add tls sync

helm/tls-sync-wildcard/ops/templates/configmap.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tls-sync-wildcard-script
+  namespace: {{ .Values.tlsSync.sourceNamespace }}
+  labels:
+    app: tls-sync-wildcard
+data:
+  sync-all-certificates.sh: |
+{{- .Files.Get "scripts/sync-all-certificates.sh" | indent 4 }}
+

helm/tls-sync-wildcard/ops/templates/cronjob.yaml

@@ -0,0 +1,61 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: tls-sync-wildcard
+  namespace: {{ .Values.tlsSync.sourceNamespace }}
+  labels:
+    app: tls-sync-wildcard
+spec:
+  schedule: {{ .Values.tlsSync.schedule | quote }}
+  successfulJobsHistoryLimit: {{ .Values.tlsSync.successfulJobsHistoryLimit }}
+  failedJobsHistoryLimit: {{ .Values.tlsSync.failedJobsHistoryLimit }}
+  jobTemplate:
+    spec:
+      backoffLimit: {{ .Values.tlsSync.backoffLimit }}
+      activeDeadlineSeconds: {{ .Values.tlsSync.activeDeadlineSeconds }}
+      template:
+        metadata:
+          labels:
+            app: tls-sync-wildcard
+        spec:
+          restartPolicy: {{ .Values.tlsSync.restartPolicy }}
+          serviceAccountName: tls-sync-wildcard
+          containers:
+          - name: sync
+            image: {{ .Values.tlsSync.image.repository }}:{{ .Values.tlsSync.image.tag }}
+            imagePullPolicy: {{ .Values.tlsSync.image.pullPolicy }}
+            command:
+            - /bin/bash
+            - -c
+            - |
+              set -e
+              
+              # Copier le script depuis le ConfigMap
+              cp /scripts/sync-all-certificates.sh /tmp/sync-all-certificates.sh
+              chmod +x /tmp/sync-all-certificates.sh
+              
+              # Exécuter le script
+              /tmp/sync-all-certificates.sh \
+                --sourceCluster "{{ .Values.tlsSync.sourceCluster }}" \
+                --sourceNS "{{ .Values.tlsSync.sourceNamespace }}"
+            volumeMounts:
+            - name: kubeconfig
+              mountPath: /root/.kube
+              readOnly: true
+            - name: script
+              mountPath: /scripts
+              readOnly: true
+            env:
+            - name: KUBECONFIG
+              value: /root/.kube/config
+            resources:
+{{- toYaml .Values.tlsSync.resources | nindent 14 }}
+          volumes:
+          - name: kubeconfig
+            secret:
+              secretName: {{ .Values.tlsSync.kubeconfigSecret }}
+          - name: script
+            configMap:
+              name: tls-sync-wildcard-script
+              defaultMode: 0755
+

helm/tls-sync-wildcard/ops/templates/rbac.yaml

@@ -0,0 +1,51 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tls-sync-wildcard
+  labels:
+    app: tls-sync-wildcard
+rules:
+  # Permissions pour lire les certificats et secrets dans le namespace source
+  - apiGroups:
+      - cert-manager.io
+    resources:
+      - certificates
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+  # Permissions pour créer et gérer les secrets dans tous les namespaces
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+      - namespaces
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tls-sync-wildcard
+  labels:
+    app: tls-sync-wildcard
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tls-sync-wildcard
+subjects:
+  - kind: ServiceAccount
+    name: tls-sync-wildcard
+    namespace: {{ .Values.tlsSync.sourceNamespace }}
+

helm/tls-sync-wildcard/ops/templates/serviceaccount.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tls-sync-wildcard
+  namespace: {{ .Values.tlsSync.sourceNamespace }}
+  labels:
+    app: tls-sync-wildcard
+