add cert manager to dmz

dmz/cert-manager/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: cert-manager
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.16.3

dmz/cert-manager/templates/issuer.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: issuer
+secrets:
+  - name:  issuer-token-lmzpj

dmz/cert-manager/templates/secretvault.yaml

@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cloudflare-api-token-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: cloudflare-api-token-secret
+  data:
+  - secretKey: cloudflare-api-token-secret
+    remoteRef:
+      key: kv/cert-manager
+      property: cloudflare-api-token-secret
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
+

dmz/cert-manager/values.yaml

@@ -0,0 +1,26 @@
+cert-manager:
+  crds:
+    enabled: true
+  image:
+    registry: registry.internal.durp.info
+    repository: jetstack/cert-manager-controller
+    pullPolicy: Always
+  replicaCount: 3
+  #extraArgs:
+  #  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
+  #  - --dns01-recursive-nameservers-only
+  #podDnsPolicy: None
+  #podDnsConfig:
+  #  nameservers:
+  #    - "1.1.1.1"
+  #    - "1.0.0.1"
+  webhook:
+    image:
+      registry: registry.internal.durp.info
+      repository: jetstack/cert-manager-webhook
+      pullPolicy: Always  
+  cainjector:
+    image:
+      registry: registry.internal.durp.info
+      repository: jetstack/cert-manager-cainjector
+      pullPolicy: Always