infra/foundation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Put ClusterIssuer under certificates

Browse Source
This commit is contained in:
Dreaded_X
2025-12-17 00:30:01 +01:00
parent 8a83ae3ab3
commit cfa317caf4
8 changed files with 7 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
configs/certificates/base/cluster-issuer.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: tim.huizinga@gmail.com
privateKeySecretRef:
name: letsencrypt
solvers:
- dns01:
cloudflare:
email: tim.huizinga@gmail.com
apiTokenSecretRef:
name: cloudflare-token
key: token

2
configs/certificates/base/kustomization.yaml
View File

@@ -3,3 +3,5 @@ kind: Kustomization
resources:
- namespace.yaml
- certificate-huizinga-dev.yaml
- secret-cloudflare-token.enc.yaml
- cluster-issuer.yaml

53
configs/certificates/base/secret-cloudflare-token.enc.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-token
namespace: cert-manager
type: Opaque
stringData:
token: ENC[AES256_GCM,data:uwFPBz9+EMnpXUgvkJ0u9/iEFbpJ2Rz+oX2pqwcJrH04r8E91weFOA==,iv:m9yka2XMfbuu0d/12RvG7UPWvxJEZ0UeDG+OMqxTpkg=,tag:F7EDh3PCHk2yE0MDIjmo2g==,type:str]
sops:
age:
- recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPT1F1MWlqTHdOVUFPZURS
TjZzRm04KzJobHp2Vy8xNHVBUW5WMko1bFU0ClpHSUphVWdFTGFsaytMRE1PSkR0
UnVGVU84c2tmZ2tCTG5QTEJxOFdWMHcKLS0tIGNybUdXZS9QUlk5dk1PRFhtdXNQ
Y3ZjOG5wMjlXYWpqeUYyUVFQYmQwSEUKd09GwvJx55mznG0JT8baa9LkkWcNT/ux
p4qgxg9F9hHGRXNnrMNaYnEj8NV01cd4yXCha+C7IVL0MssBrmJW8Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaDQ0Mnp5NVV3Yi9uRkcw
MFJOTFEzVldBYUFXejg0d2pPYVAwYndWMVU0CkFpMVJxUkFwa1BDeTFLZnJwdEp5
a3R3VlNqZnkyODEyZ3U1ZEZIK3dJL2MKLS0tIFZoaml2cndVYmJCQ2JsRFlrWURy
SEFVKytlWDJnMmp1QTM2eGZuV3E1eUkKjfsfazFaec1x6EOkEht+GbBHSV/L4GUz
YpDx9vIMB2T0wUd5U6ecNdyea2HwYg4gzUtwzDf1AGYtoOv9doig3g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-09T02:35:32Z"
mac: ENC[AES256_GCM,data:4cprvZzT//nt0PHbJ+p46jnLjfiXF4VlaKA0p2bGKlXWoThvJd9lpUD8xVzXo860U5aGWzqIsdONRjuJcRY4zPz/mkgcRz+gZKkcOCtS2wDOUkk98n2EuwbbJ4+fBH+RbqtcZmocsiGPt6JOLPOPZHpe+t2iiFoBewFfLuND8PM=,iv:eFZ3mEPlEHOLvmWAaDepJjwaaHgcnGBw8v3FEFvOcVI=,tag:GL+bqXS1Qe+7BZEgLEYtNw==,type:str]
pgp:
- created_at: "2025-12-09T02:35:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA51kG++kLewoARAAjNHNqLtH4I+qJoW+/DtUhSCy66V9gznDeqWwwhERaGCN
LNNN43m7zD5rGei4G3dK12xyacMVExbjGxMQironUG/DdNw4dmYpZlktOxb8ec8Y
NK669WI8TC1vltLaET/NLEXih0zKEEf5DO1xKEdTFpU4hG8yGg6X82vVHhnUTiaP
ChtnjaOqPFz3HTk8oa2HvhQvYgZB1FCEI+jrCsxZVHp8j+6iN9NtxEFrpIcDsYVN
XpYupukU3kymBHOYx3tptiufR4riOr7RnmNu+dEvJSsaOjax4E8l3k48jEBbNcHQ
CVQf2qf0iRcOQPNHrcy40QKlxUUacO2OJa2aq6G1rceaZosqE09PJmQZUfKi4zYq
qho590mtdfdcub7h3xGVL9i84fdGpkL+BEJCLvf0PSj0VaVJDND2Mibqo+S9lGPb
6dJIIaMeh1Dm5dK7uMBut7+dv4GPO+IljuwXjAWh0tDIUx7P7gWsLiUjJ/rhFw+f
7lSY2sRAzXcEGIbBZc+K0CdNx1fbHaagL4ENjEIoTr6Uxn5Qepxv+iXhYsZzJaOR
AG7v8KvlXAW5DcmndWYg8eyTc6+76iiFNDPCVlXaugcmzlqq87fObre2ZwBIq6re
KZaHRz8gwEeXxZAOZEMhoRTNJkyQr2DiwDSa0CzW96N/VcbukjSPFzTRrO+eZEvS
XgGfoHUY+OWLWnxI3/Cu81DIAt0TRBtTN5jL1h9C450heaHfJ+wGC5hf/t1I6GTO
N6NqKiYRCNCepFQASuOqyzTi8jyNvwgbOeFL/UYGpzNX7Y8CIawVSfjncuRtTmQ=
=ta8P
-----END PGP MESSAGE-----
fp: CD17A34CBFB21DE9A73D47EB76BDEC4E165D8AD9
encrypted_regex: ^(data|stringData)$
version: 3.11.0

6
configs/certificates/certificates.yaml
View File

@@ -8,10 +8,14 @@ spec:
retryInterval: 2m
timeout: 15m
dependsOn:
- name: letsencrypt
- name: cert-manager
sourceRef:
kind: ExternalArtifact
name: certificates
decryption:
provider: sops
secretRef:
name: sops-gpg
path: ./${cluster_env}
prune: true
wait: true