From 4357a49812a6ba33ea683bccb20d145dfbe979ef Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sat, 27 Jul 2024 17:24:06 +1000 Subject: [PATCH] App/cert manager (#701) * add app cert manager cluster issuer * add app cert manager cluster issuer --- .../base/clusterissuer-cloudflare.yaml | 33 +++++++++++++++++++ .../base/kustomization.yaml | 4 +++ .../env/k3s-cluster/config.json | 12 +++++++ .../env/k3s-cluster/kustomization.yaml | 4 +++ .../k3s-cluster/templates/clusterissuer.yaml | 23 +++++++++++++ 5 files changed, 76 insertions(+) create mode 100644 infrastructures/cert-manager-clusterissuer/base/clusterissuer-cloudflare.yaml create mode 100644 infrastructures/cert-manager-clusterissuer/base/kustomization.yaml create mode 100644 infrastructures/cert-manager-clusterissuer/env/k3s-cluster/config.json create mode 100644 infrastructures/cert-manager-clusterissuer/env/k3s-cluster/kustomization.yaml create mode 100644 resources/app-secrets/env/k3s-cluster/templates/clusterissuer.yaml diff --git a/infrastructures/cert-manager-clusterissuer/base/clusterissuer-cloudflare.yaml b/infrastructures/cert-manager-clusterissuer/base/clusterissuer-cloudflare.yaml new file mode 100644 index 0000000..2e4e443 --- /dev/null +++ b/infrastructures/cert-manager-clusterissuer/base/clusterissuer-cloudflare.yaml @@ -0,0 +1,33 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: clusterissuer + namespace: cert-manager +spec: + acme: + email: + valueFrom: + secretKeyRef: + name: clusterissuer-secrets + key: email + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: cluster-issuer-account-key + solvers: + - dns01: + cloudflare: + email: + secretKeyRef: + name: clusterissuer-secrets + key: email + apiTokenSecretRef: + name: clusterissuer-secrets + key: cloudflare_api_token + selector: + dnsNames: + - secretKeyRef: + name: clusterissuer-secrets + key: cluster_cert_domain + - secretKeyRef: + name: clusterissuer-secrets + key: cluster_cert_domain_wildcard \ No newline at end of file diff --git a/infrastructures/cert-manager-clusterissuer/base/kustomization.yaml b/infrastructures/cert-manager-clusterissuer/base/kustomization.yaml new file mode 100644 index 0000000..d1e5e4d --- /dev/null +++ b/infrastructures/cert-manager-clusterissuer/base/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - clusterissuer-cloudflare.yaml \ No newline at end of file diff --git a/infrastructures/cert-manager-clusterissuer/env/k3s-cluster/config.json b/infrastructures/cert-manager-clusterissuer/env/k3s-cluster/config.json new file mode 100644 index 0000000..993b780 --- /dev/null +++ b/infrastructures/cert-manager-clusterissuer/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "cert-manager-clusterissuer", + "userGivenName": "cert-manager-clusterissuer", + "namespace": "cert-manager", + "destNamespace": "cert-manager", + "destServer": "https://kubernetes.default.svc", + "srcPath": "infrastructures/cert-manager-clusterissuer/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/infrastructures/cert-manager-clusterissuer/env/k3s-cluster/kustomization.yaml b/infrastructures/cert-manager-clusterissuer/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..a227ac4 --- /dev/null +++ b/infrastructures/cert-manager-clusterissuer/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base \ No newline at end of file diff --git a/resources/app-secrets/env/k3s-cluster/templates/clusterissuer.yaml b/resources/app-secrets/env/k3s-cluster/templates/clusterissuer.yaml new file mode 100644 index 0000000..ac93164 --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/clusterissuer.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: clusterissuer-secrets + namespace: cert-manager +spec: + encryptedData: + cloudflare_api_token: AgCbMEVFd5to8bO0YmfO3zF8hRcyZwqvZQl4OLPJSu0GHcCg/t3eGjxgwpQoQGZ+r2qVqElZw48t/IRxfNC4CJDOXkJaMgxs0j/H3UJBqbRMOvOAKOZLx+Y46+ZeYqRSKDGiWlMwQXM5WP9CKT57I94DmHdmD5BYwICLJLR26Rnx0B9PBT/ZHUaolOD+lzt25VxvrnGOiGaSEyLTzjTptjviYtOFBGW/t1bu2odMkBE4V0/9iF2HwI/NtrZZz1qnCLIC2qkPg8jvmb6N5MRxJTGBDILiOZ/AgAk/+NLTp3pKKsY8MyE27lYkpRRCTpX9WEh7etAbNHwuSvd20MHuXXnhzO99uIfN1fFfMKAp1A5/X+Qr0AauVismgtnwtfr7iH2vcXPh+xHbMlOAzEfY0/ngMGygVsYtmRaayRENa+RT8UuPnDbCc9t+bcMhnLgyjy7I7hz4vMhEVRdsQtFf5lrHPMRZlTJj8GkqeAD+PzyWWv27h+1NyqlBtC+oSc1y42eTDHl4+cEMcC3qBRffHT4N4YWebJqJvzwPMsnMAtNbrjxcyPm7ymc6DD+v6v3jmM0qCa02oFSFPUvWA8Gm/pRRS6NLvYmCUP66PeKbt8Qut/zIbbMs8p/0uXqH4ng67momW/G1whjIrssKn9G+zC/hwtsQYaWwDNZEgKtLsuwMBBOV1xJCT1vENRnT2ohGTdN/lGqDqhcuKpSVymzjZVJY5P0uBQHrPNmyPIWi+Z/zhzaJDxauCbEf + cluster_cert_domain: AgDG3hcEILj+UjzGwsG9E9M1BbmFljS2oYQGm0d58/VF4W/SmdtIYIPLfaKfB722AXOM/PVHp3jigfPbcoIo3UD0c70T7voKlJNDdeLnCmrYaVEV7+rV8op3z90iuXn7CYc1BfQV3arvhhAbFmVIpCDso9W0gu4blfT1sQsPbRlSuUPWgNnwEUhFMTuZiZX0cgS1UU+HlrLpN4lkV/4llzsy5tzQhcfOBsQe4jR5Qsyb93eBP3AX7uRWVXHrocZK3/GzOeVRdKKwrWlJNJm1mhJNtlCMbaJogGkY2L+31YeyprmCb/JcTRFKKCTTUZRx3CnQZ0YwWg0WrFKXTOdMx2vxfHLJpOkhvYLVLLiTWdz4bzabYBPlrnkrNg41/e0FQO++ESB6Q3GHCxJFy1YdS/V49fu9MdAGDRFP0POUg1UIahzjDYa7S/Ku+iD0J8NOtUi4Cr2yBfmvr5UlgUnrwH0wcUmLnuOUJEbYCjaqS7j2j6dn9OTvamjVgn/4T/6gwyPBiAQ/y9P8LaUyrUezzDABrWqEu5Qsvmna9B86ilQsUw6IVBfLsNl0ME/SBfSykINSNc14ZOw3iai4WoDepqHEeD2Ymbkhu/OgH+zPSldnx05Oxkukgf4LwpgpIJlFPLhIa9huP6X1uUHa90B7XlC9rKYOmibZXz1ke/ii3yMcAq6A4U0wVeEszmFmuGKuaJ/hJ30rpoqaxLhfeulHEFR2p2QvYfc= + cluster_cert_domain_wildcard: AgCR/eTXHAoG2sZEF6tzXcz1Y8dJwoxKQ4lYFzBXFKn2ChnucPfTciQjeOGkf2PRMInooFHSK9IDxetEWN/6jI0XBN4n7yPKpE3dii/5G7Zsi0vxTraDPyHHPTW5kLrvGXXL2gLYiKe2gyHYB9VG+0jI2/B4UJP57LCj3+2vmQhvyrANBLFMi853bvi4nGGPJ0YFbPpmSxqKVgL3jVkrOaM9sCTRGpfAtF901IY9dOrUgIwguYHAj/YU6LBynCPRDdBMCR32OH+PDNFvgZXmtn65sxsgXZV2AkMchlq+IhmW7tWjUdLs0JhOvDWCYUkdFNifZmc7cRsz9PpyRDn26w29VYreujc3SEu5kA0a5uloOvrUGtInBuieZ0y1IVP3BfWd3SYeHq5yhAwLbpG14Tbbs2KSo2d6JqIbSrVvQNlas5G+WBdauIZ9E/Arpe9iXlTdQhg7RpLLJuojZHTuZORpJC4/aSxx67laNj/C8Oedm7sIsooOzxm7YRxANaX0KLnz0WJLWj8G5qvKJ3ci90foV9a0r21P5TADbshhs77hOuXIiwJfWvsQA/shGcbmekXgxb2mN0+chZYaX5yY1Xi0N1Cmomq40um+ttQzzlTc5KVSXUwUHyIj4q/WUewZoKR51aFTuLQILXUvhe8s5DZSyS1d5KrNNC8g1YEeMYA8qj3xnt7FDvtXcKtgQOc/kFQyoXfDBvEP5Z3IRgohLy9Xms5/Mt9W6g== + email: AgBJpWtgrhqOcRNWNcuopzTN+uDgPOuwVYQEHneheBFNpbnsMYHJi36HKIoLsxl0eWcMISZW92Snr+UpdZQXsNkHINNPi2vpSrKz8SGOXDTJsNs8CgpqynjDF2tSb7R+oyXBs4IW65JnSr3jGpOnDSgvEjdtQushzeEiZMvjEj9PyboeqqbuF0nay559Gk2NBWkVLKnSOTTojr8bQJXkivNA0cunrr0trTrYGK4jEa9A76e3VqYHwCeeSiVe+BsnzIx1PRVcEmPQaDwDnjNzGU3ungSNTpzkllSJQknWFHFeeVIUZXKlWkOq7yv0+UmtiUWO4AO6tbsgmzQ0l0oa0wNa7fljqMM9wqffmWsuyIB7hshpOvAz5bQejjNohzjE4EzHM1idknbi6FD+Reey22//8Iug+BHIxG6NSi+jByBm4iIfac4ZZlpbuE/ha4OfW8FHJkdRvrqnL1mtAYFbN+IMq68VO0mMqjchN2XY3wsMV4XP6uU9G7j2LJxAYx60od+mZGvMde0l/POKiTzJx/dvay+B4b5NPgTi68UV4hSiohHWFBR9hPGLnaaym7WHM1zs+4h9aVrqYrL8H0SubgRu5RbFbO5CbdpHbCtM7ug/Ovj9Nq/aDr7e0QhgiyGSS3FX92FdQ208Nm5fp32lrXk5n5eUCW0H3m1qg0zAxJCjaVHQ+ld3Bp7PFZFucJfeOOJcl27poqiqM4834+6C+cvSR4YU + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + creationTimestamp: null + name: clusterissuer-secrets + namespace: cert-manager + type: Opaque