cert manager kustomization

2024-06-09 22:22:35 +10:00
parent bdcf3284e5
commit fa0e831d13
9 changed files with 32 additions and 16 deletions
--- a/kubernetes/rpi5-cluster/.sops.yaml
+++ b/kubernetes/rpi5-cluster/.sops.yaml
@@ -1,4 +1,4 @@
 creation_rules:
-  - path_regex: .*.yaml
+  - path_regex: .*.ya?ml
    encrypted_regex: ^(data|stringData)$
-    pgp: 6CEA91DDB1964869C94DCEC7AF6E3BB1B44F669B
+    age: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz
--- a/kubernetes/rpi5-cluster/apps/cert-manager/kustomization.yaml
+++ b/kubernetes/rpi5-cluster/apps/cert-manager/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../templates/apps/cert-manager/ks.yaml
--- a/kubernetes/rpi5-cluster/infrastructure/repositories/kustomization.yaml
+++ b/kubernetes/rpi5-cluster/infrastructure/repositories/kustomization.yaml
@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ks.yaml
+  - repositories/ks.yaml
+  - secrets/ks.yaml
--- a/kubernetes/rpi5-cluster/infrastructure/repositories/home-cluster-ops-secrets.yaml
+++ b/kubernetes/rpi5-cluster/infrastructure/repositories/home-cluster-ops-secrets.yaml
@@ -8,11 +8,6 @@ spec:
  ref:
    branch: main
  secretRef:
-    name: home-cluster-ops-secret
-  url: ssh://git@github.com/gabe565/home-ops-private.git
-  ignore: |
-    # exclude all
-    /*
-    # include flux directories
-    !/kubernetes/tennant
-    !/kubernetes/templates
+    name: flux-system
+  timeout: 60s
+  url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git
--- a/kubernetes/rpi5-cluster/infrastructure/secrets/ks.yaml
+++ b/kubernetes/rpi5-cluster/infrastructure/secrets/ks.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: home-cluster-ops-secrets
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./kubernetes/infrustructure/secrets
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster-ops-secrets
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
--- a/kubernetes/rpi5-cluster/templates/apps/cert-manager/apps/namespace.yaml
+++ b/kubernetes/rpi5-cluster/templates/apps/cert-manager/apps/namespace.yaml
--- a/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml
+++ b/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml
@@ -1,5 +1,5 @@
 apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
+kind: Issuer
 metadata:
    name: letsencrypt-dns01
    namespace: cert-manager
@@ -13,5 +13,5 @@ spec:
            - dns01:
                cloudflare:
                    apiTokenSecretRef:
-                        name: cloudflare-api-token
-                        key: api-token
+                        name: cert-manager-secrets
+                        key: cert-manager-dns01
--- a/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml
+++ b/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml
@@ -1,5 +1,5 @@
 apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
+kind: Issuer
 metadata:
    name: letsencrypt-http01
    namespace: cert-manager
--- a/kubernetes/rpi5-cluster/templates/apps/cert-manager/ks.yaml
+++ b/kubernetes/rpi5-cluster/templates/apps/cert-manager/ks.yaml
@@ -32,4 +32,4 @@ spec:
  postBuild:
    substituteFrom:
      - kind: Secret
-        name: issuer-vars
+        name: cert-manager-secrets