From 7633dfbe43a6aee1169c398bf1ea0fb5406575db Mon Sep 17 00:00:00 2001
From: Ivan Zubenko <vanya.zubenko@gmail.com>
Date: Tue, 15 Feb 2022 17:18:38 +0200
Subject: [PATCH] add rollout deployment option to acme chart

---
 charts/acme/Chart.yaml                |  4 +-
 charts/acme/files/acme.sh             | 62 +++++++++++++++++++--------
 charts/acme/templates/deployment.yaml | 10 ++++-
 charts/acme/values.yaml               |  3 +-
 4 files changed, 56 insertions(+), 23 deletions(-)

diff --git a/charts/acme/Chart.yaml b/charts/acme/Chart.yaml
index d4b9698..87f950f 100644
--- a/charts/acme/Chart.yaml
+++ b/charts/acme/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-version: 1.0.2
-appVersion: 1.0.2
+version: 1.0.3
+appVersion: 1.0.3
 name: acme
 description: SSL certificate automatic issue and renewal using acme.sh script. https://github.com/acmesh-official/acme.sh
diff --git a/charts/acme/files/acme.sh b/charts/acme/files/acme.sh
index f0183c8..c28ad69 100644
--- a/charts/acme/files/acme.sh
+++ b/charts/acme/files/acme.sh
@@ -16,6 +16,8 @@ _notify_hook=""
 _force_option=""
 _secret=()
 _secret_namespace="default"
+_rollout_deployment=""
+_rollout_deployment_namespace="default"
 
 _acme_install() {
   curl https://get.acme.sh | sh -s email="$_email"
@@ -40,10 +42,20 @@ _acme_issue() {
     acme.sh --set-notify --notify-hook "$_notify_hook"
   fi
 
+  _renew_hook="$_script install-cert $_debug_option -d ${_domains[0]}"
+
+  if [ ! -z "$_secret" ]; then
+    _renew_hook="$_renew_hook --secret $_secret --secret-namespace $_secret_namespace"
+  fi
+
+  if [ ! -z "$_rollout_deployment" ]; then
+    _renew_hook="$_renew_hook --rollout-deployment $_rollout_deployment --rollout-deployment-namespace $_rollout_deployment_namespace"
+  fi
+
   acme.sh --issue \
     --dns dns_$_dns \
     --server $_server \
-    --renew-hook "$_script install-cert $_debug_option -d ${_domains[0]} --secret $_secret --secret-namespace $_secret_namespace" \
+    --renew-hook "$_renew_hook" \
     $_debug_option \
     $_force_option \
     $_domain_options \
@@ -51,9 +63,11 @@ _acme_issue() {
 
   $_script install-cert \
     $_debug_option \
-    -d ${_domains[0]}\
-    --secret $_secret \
-    --secret-namespace $_secret_namespace
+    -d "${_domains[0]}" \
+    --secret "$_secret" \
+    --secret-namespace "$_secret_namespace" \
+    --rollout-deployment "$_rollout_deployment" \
+    --rollout-deployment-namespace "$_rollout_deployment_namespace"
 }
 
 _acme_install_cert() {
@@ -61,10 +75,6 @@ _acme_install_cert() {
     echo "Domain is required."
     exit 1
   fi
-  if [ -z "$_secret" ]; then
-    echo "Secret is required."
-    exit 1
-  fi
 
   local _path="$HOME/certs"
 
@@ -77,15 +87,21 @@ _acme_install_cert() {
     --fullchain-file $_path/fullchain.pem \
     --key-file $_path/key.pem
 
-  kubectl create secret generic $_secret \
-    -n $_secret_namespace \
-    --from-file=cert.crt=$_path/fullchain.pem \
-    --from-file=cert.key=$_path/key.pem \
-    --save-config \
-    --dry-run \
-    -o yaml \
-    2>/dev/null | \
-  kubectl apply -f -
+  if [ ! -z "$_secret" ]; then
+    kubectl create secret generic $_secret \
+      -n $_secret_namespace \
+      --from-file=cert.crt=$_path/fullchain.pem \
+      --from-file=cert.key=$_path/key.pem \
+      --save-config \
+      --dry-run \
+      -o yaml \
+      2>/dev/null | \
+    kubectl apply -f -
+  fi
+
+  if [ ! -z "$_rollout_deployment" ]; then
+    kubectl rollout restart deployment/$_rollout_deployment -n $_rollout_deployment_namespace
+  fi
 }
 
 shift # past cmd
@@ -118,7 +134,7 @@ while [[ $# -gt 0 ]]; do
       shift # past argument
       shift # past value
       ;;
-    --notify)
+    --notify-hook)
       _notify_hook="$2"
       shift # past argument
       shift # past value
@@ -137,6 +153,16 @@ while [[ $# -gt 0 ]]; do
       shift # past argument
       shift # past value
       ;;
+    --rollout-deployment)
+      _rollout_deployment="$2"
+      shift # past argument
+      shift # past value
+      ;;
+    --rollout-deployment-namespace)
+      _rollout_deployment_namespace="$2"
+      shift # past argument
+      shift # past value
+      ;;
     -*|--*)
       echo "Unknown option $1"
       exit 1
diff --git a/charts/acme/templates/deployment.yaml b/charts/acme/templates/deployment.yaml
index 179d3c0..da01aa3 100644
--- a/charts/acme/templates/deployment.yaml
+++ b/charts/acme/templates/deployment.yaml
@@ -48,11 +48,17 @@ spec:
             {{- range .Values.acme.domains }}
             --domain "{{ . }}" \
             {{- end }}
-            {{- if .Values.acme.notify }}
-            --notify {{ .Values.acme.notify }} \
+            {{- if .Values.acme.notifyHook }}
+            --notify-hook {{ .Values.acme.notifyHook }} \
             {{- end }}
+            {{- if .Values.acme.sslCertSecretName }}
             --secret {{ .Values.acme.sslCertSecretName }} \
             --secret-namespace {{ .Release.Namespace }} \
+            {{- end }}
+            {{- if .Values.acme.rolloutDeploymentName }}
+            --rollout-deployment {{ .Values.acme.rolloutDeploymentName }} \
+            --rollout-deployment-namespace {{ .Release.Namespace }} \
+            {{- end }}
             &
 
           tail -f /dev/null
diff --git a/charts/acme/values.yaml b/charts/acme/values.yaml
index f6e8a3f..5f7c0b9 100644
--- a/charts/acme/values.yaml
+++ b/charts/acme/values.yaml
@@ -5,10 +5,11 @@ bashImage:
 acme:
   email: ""
   dns: ""
-  notify: ""
   server: letsencrypt
   domains: []
+  notifyHook: ""
   sslCertSecretName: ssl-cert
+  rolloutDeploymentName: ""
 
 podLabels: {}