App/cert manager (#701)

* add app cert manager cluster issuer

* add app cert manager cluster issuer

infrastructures/cert-manager-clusterissuer/base/clusterissuer-cloudflare.yaml

@@ -0,0 +1,33 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: clusterissuer
+  namespace: cert-manager
+spec:
+  acme:
+    email:
+      valueFrom:
+        secretKeyRef:
+          name: clusterissuer-secrets
+          key: email
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cluster-issuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            email:
+              secretKeyRef:
+                name: clusterissuer-secrets
+                key: email
+            apiTokenSecretRef:
+              name: clusterissuer-secrets
+              key: cloudflare_api_token
+        selector:
+          dnsNames:
+            - secretKeyRef:
+                name: clusterissuer-secrets
+                key: cluster_cert_domain
+            - secretKeyRef:
+                name: clusterissuer-secrets
+                key: cluster_cert_domain_wildcard

infrastructures/cert-manager-clusterissuer/base/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - clusterissuer-cloudflare.yaml

infrastructures/cert-manager-clusterissuer/env/k3s-cluster/config.json

@@ -0,0 +1,12 @@
+{
+  "appName": "cert-manager-clusterissuer",
+  "userGivenName": "cert-manager-clusterissuer",
+  "namespace": "cert-manager",
+  "destNamespace": "cert-manager",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "infrastructures/cert-manager-clusterissuer/env/k3s-cluster",
+  "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

infrastructures/cert-manager-clusterissuer/env/k3s-cluster/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base

resources/app-secrets/env/k3s-cluster/templates/clusterissuer.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+  creationTimestamp: null
+  name: clusterissuer-secrets
+  namespace: cert-manager
+spec:
+  encryptedData:
+    cloudflare_api_token: AgCbMEVFd5to8bO0YmfO3zF8hRcyZwqvZQl4OLPJSu0GHcCg/t3eGjxgwpQoQGZ+r2qVqElZw48t/IRxfNC4CJDOXkJaMgxs0j/H3UJBqbRMOvOAKOZLx+Y46+ZeYqRSKDGiWlMwQXM5WP9CKT57I94DmHdmD5BYwICLJLR26Rnx0B9PBT/ZHUaolOD+lzt25VxvrnGOiGaSEyLTzjTptjviYtOFBGW/t1bu2odMkBE4V0/9iF2HwI/NtrZZz1qnCLIC2qkPg8jvmb6N5MRxJTGBDILiOZ/AgAk/+NLTp3pKKsY8MyE27lYkpRRCTpX9WEh7etAbNHwuSvd20MHuXXnhzO99uIfN1fFfMKAp1A5/X+Qr0AauVismgtnwtfr7iH2vcXPh+xHbMlOAzEfY0/ngMGygVsYtmRaayRENa+RT8UuPnDbCc9t+bcMhnLgyjy7I7hz4vMhEVRdsQtFf5lrHPMRZlTJj8GkqeAD+PzyWWv27h+1NyqlBtC+oSc1y42eTDHl4+cEMcC3qBRffHT4N4YWebJqJvzwPMsnMAtNbrjxcyPm7ymc6DD+v6v3jmM0qCa02oFSFPUvWA8Gm/pRRS6NLvYmCUP66PeKbt8Qut/zIbbMs8p/0uXqH4ng67momW/G1whjIrssKn9G+zC/hwtsQYaWwDNZEgKtLsuwMBBOV1xJCT1vENRnT2ohGTdN/lGqDqhcuKpSVymzjZVJY5P0uBQHrPNmyPIWi+Z/zhzaJDxauCbEf
+    cluster_cert_domain: AgDG3hcEILj+UjzGwsG9E9M1BbmFljS2oYQGm0d58/VF4W/SmdtIYIPLfaKfB722AXOM/PVHp3jigfPbcoIo3UD0c70T7voKlJNDdeLnCmrYaVEV7+rV8op3z90iuXn7CYc1BfQV3arvhhAbFmVIpCDso9W0gu4blfT1sQsPbRlSuUPWgNnwEUhFMTuZiZX0cgS1UU+HlrLpN4lkV/4llzsy5tzQhcfOBsQe4jR5Qsyb93eBP3AX7uRWVXHrocZK3/GzOeVRdKKwrWlJNJm1mhJNtlCMbaJogGkY2L+31YeyprmCb/JcTRFKKCTTUZRx3CnQZ0YwWg0WrFKXTOdMx2vxfHLJpOkhvYLVLLiTWdz4bzabYBPlrnkrNg41/e0FQO++ESB6Q3GHCxJFy1YdS/V49fu9MdAGDRFP0POUg1UIahzjDYa7S/Ku+iD0J8NOtUi4Cr2yBfmvr5UlgUnrwH0wcUmLnuOUJEbYCjaqS7j2j6dn9OTvamjVgn/4T/6gwyPBiAQ/y9P8LaUyrUezzDABrWqEu5Qsvmna9B86ilQsUw6IVBfLsNl0ME/SBfSykINSNc14ZOw3iai4WoDepqHEeD2Ymbkhu/OgH+zPSldnx05Oxkukgf4LwpgpIJlFPLhIa9huP6X1uUHa90B7XlC9rKYOmibZXz1ke/ii3yMcAq6A4U0wVeEszmFmuGKuaJ/hJ30rpoqaxLhfeulHEFR2p2QvYfc=
+    cluster_cert_domain_wildcard: AgCR/eTXHAoG2sZEF6tzXcz1Y8dJwoxKQ4lYFzBXFKn2ChnucPfTciQjeOGkf2PRMInooFHSK9IDxetEWN/6jI0XBN4n7yPKpE3dii/5G7Zsi0vxTraDPyHHPTW5kLrvGXXL2gLYiKe2gyHYB9VG+0jI2/B4UJP57LCj3+2vmQhvyrANBLFMi853bvi4nGGPJ0YFbPpmSxqKVgL3jVkrOaM9sCTRGpfAtF901IY9dOrUgIwguYHAj/YU6LBynCPRDdBMCR32OH+PDNFvgZXmtn65sxsgXZV2AkMchlq+IhmW7tWjUdLs0JhOvDWCYUkdFNifZmc7cRsz9PpyRDn26w29VYreujc3SEu5kA0a5uloOvrUGtInBuieZ0y1IVP3BfWd3SYeHq5yhAwLbpG14Tbbs2KSo2d6JqIbSrVvQNlas5G+WBdauIZ9E/Arpe9iXlTdQhg7RpLLJuojZHTuZORpJC4/aSxx67laNj/C8Oedm7sIsooOzxm7YRxANaX0KLnz0WJLWj8G5qvKJ3ci90foV9a0r21P5TADbshhs77hOuXIiwJfWvsQA/shGcbmekXgxb2mN0+chZYaX5yY1Xi0N1Cmomq40um+ttQzzlTc5KVSXUwUHyIj4q/WUewZoKR51aFTuLQILXUvhe8s5DZSyS1d5KrNNC8g1YEeMYA8qj3xnt7FDvtXcKtgQOc/kFQyoXfDBvEP5Z3IRgohLy9Xms5/Mt9W6g==
+    email: AgBJpWtgrhqOcRNWNcuopzTN+uDgPOuwVYQEHneheBFNpbnsMYHJi36HKIoLsxl0eWcMISZW92Snr+UpdZQXsNkHINNPi2vpSrKz8SGOXDTJsNs8CgpqynjDF2tSb7R+oyXBs4IW65JnSr3jGpOnDSgvEjdtQushzeEiZMvjEj9PyboeqqbuF0nay559Gk2NBWkVLKnSOTTojr8bQJXkivNA0cunrr0trTrYGK4jEa9A76e3VqYHwCeeSiVe+BsnzIx1PRVcEmPQaDwDnjNzGU3ungSNTpzkllSJQknWFHFeeVIUZXKlWkOq7yv0+UmtiUWO4AO6tbsgmzQ0l0oa0wNa7fljqMM9wqffmWsuyIB7hshpOvAz5bQejjNohzjE4EzHM1idknbi6FD+Reey22//8Iug+BHIxG6NSi+jByBm4iIfac4ZZlpbuE/ha4OfW8FHJkdRvrqnL1mtAYFbN+IMq68VO0mMqjchN2XY3wsMV4XP6uU9G7j2LJxAYx60od+mZGvMde0l/POKiTzJx/dvay+B4b5NPgTi68UV4hSiohHWFBR9hPGLnaaym7WHM1zs+4h9aVrqYrL8H0SubgRu5RbFbO5CbdpHbCtM7ug/Ovj9Nq/aDr7e0QhgiyGSS3FX92FdQ208Nm5fp32lrXk5n5eUCW0H3m1qg0zAxJCjaVHQ+ld3Bp7PFZFucJfeOOJcl27poqiqM4834+6C+cvSR4YU
+  template:
+    metadata:
+      annotations:
+        sealedsecrets.bitnami.com/cluster-wide: "true"
+      creationTimestamp: null
+      name: clusterissuer-secrets
+      namespace: cert-manager
+    type: Opaque