Merge pull request #101 from 3dwardch3ng/app/clusterissuer

add app clusterissuer

kubernetes/apps/clusterissuer/clusterissuer.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: clusterissuers
+  namespace: flux-system
+spec:
+  suspend: true
+  interval: 1h
+  targetNamespace: cert-manager
+  path: ./kubernetes/templates/apps/cert-manager/issuers
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: clusterissuer-secrets
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: clusterissuer-secrets

kubernetes/apps/clusterissuer/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - secret.yaml
+  - clusterissuer.yaml

kubernetes/apps/clusterissuer/release.yaml

@@ -0,0 +1,82 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: clusterissuer
+  namespace: clusterissuer
+spec:
+  releaseName: clusterissuer
+  chart:
+    spec:
+      chart: clusterissuer
+      sourceRef:
+        kind: HelmRepository
+        name: truecharts
+        namespace: flux-system
+  interval: 5m
+  install:
+    remediation:
+      retries: 3
+  dependsOn:
+    - name: cert-manager
+      namespace: flux-system
+    - name: repositories
+      namespace: flux-system
+  values:
+    image:
+      repository: hello-world
+      tag: latest@sha256:266b191e926f65542fa8daaec01a192c4d292bff79426f47300a046e1bc576fd
+      pullPolicy: IfNotPresent
+    manifestManager:
+      enabled: true
+    workload:
+      main:
+        enabled: true
+        podSpec:
+          containers:
+            main:
+              enabled: true
+              probes:
+                liveness:
+                  enabled: false
+                readiness:
+                  enabled: false
+                startup:
+                  enabled: false
+    service:
+      main:
+        enabled: true
+        ports:
+          main:
+            enabled: true
+            port: 9999
+    portal:
+      open:
+        enabled: true
+    operator:
+      cert-manager:
+        namespace: cert-manager
+
+    clusterIssuer:
+      ACME:
+      - name: letsencrypt
+        # Used for both logging in to the DNS provider AND ACME registration
+        email: ${email}
+        server: 'https://acme-v02.api.letsencrypt.org/directory'
+        # Used primarily for the SCALE GUI
+        customServer: 'https://acme-v02.api.letsencrypt.org/directory'
+        # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns
+        type: "cloudflare"
+        # for cloudflare
+        cfapitoken: ${cloudflare_api_token}
+
+    clusterCertificates:
+      # Namespaces in which the certificates must be available
+      # Accepts comma-separated regex expressions
+      # replicationNamespaces: 'ix-.*'
+      certificates:
+      - name: cluster-certificate
+        enabled: true
+        certificateIssuer: ACME
+        hosts:
+          - ${cluster_cert_domain}
+          - ${cluster_cert_domain_wildcard}

kubernetes/apps/clusterissuer/secret.yaml

@@ -0,0 +1,21 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: clusterissuer-secrets
+  namespace: flux-system
+spec:
+  suspend: true
+  interval: 1d
+  path: ./clusterissuer
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age

kubernetes/apps/prometheus-operator/release.yaml

@@ -44,16 +44,4 @@ spec:
       ## Manages Prometheus and Alertmanager components
       ##
       prometheusOperator:
-        enabled: true
-
-      ####
-      ##
-      ## Everything down here, explicitly disables everything BUT the operator itself
-      ##
-      ####
-
-
-      ## dont Deploy a Prometheus instance
-      ##
-      prometheus:
         enabled: true

kubernetes/infrastructure/repositories/repos/home-cluster-ops-secrets.yaml

@@ -4,7 +4,7 @@ metadata:
   name: home-cluster-ops-secrets
   namespace: flux-system
 spec:
-  interval: 6h
+  interval: 5m
   ref:
     branch: main
   secretRef:

kubernetes/infrastructure/repositories/repositories.yaml

@@ -5,7 +5,7 @@ metadata:
   name: repositories
   namespace: flux-system
 spec:
-  interval: 6h
+  interval: 5m
   path: ./kubernetes/infrastructure/repositories/repos
   prune: true
   sourceRef: