temp check in

2024-06-09 16:02:44 +10:00
parent 28b1c6a998
commit fc64182531
6 changed files with 123 additions and 0 deletions
--- a/kubernetes/rpi5-cluster/templates/apps/cert-manager/apps/helmrelease.yaml
+++ b/kubernetes/rpi5-cluster/templates/apps/cert-manager/apps/helmrelease.yaml
@@ -0,0 +1,44 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 1h
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: cert-manager
+      version: v1.15.0
+      sourceRef:
+        kind: HelmRepository
+        namespace: cert-manager
+        name: cert-manager
+      interval: 1h
+  install:
+    crds: Create
+  upgrade:
+    crds: CreateReplace
+  values:
+    installCRDs: true
+
+    podLabels:
+      rpi5.cluster.policy/egress-kubeapi: "true"
+      rpi5.cluster.policy/egress-namespace: "true"
+      rpi5.cluster.policy/egress-world: "true"
+      rpi5.cluster.policy/ingress-namespace: "true"
+    webhook:
+      podLabels:
+        rpi5.cluster.policy/egress-kubeapi: "true"
+    cainjector:
+      podLabels:
+        rpi5.cluster.policy/egress-kubeapi: "true"
+
+    global:
+      priorityClassName: system-cluster-critical
+
+    podDnsConfig:
+      nameservers:
+        - 1.1.1.1
+        - 1.0.0.1
--- a/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml
+++ b/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-dns01.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+    name: letsencrypt-dns01
+    namespace: cert-manager
+spec:
+    acme:
+        email: ${email}
+        server: https://acme-v02.api.letsencrypt.org/directory
+        privateKeySecretRef:
+            name: letsencrypt-dns01
+        solvers:
+            - dns01:
+                cloudflare:
+                    apiTokenSecretRef:
+                        name: cloudflare-api-token
+                        key: api-token
--- a/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml
+++ b/kubernetes/rpi5-cluster/templates/apps/cert-manager/issuers/letsencrypt-http01.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+    name: letsencrypt-http01
+    namespace: cert-manager
+spec:
+    acme:
+        email: ${email}
+        server: https://acme-v02.api.letsencrypt.org/directory
+        privateKeySecretRef:
+            name: letsencrypt-http01
+        solvers:
+          - http01:
+              ingress:
+                class: nginx