From 23356d2d3e5ce2fc7ce4af5a84d522fdf7b5dff7 Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Mon, 27 Jan 2025 05:05:59 -0600 Subject: [PATCH] update --- infra/argocd/templates/cert-manager.yaml | 21 ++++++++++++++++ infra/cert-manager/Chart.yaml | 11 ++++++++ infra/cert-manager/templates/letsencrypt.yaml | 16 ++++++++++++ infra/cert-manager/templates/secretvault.yaml | 16 ++++++++++++ infra/cert-manager/vaules.yaml | 25 +++++++++++++++++++ 5 files changed, 89 insertions(+) create mode 100644 infra/argocd/templates/cert-manager.yaml create mode 100644 infra/cert-manager/Chart.yaml create mode 100644 infra/cert-manager/templates/letsencrypt.yaml create mode 100644 infra/cert-manager/templates/secretvault.yaml create mode 100644 infra/cert-manager/vaules.yaml diff --git a/infra/argocd/templates/cert-manager.yaml b/infra/argocd/templates/cert-manager.yaml new file mode 100644 index 0000000..68ac622 --- /dev/null +++ b/infra/argocd/templates/cert-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + project: default + source: + repoURL: https://gitlab.com/developerdurp/homelab.git + targetRevision: main + path: infra/cert-manager + destination: + namespace: cert-manager + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + diff --git a/infra/cert-manager/Chart.yaml b/infra/cert-manager/Chart.yaml new file mode 100644 index 0000000..ecf60fa --- /dev/null +++ b/infra/cert-manager/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: cert-manager +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v1.16.3 diff --git a/infra/cert-manager/templates/letsencrypt.yaml b/infra/cert-manager/templates/letsencrypt.yaml new file mode 100644 index 0000000..034ed9b --- /dev/null +++ b/infra/cert-manager/templates/letsencrypt.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-production + solvers: + - dns01: + cloudflare: + email: developerdurp@durp.info + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: cloudflare-api-token-secret diff --git a/infra/cert-manager/templates/secretvault.yaml b/infra/cert-manager/templates/secretvault.yaml new file mode 100644 index 0000000..37a2e92 --- /dev/null +++ b/infra/cert-manager/templates/secretvault.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: cloudflare-api-token-secret +spec: + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: cloudflare-api-token-secret + data: + - secretKey: cloudflare-api-token-secret + remoteRef: + key: secrets/cert-manager + property: cloudflare-api-token-secret + diff --git a/infra/cert-manager/vaules.yaml b/infra/cert-manager/vaules.yaml new file mode 100644 index 0000000..9834f5b --- /dev/null +++ b/infra/cert-manager/vaules.yaml @@ -0,0 +1,25 @@ +cert-manager: + image: + registry: registry.internal.durp.info + repository: jetstack/cert-manager-controller + pullPolicy: Always + installCRDs: true + replicaCount: 3 + extraArgs: + - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 + - --dns01-recursive-nameservers-only + podDnsPolicy: None + podDnsConfig: + nameservers: + - "1.1.1.1" + - "1.0.0.1" + webhook: + image: + registry: registry.internal.durp.info + repository: jetstack/cert-manager-webhook + pullPolicy: Always + cainjector: + image: + registry: registry.internal.durp.info + repository: jetstack/cert-manager-cainjector + pullPolicy: Always