update

infra/cert-manager/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: cert-manager
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.16.3

infra/cert-manager/templates/letsencrypt.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+    - dns01:
+        cloudflare:
+          email: developerdurp@durp.info
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: cloudflare-api-token-secret

infra/cert-manager/templates/secretvault.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cloudflare-api-token-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: cloudflare-api-token-secret
+  data:
+  - secretKey: cloudflare-api-token-secret
+    remoteRef:
+      key: secrets/cert-manager
+      property: cloudflare-api-token-secret
+

infra/cert-manager/vaules.yaml

@@ -0,0 +1,25 @@
+cert-manager:
+  image:
+    registry: registry.internal.durp.info
+    repository: jetstack/cert-manager-controller
+    pullPolicy: Always
+  installCRDs: true
+  replicaCount: 3
+  extraArgs:
+    - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
+    - --dns01-recursive-nameservers-only
+  podDnsPolicy: None
+  podDnsConfig:
+    nameservers:
+      - "1.1.1.1"
+      - "1.0.0.1"
+  webhook:
+    image:
+      registry: registry.internal.durp.info
+      repository: jetstack/cert-manager-webhook
+      pullPolicy: Always  
+  cainjector:
+    image:
+      registry: registry.internal.durp.info
+      repository: jetstack/cert-manager-cainjector
+      pullPolicy: Always