Start repo reorganization with cert-manager

clusters/titan.lan.huizinga.dev/infra/cert-manager.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./infra/cert-manager
+  targetNamespace: cert-manager
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: cert-manager
+      namespace: cert-manager

clusters/titan.lan.huizinga.dev/infra/letsencrypt.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: letsencrypt
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./infra/letsencrypt
+  dependsOn:
+    - name: cert-manager
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg

clusters/titan.lan.huizinga.dev/infrastructure.yaml

@@ -4,6 +4,8 @@ metadata:
   name: infra-controllers
   namespace: flux-system
 spec:
+  dependsOn:
+    - name: cert-manager
   decryption:
     provider: sops
     secretRef:
@@ -41,6 +43,7 @@ metadata:
 spec:
   dependsOn:
     - name: infra-controllers
+    - name: cert-manager
   decryption:
     provider: sops
     secretRef:

infra/cert-manager/helm-release.yaml

@@ -1,22 +1,7 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cert-manager
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: jetstack
-  namespace: cert-manager
-spec:
-  interval: 1m0s
-  url: https://charts.jetstack.io
----
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
-  namespace: cert-manager
 spec:
   chart:
     spec:

infra/cert-manager/helm-repository.yaml

@@ -0,0 +1,7 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+spec:
+  interval: 1m0s
+  url: https://charts.jetstack.io

infra/cert-manager/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager

infra/letsencrypt/certificate-huizinga-dev.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: huizinga-dev
+  namespace: default
+spec:
+  secretName: huizinga-dev-tls
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  commonName: "huizinga.dev"
+  dnsNames:
+    - "huizinga.dev"
+    - "*.huizinga.dev"

infra/letsencrypt/certificate-staging-huizinga-dev.yaml

@@ -1,20 +1,5 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
-metadata:
-  name: huizinga-dev
-  namespace: default
-spec:
-  secretName: huizinga-dev-tls
-  issuerRef:
-    name: letsencrypt
-    kind: ClusterIssuer
-  commonName: "huizinga.dev"
-  dnsNames:
-    - "huizinga.dev"
-    - "*.huizinga.dev"
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
 metadata:
   name: staging-huizinga-dev
   namespace: default

infra/letsencrypt/cluster-issuer.yaml

@@ -13,5 +13,5 @@ spec:
           cloudflare:
             email: tim.huizinga@gmail.com
             apiTokenSecretRef:
-              name: cloudflare-token-secret
-              key: cloudflare-token
+              name: cloudflare-token
+              key: token

infra/letsencrypt/secret-cloudflare-token.yaml

@@ -1,19 +1,19 @@
 apiVersion: v1
 kind: Secret
 metadata:
-    name: cloudflare-token-secret
+    name: cloudflare-token
     namespace: cert-manager
 type: Opaque
 stringData:
-    cloudflare-token: ENC[AES256_GCM,data:XwRjEs7wysONEQ2CdcG4jN01PswOquzabIbxJwjIzg3mMpwKDGMJMQ==,iv:MOyiJICBgbvjiewagftS2OzI+ZTlJVQKORhRwGG/dbc=,tag:Ud3y9VquIVcuZzFaRHKFAA==,type:str]
+    token: ENC[AES256_GCM,data:1QSjQJrky3AOQv9Bf8ifvfgeYCh3DvPtCWNLKEY/eEpzPsJKD7MYwQ==,iv:MbWKNj13K25TiP1MPfJMaM1P3Qpy3TE+dWnbF5Gpr3Y=,tag:IMRRhh2nwT40rjVDAgBhrw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-11-18T23:02:45Z"
-    mac: ENC[AES256_GCM,data:m2dq9lwsF0VaPJkBwSgO0nsa0znOvueAfYaimne82DQRyp9eH9AyAqnD+rjSQhWUrLuVjS7i1zIfTyB3EyrmXGOFlD2Win9lTiyRbhKlc5VtBBwBpC8TBVsyHngYROXJwJS9lLheEsMwJM70E4v0PpnfZX2OLuiK+kKaNnUtRbU=,iv:8LtaHSMODQ0C33hJM+3yL7mtOYdk5+w42PHM4c5X/ms=,tag:CXI8kD7SuZeB2igbhO1E0g==,type:str]
+    lastmodified: "2025-02-15T21:24:33Z"
+    mac: ENC[AES256_GCM,data:Dfy6zbFciru6hAt48FtpnAlVTkEqkQR2BnpaVJ8DEd3SEk9uYx1tPKG3hSI8xi2JkltVY0tmETf79mYqnmhRUy/cUo25wsUp3anaXYM2vp+Jiqu3EjVjsJrvVPUhHCnWrZ0UGZ/xicCuC15JKw8grsTuQxFaTxswJBCRtc7C0jI=,iv:E3NSnxhMxasAcmYerZCyAN8N1spSN+OfwzKvB8g7MFs=,tag:cQ/0/Lp408pQUVSeLm2hQQ==,type:str]
     pgp:
         - created_at: "2024-09-26T22:20:01Z"
           enc: |-
@@ -57,4 +57,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
     encrypted_regex: ^(data|stringData)$
-    version: 3.9.0
+    version: 3.9.1

infrastructure/configs/kustomization.yaml

@@ -1,9 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./secrets/
-  - ./cluster-issuers.yaml
-  - ./certificates.yaml
   - ./middleware.yaml
 
   - ./intel-devices

infrastructure/configs/secrets/kustomization.yaml

@@ -1,4 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - cloudflare-token.yaml

infrastructure/controllers/kustomization.yaml

@@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - akri.yaml
-  - cert-manager.yaml
   - traefik.yaml
   - cloudnative-pg.yaml
   - ./rook