add cert manager to dmz

2025-02-26 04:49:40 -06:00
parent ed3d4941b3
commit ba79286ce6
6 changed files with 124 additions and 0 deletions
--- a/dmz/cert-manager/Chart.yaml
+++ b/dmz/cert-manager/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: cert-manager
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.16.3
--- a/dmz/cert-manager/templates/issuer.yaml
+++ b/dmz/cert-manager/templates/issuer.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: issuer
+secrets:
+  - name:  issuer-token-lmzpj
--- a/dmz/cert-manager/templates/letsencrypt.yaml
+++ b/dmz/cert-manager/templates/letsencrypt.yaml
--- a/dmz/cert-manager/templates/secretvault.yaml
+++ b/dmz/cert-manager/templates/secretvault.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cloudflare-api-token-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: cloudflare-api-token-secret
+  data:
+  - secretKey: cloudflare-api-token-secret
+    remoteRef:
+      key: kv/cert-manager
+      property: cloudflare-api-token-secret
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
+
--- a/dmz/cert-manager/values.yaml
+++ b/dmz/cert-manager/values.yaml
@@ -0,0 +1,26 @@
+cert-manager:
+  crds:
+    enabled: true
+  image:
+    registry: registry.internal.durp.info
+    repository: jetstack/cert-manager-controller
+    pullPolicy: Always
+  replicaCount: 3
+  #extraArgs:
+  #  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
+  #  - --dns01-recursive-nameservers-only
+  #podDnsPolicy: None
+  #podDnsConfig:
+  #  nameservers:
+  #    - "1.1.1.1"
+  #    - "1.0.0.1"
+  webhook:
+    image:
+      registry: registry.internal.durp.info
+      repository: jetstack/cert-manager-webhook
+      pullPolicy: Always  
+  cainjector:
+    image:
+      registry: registry.internal.durp.info
+      repository: jetstack/cert-manager-cainjector
+      pullPolicy: Always
--- a/infra/argocd/templates/cert-manager.yaml
+++ b/infra/argocd/templates/cert-manager.yaml
@@ -19,3 +19,26 @@ spec:
    syncOptions:
      - CreateNamespace=true 

+---
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager-dmz
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: dmz/cert-manager
+  destination:
+    namespace: cert-manager
+    name: dmz
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+