cert-manager

Signed-off-by: gwg313 <gwg313@pm.me>

management/platform-apps/cert-manager.yaml

@@ -0,0 +1,32 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argocd
+  annotations:
+    argoproj.io/sync-wave: "-10"
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/gwg313/homelab-gitops.git
+    targetRevision: main
+    path: platform/cert-manager
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cert-manager
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+      - RespectIgnoreDifferences=true
+
+  ignoreDifferences:
+    - group: apiextensions.k8s.io
+      kind: CustomResourceDefinition
+      namespace: ""
+      jsonPointers:
+        - /metadata/labels
+        - /metadata/annotations

management/platform-apps/kustomization.yaml

@@ -7,5 +7,6 @@ resources:
   - tetragon-core.yaml
   - tetragon-policies.yaml
   - sealed-secrets.yaml
+  - cert-manager.yaml
   - forgejo.yaml
   - navidrome.yaml

management/platform-apps/sealed-secrets.yaml

@@ -3,6 +3,8 @@ kind: Application
 metadata:
   name: sealed-secrets
   namespace: argocd
+  annotations:
+    argoproj.io/sync-wave: "-10"
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:

platform/cert-manager/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: cert-manager
+description: Cert Manager
+type: application
+version: 1.0.0
+appVersion: 1.0.0
+
+dependencies:
+  - name: cert-manager
+    version: v1.20.2
+    repository: https://charts.jetstack.io

platform/cert-manager/templates/cloudflare-sealed-secret.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: cloudflare-api-token
+  namespace: cert-manager
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  encryptedData:
+    api-token: AgBHIRGTABWJsIbiEPN/Vaaj7AaEs9VRD40coTXBInHsKg2lXp6NmVBZWsnqSEI4GkgWTWobjAaDXTfahftG7ITxrxBHvCVhmwolIf6MbxQ8saH0zH4oOIRH4SfOIGnuY+7dwaKS+G+Bv8BUVBTsYuU2+F8nAiSMrWIBSJqk9tJXJO6doiIfWZOHsASyMoJfkhH0u/c0ELmhXG6ymOVfHHw3oBXMWFuR5bRptbGLxUeSXPUtR7X5trhKb7+0CPJ2Qmlmh2gf0ioxeKNW4SexkBKGzqFRiUPHAsWPr6nC6Lj8zKOY4X3XlguuA6jx1PUAG8ffChoXcCcjDutf/XBBG+gheFvOP4T9mO80LXjJHADI2U9fB4bXgnVbW824cmAXlvrIjWfvTWoaI2A9wfPwcZbbB4/5KAg/4CGBic3+hcX9SSOVNkiOXfQGm9Q/X7s3Z/v6hHLNIDd7sRXrR0t16nad2HnVr2VDPUTdEL1hNgR6RBVzopXudye1tsa0ECqfHgoUlpYkGya2UyBZpZBCZAar8v2MUi2rkk+cBGuBfu5dVd/KsTePWqDu9tqe3t6RtzA7ygHZqUPhOtAtRrrnRKMyQmqjwZ8fzz9TeXswmn7qwreZDSVXW1ZG8kIhd6CeCTt0l+uNiUSmQ0EbJ9vnpqnAWsCU10cwgBRO97JxOkf7A3YWSZszgwVpyiND7cKFsDS3M4ZNRTtyooLIH4WgBKPiUEC5LT6fFzOELPAJ2VEv4KMtX7HQ5jQh
+  template:
+    metadata:
+      name: cloudflare-api-token
+      namespace: cert-manager

platform/cert-manager/templates/cluster-issuer.yaml

@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dns
+  annotations:
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: gwg313@pm.me
+    privateKeySecretRef:
+      name: letsencrypt-dns-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token
+            key: api-token

platform/cert-manager/values.yaml

@@ -0,0 +1,7 @@
+cert-manager:
+  crds:
+    enabled: true
+
+  extraArgs:
+    - --dns01-recursive-nameservers-only
+    - --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53