From e9d54563d6740eb58fb6375b2b7ee0db0a8eb076 Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Sat, 15 Feb 2025 03:36:52 +0100 Subject: [PATCH] Start repo reorganization with cert-manager --- .../infra/cert-manager.yaml | 19 +++++++++++++++++++ .../infra/letsencrypt.yaml | 19 +++++++++++++++++++ .../infrastructure.yaml | 3 +++ .../cert-manager/helm-release.yaml | 15 --------------- infra/cert-manager/helm-repository.yaml | 7 +++++++ infra/cert-manager/namespace.yaml | 4 ++++ .../letsencrypt/certificate-huizinga-dev.yaml | 14 ++++++++++++++ .../certificate-staging-huizinga-dev.yaml | 15 --------------- .../letsencrypt/cluster-issuer.yaml | 4 ++-- .../letsencrypt/secret-cloudflare-token.yaml | 10 +++++----- infrastructure/configs/kustomization.yaml | 3 --- .../configs/secrets/kustomization.yaml | 4 ---- infrastructure/controllers/kustomization.yaml | 1 - 13 files changed, 73 insertions(+), 45 deletions(-) create mode 100644 clusters/titan.lan.huizinga.dev/infra/cert-manager.yaml create mode 100644 clusters/titan.lan.huizinga.dev/infra/letsencrypt.yaml rename infrastructure/controllers/cert-manager.yaml => infra/cert-manager/helm-release.yaml (70%) create mode 100644 infra/cert-manager/helm-repository.yaml create mode 100644 infra/cert-manager/namespace.yaml create mode 100644 infra/letsencrypt/certificate-huizinga-dev.yaml rename infrastructure/configs/certificates.yaml => infra/letsencrypt/certificate-staging-huizinga-dev.yaml (52%) rename infrastructure/configs/cluster-issuers.yaml => infra/letsencrypt/cluster-issuer.yaml (81%) rename infrastructure/configs/secrets/cloudflare-token.yaml => infra/letsencrypt/secret-cloudflare-token.yaml (82%) delete mode 100644 infrastructure/configs/secrets/kustomization.yaml diff --git a/clusters/titan.lan.huizinga.dev/infra/cert-manager.yaml b/clusters/titan.lan.huizinga.dev/infra/cert-manager.yaml new file mode 100644 index 0000000..b1e2fd8 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/infra/cert-manager.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 15m + path: ./infra/cert-manager + targetNamespace: cert-manager + prune: true + timeout: 2m + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: cert-manager + namespace: cert-manager diff --git a/clusters/titan.lan.huizinga.dev/infra/letsencrypt.yaml b/clusters/titan.lan.huizinga.dev/infra/letsencrypt.yaml new file mode 100644 index 0000000..2475760 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/infra/letsencrypt.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: letsencrypt + namespace: flux-system +spec: + interval: 15m + path: ./infra/letsencrypt + dependsOn: + - name: cert-manager + prune: true + timeout: 2m + sourceRef: + kind: GitRepository + name: flux-system + decryption: + provider: sops + secretRef: + name: sops-gpg diff --git a/clusters/titan.lan.huizinga.dev/infrastructure.yaml b/clusters/titan.lan.huizinga.dev/infrastructure.yaml index c9d9813..5d6b333 100644 --- a/clusters/titan.lan.huizinga.dev/infrastructure.yaml +++ b/clusters/titan.lan.huizinga.dev/infrastructure.yaml @@ -4,6 +4,8 @@ metadata: name: infra-controllers namespace: flux-system spec: + dependsOn: + - name: cert-manager decryption: provider: sops secretRef: @@ -41,6 +43,7 @@ metadata: spec: dependsOn: - name: infra-controllers + - name: cert-manager decryption: provider: sops secretRef: diff --git a/infrastructure/controllers/cert-manager.yaml b/infra/cert-manager/helm-release.yaml similarity index 70% rename from infrastructure/controllers/cert-manager.yaml rename to infra/cert-manager/helm-release.yaml index a34d0cc..6ed5678 100644 --- a/infrastructure/controllers/cert-manager.yaml +++ b/infra/cert-manager/helm-release.yaml @@ -1,22 +1,7 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: jetstack - namespace: cert-manager -spec: - interval: 1m0s - url: https://charts.jetstack.io ---- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager - namespace: cert-manager spec: chart: spec: diff --git a/infra/cert-manager/helm-repository.yaml b/infra/cert-manager/helm-repository.yaml new file mode 100644 index 0000000..b012dc9 --- /dev/null +++ b/infra/cert-manager/helm-repository.yaml @@ -0,0 +1,7 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jetstack +spec: + interval: 1m0s + url: https://charts.jetstack.io diff --git a/infra/cert-manager/namespace.yaml b/infra/cert-manager/namespace.yaml new file mode 100644 index 0000000..c90416f --- /dev/null +++ b/infra/cert-manager/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager diff --git a/infra/letsencrypt/certificate-huizinga-dev.yaml b/infra/letsencrypt/certificate-huizinga-dev.yaml new file mode 100644 index 0000000..3d1df48 --- /dev/null +++ b/infra/letsencrypt/certificate-huizinga-dev.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: huizinga-dev + namespace: default +spec: + secretName: huizinga-dev-tls + issuerRef: + name: letsencrypt + kind: ClusterIssuer + commonName: "huizinga.dev" + dnsNames: + - "huizinga.dev" + - "*.huizinga.dev" diff --git a/infrastructure/configs/certificates.yaml b/infra/letsencrypt/certificate-staging-huizinga-dev.yaml similarity index 52% rename from infrastructure/configs/certificates.yaml rename to infra/letsencrypt/certificate-staging-huizinga-dev.yaml index 2488572..a1bdac8 100644 --- a/infrastructure/configs/certificates.yaml +++ b/infra/letsencrypt/certificate-staging-huizinga-dev.yaml @@ -1,20 +1,5 @@ apiVersion: cert-manager.io/v1 kind: Certificate -metadata: - name: huizinga-dev - namespace: default -spec: - secretName: huizinga-dev-tls - issuerRef: - name: letsencrypt - kind: ClusterIssuer - commonName: "huizinga.dev" - dnsNames: - - "huizinga.dev" - - "*.huizinga.dev" ---- -apiVersion: cert-manager.io/v1 -kind: Certificate metadata: name: staging-huizinga-dev namespace: default diff --git a/infrastructure/configs/cluster-issuers.yaml b/infra/letsencrypt/cluster-issuer.yaml similarity index 81% rename from infrastructure/configs/cluster-issuers.yaml rename to infra/letsencrypt/cluster-issuer.yaml index 63619cb..078ae52 100644 --- a/infrastructure/configs/cluster-issuers.yaml +++ b/infra/letsencrypt/cluster-issuer.yaml @@ -13,5 +13,5 @@ spec: cloudflare: email: tim.huizinga@gmail.com apiTokenSecretRef: - name: cloudflare-token-secret - key: cloudflare-token + name: cloudflare-token + key: token diff --git a/infrastructure/configs/secrets/cloudflare-token.yaml b/infra/letsencrypt/secret-cloudflare-token.yaml similarity index 82% rename from infrastructure/configs/secrets/cloudflare-token.yaml rename to infra/letsencrypt/secret-cloudflare-token.yaml index 5021661..aff9b97 100644 --- a/infrastructure/configs/secrets/cloudflare-token.yaml +++ b/infra/letsencrypt/secret-cloudflare-token.yaml @@ -1,19 +1,19 @@ apiVersion: v1 kind: Secret metadata: - name: cloudflare-token-secret + name: cloudflare-token namespace: cert-manager type: Opaque stringData: - cloudflare-token: ENC[AES256_GCM,data:XwRjEs7wysONEQ2CdcG4jN01PswOquzabIbxJwjIzg3mMpwKDGMJMQ==,iv:MOyiJICBgbvjiewagftS2OzI+ZTlJVQKORhRwGG/dbc=,tag:Ud3y9VquIVcuZzFaRHKFAA==,type:str] + token: ENC[AES256_GCM,data:1QSjQJrky3AOQv9Bf8ifvfgeYCh3DvPtCWNLKEY/eEpzPsJKD7MYwQ==,iv:MbWKNj13K25TiP1MPfJMaM1P3Qpy3TE+dWnbF5Gpr3Y=,tag:IMRRhh2nwT40rjVDAgBhrw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-11-18T23:02:45Z" - mac: ENC[AES256_GCM,data:m2dq9lwsF0VaPJkBwSgO0nsa0znOvueAfYaimne82DQRyp9eH9AyAqnD+rjSQhWUrLuVjS7i1zIfTyB3EyrmXGOFlD2Win9lTiyRbhKlc5VtBBwBpC8TBVsyHngYROXJwJS9lLheEsMwJM70E4v0PpnfZX2OLuiK+kKaNnUtRbU=,iv:8LtaHSMODQ0C33hJM+3yL7mtOYdk5+w42PHM4c5X/ms=,tag:CXI8kD7SuZeB2igbhO1E0g==,type:str] + lastmodified: "2025-02-15T21:24:33Z" + mac: ENC[AES256_GCM,data:Dfy6zbFciru6hAt48FtpnAlVTkEqkQR2BnpaVJ8DEd3SEk9uYx1tPKG3hSI8xi2JkltVY0tmETf79mYqnmhRUy/cUo25wsUp3anaXYM2vp+Jiqu3EjVjsJrvVPUhHCnWrZ0UGZ/xicCuC15JKw8grsTuQxFaTxswJBCRtc7C0jI=,iv:E3NSnxhMxasAcmYerZCyAN8N1spSN+OfwzKvB8g7MFs=,tag:cQ/0/Lp408pQUVSeLm2hQQ==,type:str] pgp: - created_at: "2024-09-26T22:20:01Z" enc: |- @@ -57,4 +57,4 @@ sops: -----END PGP MESSAGE----- fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28 encrypted_regex: ^(data|stringData)$ - version: 3.9.0 + version: 3.9.1 diff --git a/infrastructure/configs/kustomization.yaml b/infrastructure/configs/kustomization.yaml index 8d83a39..4cf0fee 100644 --- a/infrastructure/configs/kustomization.yaml +++ b/infrastructure/configs/kustomization.yaml @@ -1,9 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./secrets/ - - ./cluster-issuers.yaml - - ./certificates.yaml - ./middleware.yaml - ./intel-devices diff --git a/infrastructure/configs/secrets/kustomization.yaml b/infrastructure/configs/secrets/kustomization.yaml deleted file mode 100644 index f71aa8a..0000000 --- a/infrastructure/configs/secrets/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - cloudflare-token.yaml diff --git a/infrastructure/controllers/kustomization.yaml b/infrastructure/controllers/kustomization.yaml index 742ae2c..06fad8d 100644 --- a/infrastructure/controllers/kustomization.yaml +++ b/infrastructure/controllers/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - akri.yaml - - cert-manager.yaml - traefik.yaml - cloudnative-pg.yaml - ./rook