From bf61a80feeee1d85a5116bd7415df704354643a9 Mon Sep 17 00:00:00 2001 From: gwg313 Date: Sun, 17 May 2026 22:09:42 -0400 Subject: [PATCH] cert-manager Signed-off-by: gwg313 --- management/platform-apps/cert-manager.yaml | 32 +++++++++++++++++++ management/platform-apps/kustomization.yaml | 1 + management/platform-apps/sealed-secrets.yaml | 2 ++ platform/cert-manager/Chart.yaml | 11 +++++++ .../templates/cloudflare-sealed-secret.yaml | 15 +++++++++ .../templates/cluster-issuer.yaml | 18 +++++++++++ platform/cert-manager/values.yaml | 7 ++++ 7 files changed, 86 insertions(+) create mode 100644 management/platform-apps/cert-manager.yaml create mode 100644 platform/cert-manager/Chart.yaml create mode 100644 platform/cert-manager/templates/cloudflare-sealed-secret.yaml create mode 100644 platform/cert-manager/templates/cluster-issuer.yaml create mode 100644 platform/cert-manager/values.yaml diff --git a/management/platform-apps/cert-manager.yaml b/management/platform-apps/cert-manager.yaml new file mode 100644 index 0000000..6cf7b5c --- /dev/null +++ b/management/platform-apps/cert-manager.yaml @@ -0,0 +1,32 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + annotations: + argoproj.io/sync-wave: "-10" +spec: + project: default + source: + repoURL: https://github.com/gwg313/homelab-gitops.git + targetRevision: main + path: platform/cert-manager + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + - RespectIgnoreDifferences=true + + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + namespace: "" + jsonPointers: + - /metadata/labels + - /metadata/annotations diff --git a/management/platform-apps/kustomization.yaml b/management/platform-apps/kustomization.yaml index 8ba1126..2701b2d 100644 --- a/management/platform-apps/kustomization.yaml +++ b/management/platform-apps/kustomization.yaml @@ -7,5 +7,6 @@ resources: - tetragon-core.yaml - tetragon-policies.yaml - sealed-secrets.yaml + - cert-manager.yaml - forgejo.yaml - navidrome.yaml diff --git a/management/platform-apps/sealed-secrets.yaml b/management/platform-apps/sealed-secrets.yaml index 4b24f7d..d3b3d51 100644 --- a/management/platform-apps/sealed-secrets.yaml +++ b/management/platform-apps/sealed-secrets.yaml @@ -3,6 +3,8 @@ kind: Application metadata: name: sealed-secrets namespace: argocd + annotations: + argoproj.io/sync-wave: "-10" finalizers: - resources-finalizer.argocd.argoproj.io spec: diff --git a/platform/cert-manager/Chart.yaml b/platform/cert-manager/Chart.yaml new file mode 100644 index 0000000..8290112 --- /dev/null +++ b/platform/cert-manager/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: cert-manager +description: Cert Manager +type: application +version: 1.0.0 +appVersion: 1.0.0 + +dependencies: + - name: cert-manager + version: v1.20.2 + repository: https://charts.jetstack.io diff --git a/platform/cert-manager/templates/cloudflare-sealed-secret.yaml b/platform/cert-manager/templates/cloudflare-sealed-secret.yaml new file mode 100644 index 0000000..57aa507 --- /dev/null +++ b/platform/cert-manager/templates/cloudflare-sealed-secret.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: cloudflare-api-token + namespace: cert-manager + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + encryptedData: + api-token: AgBHIRGTABWJsIbiEPN/Vaaj7AaEs9VRD40coTXBInHsKg2lXp6NmVBZWsnqSEI4GkgWTWobjAaDXTfahftG7ITxrxBHvCVhmwolIf6MbxQ8saH0zH4oOIRH4SfOIGnuY+7dwaKS+G+Bv8BUVBTsYuU2+F8nAiSMrWIBSJqk9tJXJO6doiIfWZOHsASyMoJfkhH0u/c0ELmhXG6ymOVfHHw3oBXMWFuR5bRptbGLxUeSXPUtR7X5trhKb7+0CPJ2Qmlmh2gf0ioxeKNW4SexkBKGzqFRiUPHAsWPr6nC6Lj8zKOY4X3XlguuA6jx1PUAG8ffChoXcCcjDutf/XBBG+gheFvOP4T9mO80LXjJHADI2U9fB4bXgnVbW824cmAXlvrIjWfvTWoaI2A9wfPwcZbbB4/5KAg/4CGBic3+hcX9SSOVNkiOXfQGm9Q/X7s3Z/v6hHLNIDd7sRXrR0t16nad2HnVr2VDPUTdEL1hNgR6RBVzopXudye1tsa0ECqfHgoUlpYkGya2UyBZpZBCZAar8v2MUi2rkk+cBGuBfu5dVd/KsTePWqDu9tqe3t6RtzA7ygHZqUPhOtAtRrrnRKMyQmqjwZ8fzz9TeXswmn7qwreZDSVXW1ZG8kIhd6CeCTt0l+uNiUSmQ0EbJ9vnpqnAWsCU10cwgBRO97JxOkf7A3YWSZszgwVpyiND7cKFsDS3M4ZNRTtyooLIH4WgBKPiUEC5LT6fFzOELPAJ2VEv4KMtX7HQ5jQh + template: + metadata: + name: cloudflare-api-token + namespace: cert-manager diff --git a/platform/cert-manager/templates/cluster-issuer.yaml b/platform/cert-manager/templates/cluster-issuer.yaml new file mode 100644 index 0000000..8eeb4fa --- /dev/null +++ b/platform/cert-manager/templates/cluster-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: gwg313@pm.me + privateKeySecretRef: + name: letsencrypt-dns-key + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token + key: api-token diff --git a/platform/cert-manager/values.yaml b/platform/cert-manager/values.yaml new file mode 100644 index 0000000..04739e0 --- /dev/null +++ b/platform/cert-manager/values.yaml @@ -0,0 +1,7 @@ +cert-manager: + crds: + enabled: true + + extraArgs: + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53