedpatterns/ocp-certmanager-chart>
+
+## Maintainers
+
+| Name                    | Email                                | Url |
+| ----------------------- | ------------------------------------ | --- |
+| Validated Patterns Team | <validatedpatterns@googlegroups.com> |     |
+
+<!-- markdownlint-disable MD013 MD034 MD060 -->
+
+## Values
+
+| Key                                 | Type   | Default                            | Description                                                                                                                                                                                                                                                                                               |
+| ----------------------------------- | ------ | ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| certmgrOperator.additionalArgs      | list   | `[]`                               | Arguments to pass to the cert-manager controller (optional) Example: additionalArgs: - "--acme-http01-solver-nameservers=8.8.8.8:53,1.1.1.1:53" - "--v=2"                                                                                                                                                 |
+| certmgrOperator.credentialsRequests | list   | `[]`                               | Cloud credentials to use for the cert-manager (optional) You can specify multiple cloud credentials for different cloud providers. Used in combination with the solvers to create the DNS records.                                                                                                        |
+| certmgrOperator.issuers             | list   | `[]`                               | Issuers to use for the cert-manager (optional) You can specify multiple issuers for different challenges.                                                                                                                                                                                                 |
+| certmgrOperator.nameservers         | list   | `["8.8.8.8:53","1.1.1.1:53"]`      | List of DNS server (ip:port strings) for DNS01 challenges. Defaults to [8.8.8.8:53, 1.1.1.1:53]. Necessary for DNS01 ACME solver; openshift's internal split-view DNS servers typically won't work. See: https://cert-manager.io/docs/configuration/acme/dns01/ #setting-nameservers-for-dns01-self-check |
+| global                              | string | depends on the individual settings | Dictionary of the global settings to configure this chart                                                                                                                                                                                                                                                 |
+| installerType                       | string | `"argocd"`                         |                                                                                                                                                                                                                                                                                                           |
+| operatorChannel                     | string | `"stable-v1"`                      | String the channel to install cert-manager from (Defaults to "stable-v1")                                                                                                                                                                                                                                 |
+
+<!-- markdownlint-enable MD013 MD034 MD060 -->
+
 ---
 
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

README.md.gotmpl

@@ -1,9 +1,13 @@
 {{ template "chart.header" . }}
 {{ template "chart.deprecationWarning" . }}
 
+<!-- markdownlint-disable MD013 -->
 {{ template "chart.badgesSection" . }}
+<!-- markdownlint-enable MD013 -->
 
+<!-- markdownlint-disable MD013 -->
 {{ template "chart.description" . }}
+<!-- markdownlint-enable MD013 -->
 
 This chart is used to serve as the template for Validated Patterns Charts
 
@@ -17,6 +21,8 @@ This chart is used to serve as the template for Validated Patterns Charts
 
 {{ template "chart.requirementsSection" . }}
 
+<!-- markdownlint-disable MD013 MD034 MD060 -->
 {{ template "chart.valuesSection" . }}
+<!-- markdownlint-enable MD013 MD034 MD060 -->
 
 {{ template "helm-docs.versionFooter" . }}