cert-manager rework

2024-06-14 00:00:40 +10:00
parent bba1e71189
commit 36b2781ddc
12 changed files with 99 additions and 283 deletions
--- a/kubernetes/templates/apps/cert-manager/app/namespace.yaml
+++ b/kubernetes/templates/apps/cert-manager/app/namespace.yaml
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cert-manager
--- a/kubernetes/templates/apps/cert-manager/app/release.yaml
+++ b/kubernetes/templates/apps/cert-manager/app/release.yaml
@@ -1,44 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
-kind: HelmRelease
-metadata:
-  name: cert-manager
-  namespace: cert-manager
-spec:
-  interval: 1h
-  driftDetection:
-    mode: enabled
-  chart:
-    spec:
-      chart: cert-manager
-      version: v1.15.0
-      sourceRef:
-        kind: HelmRepository
-        namespace: cert-manager
-        name: cert-manager
-      interval: 1h
-  install:
-    crds: Create
-  upgrade:
-    crds: CreateReplace
-  values:
-    installCRDs: true
-
-    podLabels:
-      rpi5.cluster.policy/egress-kubeapi: "true"
-      rpi5.cluster.policy/egress-namespace: "true"
-      rpi5.cluster.policy/egress-world: "true"
-      rpi5.cluster.policy/ingress-namespace: "true"
-    webhook:
-      podLabels:
-        rpi5.cluster.policy/egress-kubeapi: "true"
-    cainjector:
-      podLabels:
-        rpi5.cluster.policy/egress-kubeapi: "true"
-
-    global:
-      priorityClassName: system-cluster-critical
-
-    podDnsConfig:
-      nameservers:
-        - 1.1.1.1
-        - 1.0.0.1
--- a/kubernetes/templates/apps/cert-manager/app/repository.yaml
+++ b/kubernetes/templates/apps/cert-manager/app/repository.yaml
@@ -1,8 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: cert-manager
-  namespace: cert-manager
-spec:
-  interval: 1h
-  url: https://charts.jetstack.io
--- a/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml
+++ b/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml
@@ -1,17 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-    name: letsencrypt-dns01
-    namespace: cert-manager
-spec:
-    acme:
-        email: ${email}
-        server: https://acme-v02.api.letsencrypt.org/directory
-        privateKeySecretRef:
-            name: letsencrypt-dns01
-        solvers:
-            - dns01:
-                cloudflare:
-                    apiTokenSecretRef:
-                        name: cert-manager-secrets
-                        key: cert_manager_dns01
--- a/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml
+++ b/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml
@@ -1,15 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-    name: letsencrypt-http01
-    namespace: cert-manager
-spec:
-    acme:
-        email: ${email}
-        server: https://acme-v02.api.letsencrypt.org/directory
-        privateKeySecretRef:
-            name: letsencrypt-http01
-        solvers:
-          - http01:
-              ingress:
-                class: nginx