From 7f3e84d240edb45d1706b3296867042290f8c1d1 Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Sun, 25 Sep 2022 19:15:38 +0000 Subject: [PATCH] Update argocd/argocd/apps/cert-manager.yaml, argocd/argocd/cert-manager/Chart.yaml, argocd/argocd/cert-manager/values.yaml, argocd/argocd/cert-manager/templates/letsencrypt-production.yaml, argocd/argocd/cert-manager/templates/letsencrypt-staging.yaml, argocd/argocd/cert-manager/templates/cloudflare-secret.yaml, .gitlab-ci.yml, main.yml --- .gitlab-ci.yml | 1 + argocd/argocd/apps/cert-manager.yaml | 20 +++++++++++++++++++ argocd/argocd/cert-manager/Chart.yaml | 11 ++++++++++ .../templates/cloudflare-secret.yaml | 15 ++++++++++++++ .../templates/letsencrypt-production.yaml | 16 +++++++++++++++ .../templates/letsencrypt-staging.yaml | 16 +++++++++++++++ argocd/argocd/cert-manager/values.yaml | 11 ++++++++++ main.yml | 5 +++++ 8 files changed, 95 insertions(+) create mode 100644 argocd/argocd/apps/cert-manager.yaml create mode 100644 argocd/argocd/cert-manager/Chart.yaml create mode 100644 argocd/argocd/cert-manager/templates/cloudflare-secret.yaml create mode 100644 argocd/argocd/cert-manager/templates/letsencrypt-production.yaml create mode 100644 argocd/argocd/cert-manager/templates/letsencrypt-staging.yaml create mode 100644 argocd/argocd/cert-manager/values.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 23ca8fa..710fd24 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -77,6 +77,7 @@ ansible: - pip install kubernetes - ansible-galaxy collection install kubernetes.core - cat $kubeconfig > config + - cat $kubeseal > kubeseal.yaml script: - ansible-playbook $CI_PROJECT_DIR/main.yml needs: diff --git a/argocd/argocd/apps/cert-manager.yaml b/argocd/argocd/apps/cert-manager.yaml new file mode 100644 index 0000000..fdecd6a --- /dev/null +++ b/argocd/argocd/apps/cert-manager.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + project: default + source: + repoURL: https://gitlab.com/infrastructure-as-code5/infrastructure.git + targetRevision: main + path: argocd/cert-manager + destination: + namespace: cert-manager + name: in-cluster + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/argocd/cert-manager/Chart.yaml b/argocd/argocd/cert-manager/Chart.yaml new file mode 100644 index 0000000..0075aa3 --- /dev/null +++ b/argocd/argocd/cert-manager/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: cert-manager +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: 1.8.0 diff --git a/argocd/argocd/cert-manager/templates/cloudflare-secret.yaml b/argocd/argocd/cert-manager/templates/cloudflare-secret.yaml new file mode 100644 index 0000000..3de821d --- /dev/null +++ b/argocd/argocd/cert-manager/templates/cloudflare-secret.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: cloudflare-api-token-secret + namespace: cert-manager +spec: + encryptedData: + api-token: AgByFA+3NxZ6EPc0kt99+9+aFFRoYN0L82HPYilEtkxBKWdIc70k6SAmOAGUQnrBbCulWSq+qLaGSOk7l/ul2IzJLLitpluJbb2Ck2qiZyAoGCaO0V+rdZxzrOpKnDrEk8/puvz1jbfRbiDvPzz1/x/U3hG6InXzj63wU+WYsu3xCEcVrPSlEUILK0DeAVJipdn/5Auw5ckgVMZ6j+Fjcp94INWUw/Z7wiiebXOgeh5BxvFiYw9Pk7CMMRqdIkDT30ynCgn9v2Gl280P/J6QCByljGkr7b6gOXgYw/KIxSsl2mzv9Ar2+ZWvka9nqykdL8dE3Ju3MtFTPCNv+REdEZH+EubxXeE+WS+hYhMVoPPIt/47yh6Pu1xU7Ms8aLXlUMBxIzonBTcyRvktH2Mc86CWPXYYdfi7885iq/uRt4hJN3akAh4zazfBwJ/FCVzrJb+zMfozwR4tPiGwb2HxfggAy0UW0SYxUNGbwmr7J+9g5QOFyNrtPqsslH5piGHtERtegpB4MngdNFLln3oidt+ef0//Y3E+V4c2vY+t0OirgRgJ59UVhEFDLUgvaHNjJ2PGlmyQa98hSzYfpmm/4sAsTAIM/W/oRwtsA2arOjg79An397upqbepBVqYe0wqHML50eE1C3mX9bwtdq4+W3A1GmpadYl9n2HrtLF/rTPenFVLqzodN7VLBRNU8f49Xc7s9hEHnlMegrh/drYC2ckn3w/V2s1Yya8RUQiGnqztdOAJqCwL1o/f + template: + data: null + metadata: + creationTimestamp: null + name: cloudflare-api-token-secret + namespace: cert-manager diff --git a/argocd/argocd/cert-manager/templates/letsencrypt-production.yaml b/argocd/argocd/cert-manager/templates/letsencrypt-production.yaml new file mode 100644 index 0000000..fc926e7 --- /dev/null +++ b/argocd/argocd/cert-manager/templates/letsencrypt-production.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-issuer-account-key + solvers: + - dns01: + cloudflare: + email: developerdurp@durp.info + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token diff --git a/argocd/argocd/cert-manager/templates/letsencrypt-staging.yaml b/argocd/argocd/cert-manager/templates/letsencrypt-staging.yaml new file mode 100644 index 0000000..68cb517 --- /dev/null +++ b/argocd/argocd/cert-manager/templates/letsencrypt-staging.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-issuer-account-key + solvers: + - dns01: + cloudflare: + email: developerdurp@durp.info + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token diff --git a/argocd/argocd/cert-manager/values.yaml b/argocd/argocd/cert-manager/values.yaml new file mode 100644 index 0000000..2b27050 --- /dev/null +++ b/argocd/argocd/cert-manager/values.yaml @@ -0,0 +1,11 @@ +cert-manager: + installCRDs: true + replicaCount: 3 + extraArgs: + - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 + - --dns01-recursive-nameservers-only + podDnsPolicy: None + podDnsConfig: + nameservers: + - "1.1.1.1" + - "1.0.0.1" diff --git a/main.yml b/main.yml index 735720c..a95830e 100644 --- a/main.yml +++ b/main.yml @@ -7,6 +7,11 @@ kind: Namespace state: present + - name: deploy kubeseal + kubernetes.core.k8s: + src: ./kubeseal.yaml + state: present + - name: deploy argocd kubernetes.core.k8s: src: ./argocd/argocd/argocd.yaml