gwg313/homelab-gitops
1
0
Fork 0
mirror of https://github.com/gwg313/homelab-gitops.git synced 2026-06-27 08:00:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

cert-manager

Browse source 
Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
gwg313 2026-05-17 22:09:42 -04:00
parent a39d676252
commit bf61a80fee
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
7 changed files with 86 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

32
management/platform-apps/cert-manager.yaml Normal file
View file

@ -0,0 +1,32 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
annotations:
argoproj.io/sync-wave: "-10"
spec:
project: default
source:
repoURL: https://github.com/gwg313/homelab-gitops.git
targetRevision: main
path: platform/cert-manager
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
ignoreDifferences:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
namespace: ""
jsonPointers:
- /metadata/labels
- /metadata/annotations

1
management/platform-apps/kustomization.yaml
View file

@ -7,5 +7,6 @@ resources:
- tetragon-core.yaml - tetragon-core.yaml
- tetragon-policies.yaml - tetragon-policies.yaml
- sealed-secrets.yaml - sealed-secrets.yaml
- cert-manager.yaml
- forgejo.yaml - forgejo.yaml
- navidrome.yaml - navidrome.yaml

2
management/platform-apps/sealed-secrets.yaml
View file

@ -3,6 +3,8 @@ kind: Application
metadata: metadata:
name: sealed-secrets name: sealed-secrets
namespace: argocd namespace: argocd
annotations:
argoproj.io/sync-wave: "-10"
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
spec: spec:

11
platform/cert-manager/Chart.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v2
name: cert-manager
description: Cert Manager
type: application
version: 1.0.0
appVersion: 1.0.0
dependencies:
- name: cert-manager
version: v1.20.2
repository: https://charts.jetstack.io

15
platform/cert-manager/templates/cloudflare-sealed-secret.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: cloudflare-api-token
namespace: cert-manager
annotations:
argocd.argoproj.io/sync-wave: "1"
spec:
encryptedData:
api-token: AgBHIRGTABWJsIbiEPN/Vaaj7AaEs9VRD40coTXBInHsKg2lXp6NmVBZWsnqSEI4GkgWTWobjAaDXTfahftG7ITxrxBHvCVhmwolIf6MbxQ8saH0zH4oOIRH4SfOIGnuY+7dwaKS+G+Bv8BUVBTsYuU2+F8nAiSMrWIBSJqk9tJXJO6doiIfWZOHsASyMoJfkhH0u/c0ELmhXG6ymOVfHHw3oBXMWFuR5bRptbGLxUeSXPUtR7X5trhKb7+0CPJ2Qmlmh2gf0ioxeKNW4SexkBKGzqFRiUPHAsWPr6nC6Lj8zKOY4X3XlguuA6jx1PUAG8ffChoXcCcjDutf/XBBG+gheFvOP4T9mO80LXjJHADI2U9fB4bXgnVbW824cmAXlvrIjWfvTWoaI2A9wfPwcZbbB4/5KAg/4CGBic3+hcX9SSOVNkiOXfQGm9Q/X7s3Z/v6hHLNIDd7sRXrR0t16nad2HnVr2VDPUTdEL1hNgR6RBVzopXudye1tsa0ECqfHgoUlpYkGya2UyBZpZBCZAar8v2MUi2rkk+cBGuBfu5dVd/KsTePWqDu9tqe3t6RtzA7ygHZqUPhOtAtRrrnRKMyQmqjwZ8fzz9TeXswmn7qwreZDSVXW1ZG8kIhd6CeCTt0l+uNiUSmQ0EbJ9vnpqnAWsCU10cwgBRO97JxOkf7A3YWSZszgwVpyiND7cKFsDS3M4ZNRTtyooLIH4WgBKPiUEC5LT6fFzOELPAJ2VEv4KMtX7HQ5jQh
template:
metadata:
name: cloudflare-api-token
namespace: cert-manager

18
platform/cert-manager/templates/cluster-issuer.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-dns
annotations:
argocd.argoproj.io/sync-wave: "2"
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: gwg313@pm.me
privateKeySecretRef:
name: letsencrypt-dns-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token
key: api-token

7
platform/cert-manager/values.yaml Normal file
View file

@ -0,0 +1,7 @@
cert-manager:
crds:
enabled: true
extraArgs:
- --dns01-recursive-nameservers-only
- --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53