diff --git a/apps/cert-manager.yaml b/apps/cert-manager.yaml new file mode 100644 index 0000000..8d08308 --- /dev/null +++ b/apps/cert-manager.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + destination: + namespace: cert-manager + server: https://kubernetes.default.svc + project: default + source: + path: cluster-components/cert-manager + repoURL: https://gitlab.mareshq.com/gitops/mareshq/bee.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/cluster-components/cert-manager/Chart.lock b/cluster-components/cert-manager/Chart.lock new file mode 100644 index 0000000..90d2b8a --- /dev/null +++ b/cluster-components/cert-manager/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cert-manager + repository: https://charts.jetstack.io + version: v1.9.1 +digest: sha256:b3c1f49120842cf9da8e5e7c2102b73735c32eefcaacfcffe0bcd0ae85b2c9bc +generated: "2022-08-20T16:10:41.619453+02:00" diff --git a/cluster-components/cert-manager/Chart.yaml b/cluster-components/cert-manager/Chart.yaml new file mode 100644 index 0000000..6ec73f3 --- /dev/null +++ b/cluster-components/cert-manager/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: cert-manager +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.0" + +dependencies: +- name: cert-manager + version: 1.9.1 + repository: https://charts.jetstack.io diff --git a/cluster-components/cert-manager/templates/cloudflare-api-key-secret.sealed.yaml b/cluster-components/cert-manager/templates/cloudflare-api-key-secret.sealed.yaml new file mode 100644 index 0000000..0c1feea --- /dev/null +++ b/cluster-components/cert-manager/templates/cloudflare-api-key-secret.sealed.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: cloudflare-api-key-secret + namespace: cert-manager +spec: + encryptedData: + api-key: AgA4DEU7+IVPXI4m5SmuMJrOMPTELEVfVWqFp4tqURHM7cl8NZrYjtQxlSQbn/dv0w/lPGd8InJePdVg/N1Q49xn5a81joQ8F/xMi5QQF/qe2rY5W7UnRzimabF7x1wkqXb1xVCrMYpF8y+ZmN3o1DheCArmwUWEd8AJr9t7aBw+Z594DZUcV36gMYrUI9vPOoRUeX0dKfvtn1xYH5k5ZqG3lioyMV6dTHX+3oRJrFdmbA17a4llXg0hZnG6syIb0xG7sccQlZr+y+t70JjbHSC3oC8L8p1YGaADueMsG/4mWZTSZj2Iqi1jMd4Qf+Du5qRtOUHMl4DhN5CFcelycHD/Itp6sS+AePZdMXutdNFIcpErv2gYGW16LuqIAV85Os5b2coLJjCf/37f92p354Ezo/sf//8a/edRUU/AFIPeXpilUUXRoO4XrvYQbTe1LHpfKvOowmv88riOWIkzCsT2ufAMFcIgagopyAQBWCDs2roD+IG/9/yQrB9YlT4+fMmcAe518HszT5WuDIeMfpX3tbKlfS7YKcvgeAiylnW77dBw6UAfmIUmu4eHXtKsFt+9DybRZS8+/Ly6Hs3625BCWgVH1t9/MjqxsEAKJIvMmdiBuUmG9cKmEeG0TIQm/PKf3XIixoH7xVHtR3aJd9xoSfmqfFXpVCkBlaTS4V+PMQFiGiLyUngq/qZ7tzMtHT5YediAm+R9K2U9DKISy7X2fW/ZHNe5gB1vIErmSdW3Mv+1CtMZQw== + template: + data: null + metadata: + creationTimestamp: null + name: cloudflare-api-key-secret + namespace: cert-manager + diff --git a/cluster-components/cert-manager/templates/clusterissuer-letsencrypt.yaml b/cluster-components/cert-manager/templates/clusterissuer-letsencrypt.yaml new file mode 100644 index 0000000..425ff37 --- /dev/null +++ b/cluster-components/cert-manager/templates/clusterissuer-letsencrypt.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + email: me+infra@vojtechmares.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - http01: + ingress: + class: nginx + - dns01: + cloudflare: + email: iam@vojtechmares.com + apiKeySecretRef: + name: cloudflare-api-key-secret + key: api-key diff --git a/cluster-components/cert-manager/values.yaml b/cluster-components/cert-manager/values.yaml new file mode 100644 index 0000000..0b21fc9 --- /dev/null +++ b/cluster-components/cert-manager/values.yaml @@ -0,0 +1,2 @@ +cert-manager: + installCRDs: true