diff --git a/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml b/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml new file mode 100644 index 0000000..e6d6b36 --- /dev/null +++ b/kubernetes/apps/cert-manager/app/cert-manager-secrets.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-manager-secrets + namespace: cert-manager +type: Opaque +stringData: + email: ENC[AES256_GCM,data:4yYrxxURWxhSPzDr5JCXQ6aipg==,iv:lLJTPVCZkD+GYU9j5zcYwHOjILqSNO4MqB4wSzFwFA0=,tag:gAwdnDMcZTOVYZedXSzZww==,type:str] + cert-manager-dns01: ENC[AES256_GCM,data:8i+sGAKVXScv9qH9J37r6ahp+qIQlGS+JT3ki8al6MZCGkCIsKyrWg==,iv:z7odOx8pokcgSoE9PUt41KxRo+O+HukjSjKna/bVnRg=,tag:hBXit0BxbBYVnJ4f1NJpgA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-06-10T06:28:00Z" + mac: ENC[AES256_GCM,data:GGiFM5tkN3G+zbn0hmu3uLK9PYuWSW/SoDyqP18ci6K/BXeWBeWIgKbB1NSnwZuCAdze6vFtoEN9pvdcJaO5Jq6d+XF1Ky3Intcg7I+K0Chzrj9jrGNZ3D4tb8ZPffMXOemSqrYdU7hlcNZ8pCRi2LfIuAuDTRP5Sid050edIRs=,iv:sEkzsO0wqRRlfJMuOd8HJHXNTfJFrw1VZXRiIaEblNI=,tag:uSrBP0GQMOOZQXIhKUJZBQ==,type:str] + pgp: + - created_at: "2024-06-10T06:28:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAzYPaSpJSocKARAAg2VRKoT7Vrmm/3RoSkj68oWuTg8WQ4VHk1wzELG45b/o + mnmHwEN1AiqLQq/NxTN0/0SJTD5AJwdUS+Ps8Tet3I6UxcPdXEEP4MdSRwMzlWsP + VFT4WCAdth1nhHj41UhLDqIgKg8scoKD5TE3mt7W51wYpN20xo60UnkMUFKjtHTU + /gJe0VY3MXkhziExOq6Wx8ZlU+2XXEACaq6O4st6RIdeBJSxmsb+rkpcFfhbkley + V0tVx3KLVo4R1VC/V4vr/tP8dp503150Us18oXTiVU88dvttwz2Vc7dD5sifIoKh + yz5WsPMFhC63aXHNLC7x+QcNgb+uD9MDQCuEyxFSLBZ3ZHOMCnrfCCkdIxh4rmuz + OgJd4SHYiCTSzBa8OETw6v0ag0GG8GtJ6ApKNWEU4Y06iMCY2peDsUUmu9/QXiGf + Z/xv9Z+xwOXaDJUN6/4kl9FU9FSQ+P208aHT04i8A9Nw7OmbrMPzZf9gzRjfUldS + ++XSmTKDhe7/SHRET+wQj2nwbi3B+QQAZrKKHfn5d0hXm32LADsZ1u+UWLVMBWc4 + kXmjO2WnknOO7giPb95cGRF7LGepRn0I+Jl+l3d77M+RZ4xYPKtGkrIu+ipljHeS + ichpt/wvdP+cupyoE4A8OgxRwpoAv1jENRV8agueyY4J2MHMEW8YLmRX11b+lYLS + XgGrYNlK+BZNjOmQkTO8bjXt//uV7hc1kgqFspx5UWLRAleeylyw27+srQXHhwct + brMmGKDonTag8frdCAzs9roTykkYxHyoq4mBAakUYFReO9x3ia6UykLOO0dRSO8= + =WgIw + -----END PGP MESSAGE----- + fp: 6CEA91DDB1964869C94DCEC7AF6E3BB1B44F669B + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/apps/cert-manager/cert-manager.yaml b/kubernetes/apps/cert-manager/cert-manager.yaml index e3a7be6..c4eff99 100644 --- a/kubernetes/apps/cert-manager/cert-manager.yaml +++ b/kubernetes/apps/cert-manager/cert-manager.yaml @@ -1,5 +1,23 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization +metadata: + name: cert-manager-secrets + namespace: flux-system +spec: + interval: 1h + path: ./kubernetes/apps/cert-manager/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: home-cluster-ops + decryption: + provider: sops + secretRef: + name: sops-gpg +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization metadata: name: cert-manager namespace: cert-manager diff --git a/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml b/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml index cb2f3f3..c3834a3 100644 --- a/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml +++ b/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml @@ -1,13 +1,3 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cert-manager-secrets -type: Opaque -stringData: - email: "test_email" - cert-manager-dns01: "test_token" -immutable: true ---- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: diff --git a/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml b/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml index 7bb8eea..657c3a5 100644 --- a/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml +++ b/kubernetes/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml @@ -13,5 +13,3 @@ spec: - http01: ingress: class: nginx - dependsOn: - - name: letsencrypt-dns01