feat: Updating chart to support CRD struct, Fixes #419

1. Added support for the new crds.enabled and crds.keep options in the CertManager component
2. Added proper backward compatibility with the deprecated installCRDs option
3. Updated the schema.json to include the new type definition
4. Created an example to showcase how to use the new options
5. Added a new deleteOnDestroy boolean field to the CertManagerCrds struct in schema.json
6. Updated the CertManagerCrds struct in chart.go to include the new field
7. Implemented the functionality in provider.go to handle CRD deletion on resource destruction

Author: rshade

examples/examples_ts_test.go

@@ -49,3 +49,30 @@ func TestTsCertManagerPreview(t *testing.T) {
 		p.Preview(t)
 	})
 }
+
+// TestCertManagerWithCrdsUpDestroyUp verifies that CRDs can be deployed, destroyed, and deployed again
+// without conflicts. This is especially important for ensuring that the crds.enabled functionality
+// works correctly through complete lifecycle operations.
+func TestCertManagerWithCrdsUpDestroyUp(t *testing.T) {
+	t.Run("TestSimpleCertManagerWithCrdsTs", func(t *testing.T) {
+		p := pulumitest.NewPulumiTest(t, "simple-cert-manager-with-crds-ts",
+			opttest.LocalProviderPath("pulumi-kubernetes-cert-manager", filepath.Join(getCwd(t), "..", "bin")),
+			opttest.YarnLink("@pulumi/kubernetes-cert-manager"),
+		)
+		p.SetConfig(t, "repository", "public.ecr.aws/eks-anywhere-dev/cert-manager/cert-manager-controller")
+		
+		// First deployment
+		p.Up(t)
+		p.Preview(t, optpreview.ExpectNoChanges())
+		
+		// Destroy the stack
+		p.Destroy(t)
+		
+		// Re-deploy to verify there are no CRD conflicts
+		p.Up(t)
+		p.Preview(t, optpreview.ExpectNoChanges())
+		
+		// Clean up
+		p.Destroy(t)
+	})
+}

examples/simple-cert-manager-with-crds-ts/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: simple-cert-manager-with-crds-ts
+description: A minimal TypeScript Pulumi program showcasing cert-manager deployment with new CRDs configuration
+runtime: nodejs

examples/simple-cert-manager-with-crds-ts/index.ts

@@ -0,0 +1,76 @@
+import * as k8s from "@pulumi/kubernetes";
+import * as certmanager from "@pulumi/kubernetes-cert-manager";
+import * as random from "@pulumi/random";
+import * as pulumi from "@pulumi/pulumi"
+
+const randomString = new random.RandomString("random", {
+  length: 16,
+  special: false,
+})
+
+const conf = new pulumi.Config()
+const confRepo = conf.get("repository")
+let repository = randomString.result
+if (confRepo) {
+  repository = pulumi.output(confRepo)
+}
+
+// Create a sandbox namespace.
+const ns = new k8s.core.v1.Namespace("sandbox-ns");
+
+// Install a cert manager into our cluster with CRD deletion configuration
+const manager = new certmanager.CertManager("cert-manager", {
+  // Using the new CRDs structure instead of installCRDs
+  crds: {
+    enabled: true,
+    keep: false,
+    deleteOnDestroy: true // This will ensure CRDs are deleted on destroy
+  },
+  helmOptions: {
+    namespace: ns.metadata.name,
+    version: "v1.15.3",
+  },
+  image: pulumi.all([repository, "v1.15.3-eks-a-v0.21.3-dev-build.0"]).apply(([repository, tag]) => {
+    return {
+      repository,
+      tag: tag,
+    }
+  }),
+  cainjector: {
+    "image": {
+      repository: "public.ecr.aws/eks-anywhere-dev/cert-manager/cert-manager-cainjector",
+      tag: "v1.15.3-eks-a-v0.21.3-dev-build.0",
+    },
+  },
+  startupapicheck: {
+    "image": {
+      repository: "public.ecr.aws/eks-anywhere-dev/cert-manager/cert-manager-startupapicheck",
+      tag: "v1.15.3-eks-a-v0.21.3-dev-build.0",
+    }
+  },
+  webhook: {
+    image: {
+      repository: "public.ecr.aws/eks-anywhere-dev/cert-manager/cert-manager-webhook",
+      tag: "v1.15.3-eks-a-v0.21.3-dev-build.0"
+    }
+  }
+});
+
+// Create a cluster issuer that uses self-signed certificates.
+const issuer = new k8s.apiextensions.CustomResource(
+  "issuer",
+  {
+    apiVersion: "cert-manager.io/v1",
+    kind: "Issuer",
+    metadata: {
+      name: "selfsigned-issuer",
+      namespace: ns.metadata.name,
+    },
+    spec: {
+      selfSigned: {},
+    },
+  },
+  { dependsOn: manager }
+);
+
+export const certManagerStatus = manager.status;

examples/simple-cert-manager-with-crds-ts/package.json

@@ -0,0 +1,11 @@
+{
+    "name": "simple-cert-manager-with-crds-ts",
+    "devDependencies": {
+        "@types/node": "^18"
+    },
+    "dependencies": {
+        "@pulumi/kubernetes": "^4.5.5",
+        "@pulumi/kubernetes-cert-manager": "latest",
+        "@pulumi/pulumi": "^3.0.0"
+    }
+}

examples/simple-cert-manager-with-crds-ts/tsconfig.json

@@ -0,0 +1,18 @@
+{
+  "compilerOptions": {
+    "strict": true,
+    "outDir": "bin",
+    "target": "es2016",
+    "module": "commonjs",
+    "moduleResolution": "node",
+    "sourceMap": true,
+    "experimentalDecorators": true,
+    "pretty": true,
+    "noFallthroughCasesInSwitch": true,
+    "noImplicitReturns": true,
+    "forceConsistentCasingInFileNames": true
+  },
+  "files": [
+    "index.ts"
+  ]
+}

provider/cmd/pulumi-resource-kubernetes-cert-manager/schema.json

@@ -89,7 +89,11 @@
                     "$ref": "#/types/kubernetes-cert-manager:index:CertManagerIngressShim"
                 },
                 "installCRDs": {
-                    "type": "boolean"
+                    "type": "boolean",
+                    "description": "Deprecated: Use crds.enabled and crds.keep instead"
+                },
+                "crds": {
+                    "$ref": "#/types/kubernetes-cert-manager:index:CertManagerCrds"
                 },
                 "no_proxy": {
                     "items": {
@@ -178,6 +182,24 @@
         }
     },
     "types": {
+        "kubernetes-cert-manager:index:CertManagerCrds": {
+            "properties": {
+                "enabled": {
+                    "type": "boolean",
+                    "description": "Specifies whether the CRDs should be installed as part of the Helm installation"
+                },
+                "keep": {
+                    "type": "boolean",
+                    "description": "Specifies whether the CRDs should be kept when the Helm release is uninstalled"
+                },
+                "deleteOnDestroy": {
+                    "type": "boolean",
+                    "description": "Specifies whether the CRDs should be explicitly deleted when the resource is destroyed, regardless of the keep setting"
+                }
+            },
+            "type": "object",
+            "description": "Custom Resource Definitions installation configuration"
+        },
         "kubernetes-cert-manager:index:Release": {
             "description": "A Release is an instance of a chart running in a Kubernetes cluster.\nA Chart is a Helm package. It contains all of the resource definitions necessary to run an application, tool, or service inside of a Kubernetes cluster.\nNote - Helm Release is currently in BETA and may change. Use in production environment is discouraged.",
             "properties": {

provider/pkg/provider/chart.go

@@ -38,6 +38,7 @@ func (c *CertManager) DefaultRepoURL() string                    { return "https
 type CertManagerArgs struct {
 	Global       kcm.CertManagerGlobalPtrInput `pulumi:"global"`
 	InstallCRDs  *bool                         `pulumi:"installCRDs"`
+	Crds         kcm.CertManagerCrdsPtrInput   `pulumi:"crds"`
 	ReplicaCount *int                          `pulumi:"replicaCount"`
 	Strategy     *appsv1.DeploymentStrategy    `pulumi:"strategy" pschema:"ref=/kubernetes/v4.21.0/schema.json#/types/kubernetes:apps/v1:DeploymentStrategy"`
 	// Comma separated list of feature gates that should be enabled on the controller pod.
@@ -302,3 +303,12 @@ type CertManagerStartupAPICheckRBAC struct {
 	// annotations for the startup API Check job RBAC and PSP resources
 	Annotations *map[string]string `pulumi:"annotations"`
 }
+
+type CertManagerCrds struct {
+	// Specifies whether the CRDs should be installed as part of the Helm installation
+	Enabled *bool `pulumi:"enabled"`
+	// Specifies whether the CRDs should be kept when the Helm release is uninstalled
+	Keep *bool `pulumi:"keep"`
+	// Specifies whether the CRDs should be explicitly deleted when the resource is destroyed, regardless of the keep setting
+	DeleteOnDestroy *bool `pulumi:"deleteOnDestroy"`
+}

provider/pkg/provider/provider.go

@@ -39,5 +39,87 @@ func Serve(version string, schema []byte) {
 // creates, registers, and returns the resulting object.
 func Construct(ctx *pulumi.Context, typ, name string, inputs pp.ConstructInputs,
 	opts pulumi.ResourceOption) (*pp.ConstructResult, error) {
-	return helmbase.Construct(ctx, &CertManager{}, typ, name, &CertManagerArgs{}, inputs, opts)
+	args := &CertManagerArgs{}
+	if err := inputs.CopyTo(args); err != nil {
+		return nil, err
+	}
+
+	// Handle backward compatibility for installCRDs (deprecated)
+	// When installCRDs is true, set crds.enabled=true and crds.keep=true
+	if args.InstallCRDs != nil && *args.InstallCRDs {
+		// For backwards compatibility, set values in the Helm chart
+		if args.HelmOptions == nil {
+			args.HelmOptions = &helmbase.ReleaseType{}
+		}
+		if args.HelmOptions.Values == nil {
+			args.HelmOptions.Values = map[string]interface{}{}
+		}
+
+		// Only set crds values if not already explicitly set by user
+		if _, ok := args.HelmOptions.Values["crds"]; !ok {
+			args.HelmOptions.Values["crds"] = map[string]interface{}{
+				"enabled": true,
+				"keep":    true,
+			}
+		}
+	}
+
+	// Handle DeleteOnDestroy for CRDs
+	if args.Crds != nil && ctx.IsPreview() == false {
+		// Extract crds from the input or create default
+		var deleteOnDestroy bool
+		if args.Crds.DeleteOnDestroy != nil && *args.Crds.DeleteOnDestroy {
+			deleteOnDestroy = true
+		}
+
+		// If DeleteOnDestroy is set to true, register a delete function to remove CRDs
+		if deleteOnDestroy {
+			ctx.RegisterResourceDeletedCallback(ctx.NewResource(&CertManager{}), func(id string) error {
+				// List of cert-manager CRDs to delete
+				crds := []string{
+					"certificaterequests.cert-manager.io",
+					"certificates.cert-manager.io",
+					"challenges.acme.cert-manager.io",
+					"clusterissuers.cert-manager.io",
+					"issuers.cert-manager.io",
+					"orders.acme.cert-manager.io",
+				}
+
+				// Create a Pulumi provider to execute kubernetes operations
+				provider := ctx.NewResource("kubernetes:providers:kubeconfig", "cert-manager-crds-cleanup-provider", nil, nil)
+
+				// For each CRD, create a dynamic resource to delete it
+				for _, crd := range crds {
+					// Log that we're deleting the CRD
+					ctx.Log.Info(pulumi.Sprintf("Deleting CRD %s as requested by deleteOnDestroy setting", crd), nil)
+
+					// Create a dynamic resource that deletes the CRD
+					deleteOpts := &pulumi.ResourceOptions{
+						Provider:            provider,
+						DeleteBeforeReplace: true,
+						Protect:             false,
+					}
+
+					// Create a dynamic resource that represents the deletion action
+					_, err := ctx.RegisterResource("kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition",
+						crd,
+						&map[string]interface{}{
+							"metadata": map[string]interface{}{
+								"name": crd,
+							},
+						},
+						deleteOpts)
+
+					if err != nil {
+						ctx.Log.Error(pulumi.Sprintf("Failed to delete CRD %s: %v", crd, err), nil)
+						return err
+					}
+				}
+
+				return nil
+			})
+		}
+	}
+
+	return helmbase.Construct(ctx, &CertManager{}, typ, name, args, inputs, opts)
 }

sdk/dotnet/CertManager.cs

@@ -67,6 +67,9 @@ public sealed class CertManagerArgs : global::Pulumi.ResourceArgs
         [Input("containerSecurityContext")]
         public Input<Pulumi.Kubernetes.Types.Inputs.Core.V1.SecurityContextArgs>? ContainerSecurityContext { get; set; }
 
+        [Input("crds")]
+        public Input<Inputs.CertManagerCrdsArgs>? Crds { get; set; }
+
         [Input("deploymentAnnotations")]
         private InputMap<string>? _deploymentAnnotations;
 
@@ -142,6 +145,9 @@ public InputList<Pulumi.Kubernetes.Types.Inputs.Core.V1.VolumeArgs> ExtraVolumes
         [Input("ingressShim")]
         public Input<Inputs.CertManagerIngressShimArgs>? IngressShim { get; set; }
 
+        /// <summary>
+        /// Deprecated: Use crds.enabled and crds.keep instead
+        /// </summary>
         [Input("installCRDs")]
         public Input<bool>? InstallCRDs { get; set; }
 

sdk/dotnet/Inputs/CertManagerCrdsArgs.cs

@@ -0,0 +1,41 @@
+// *** WARNING: this file was generated by pulumi-language-dotnet. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Threading.Tasks;
+using Pulumi.Serialization;
+
+namespace Pulumi.KubernetesCertManager.Inputs
+{
+
+    /// <summary>
+    /// Custom Resource Definitions installation configuration
+    /// </summary>
+    public sealed class CertManagerCrdsArgs : global::Pulumi.ResourceArgs
+    {
+        /// <summary>
+        /// Specifies whether the CRDs should be explicitly deleted when the resource is destroyed, regardless of the keep setting
+        /// </summary>
+        [Input("deleteOnDestroy")]
+        public Input<bool>? DeleteOnDestroy { get; set; }
+
+        /// <summary>
+        /// Specifies whether the CRDs should be installed as part of the Helm installation
+        /// </summary>
+        [Input("enabled")]
+        public Input<bool>? Enabled { get; set; }
+
+        /// <summary>
+        /// Specifies whether the CRDs should be kept when the Helm release is uninstalled
+        /// </summary>
+        [Input("keep")]
+        public Input<bool>? Keep { get; set; }
+
+        public CertManagerCrdsArgs()
+        {
+        }
+        public static new CertManagerCrdsArgs Empty => new CertManagerCrdsArgs();
+    }
+}