Merge pull request #253 from 3dwardch3ng/app/cert-manager

fix certificate issue
2024-06-20 16:59:10 +10:00
parent 6c6520f3bc 6efb893187
commit fc81537d18
2 changed files with 58 additions and 8 deletions
--- a/kubernetes/apps/cert-manager/cert-manager.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager.yaml
@@ -63,4 +63,56 @@ spec:
  postBuild:
    substituteFrom:
      - kind: Secret
-        name: clusterissuer-secrets
+        name: clusterissuer-secrets
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: certificate-secrets
+  namespace: cert-manager
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: cert-manager
+  path: ./certificates
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: home-cluster-ops-secrets
+  dependsOn:
+    - name: repositories
+      namespace: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: cert-manager-sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: certificates
+  namespace: cert-manager
+spec:
+  interval: 10m
+  timeout: 1m30s
+  retryInterval: 30s
+  targetNamespace: cert-manager
+  path: ./kubernetes/apps/cert-manager/certificates
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: certificate-secrets
+      namespace: cert-manager
+    - name: cert-manager
+      namespace: cert-manager
+    - name: clusterissuer
+      namespace: cert-manager
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: certificate-secrets
--- a/kubernetes/apps/cert-manager/clusterissuer/adguard-home.yaml
+++ b/kubernetes/apps/cert-manager/clusterissuer/adguard-home.yaml
@@ -17,8 +17,8 @@ spec:
    pkcs12:
      create: true
      passwordSecretRef:
-        name: cert-manager-tls-keystore
-        key: ${cert_manager_tls_keystore_password}
+        name: adguard-home-tls-keystore
+        key: ${adguard_home_certificate_tls_keystore_password}
      profile: Modern2023

  duration: 2160h # 90d
@@ -42,12 +42,10 @@ spec:

  # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
  dnsNames:
-    - "adguard-home.cluster.edward.sydney"
-    - "*.adguard-home.cluster.edward.sydney"
+    - "${adguard_home_certificate_dns_name}"
+    - "*.${adguard_home_certificate_dns_name}"
  emailAddresses:
-    - edward@cheng.sydney
-  ipAddresses:
-    - 192.168.0.180
+    - ${adguard_home_certificate_email}

  # Issuer references are always required.
  issuerRef: