Merge pull request #8 from 3dwardch3ng/app/cert-manager

store secrets for cert manager in the current repo

kubernetes/rpi5-cluster/apps/cert-manager/cert-manager-secrets.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: cert-manager-secrets
+type: Opaque
+stringData:
+    email: ENC[AES256_GCM,data:iTZZP5apPwauZcur974jYQMt7w==,iv:e16R6T0oJyze4LgOKvX3OMujXOlEc2b2rfX6/6dU3mg=,tag:BdbrYm9Imcg57uyGfTdiRQ==,type:str]
+    cert-manager-dns01: ENC[AES256_GCM,data:q3XWT8q1KjDw4jRITkFNi+nTF8WpQQKidOzwRm+dA2gcrrt12ghh9A==,iv:+W9fVafKj8gYFhDIFqwvcCifl41cxsDVOmw1yasBJEc=,tag:O/VWJ8hxRR4SLM77ePxQkw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbU1qcitrWTQrMTRjSUMw
+            elJSdStlQ3YwNDBuNlAxWjVsbUlLOVNUUkFzCkhCTHFOdVMzQ1NrZGhvRjRDMFhL
+            aTM1K09aYlFlazBHN09uMWF5SHNxekkKLS0tIFRsSkxDWllJWWl0STROdW16MFd4
+            NmJoSXd3YmIrMzhZdjBJdGtYMDZWU28KGJ15IupnT8nCZeKA95Td3if68YTeQ+q5
+            ZK3XjR3FYW4B8T2W0eWXWSk8LHtt0+ubnv1xpS1zzGMyf8GMo00c8Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-09T08:11:58Z"
+    mac: ENC[AES256_GCM,data:rrK8jw+6xwT3cSyJ8MonoT83J1oPTjZ4WLfdAIYR7OyBVEUoEa43Wg+NVt+Y1a2fuaqIuQU+CMDYz6FmiBV3AIwm7KZXYzn3vLmxCyCWfEId/C9CrWRhWnIzNtqrIwr/fFqZOdKY0idaXzQ2mDl12jzTa3FQKZff3v51AN5u4VQ=,iv:zjFdfvYWe9CCctyTH1UPFCY8E+pfBVYXS+5B5yaTLGg=,tag:qHdxqW4SNSIwbGeJPLUzEg==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

kubernetes/rpi5-cluster/apps/cert-manager/cert-manager.yaml

@@ -1,5 +1,23 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
+metadata:
+  name: secrets
+  namespace: flux-system
+spec:
+  interval: 1h
+  path: ./kubernetes/rpi5-cluster/apps/cert-manager/
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
 metadata:
   name: cert-manager
   namespace: cert-manager

kubernetes/rpi5-cluster/infrastructure/repositories/repositories.yaml

@@ -19,20 +19,6 @@ spec:
     !/kubernetes/rpi5-cluster/infrastructure
     !/kubernetes/rpi5-cluster/templates
 ---
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: home-cluster-ops-secrets
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  ref:
-    branch: main
-  secretRef:
-    name: flux-system
-  timeout: 60s
-  url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git
----
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
@@ -47,17 +33,3 @@ spec:
     kind: GitRepository
     namespace: flux-system
     name: home-cluster-ops
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: home-cluster-ops-secrets-repo
-  namespace: flux-system
-spec:
-  interval: 1h
-  path: ./
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    namespace: flux-system
-    name: home-cluster-ops-secrets

kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/cert-manager-secrets.yaml

@@ -1,16 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: home-cluster-ops-secrets
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  path: ./
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-cluster-ops-secrets
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-age