feat: Put ClusterIssuer under certificates

clusters/testing/kustomization.yaml

@@ -12,7 +12,6 @@ resources:
   - ../../controllers/cnpg/cnpg.yaml
 
   - ../../configs/artifacts.yaml
-  - ../../configs/letsencrypt/letsencrypt.yaml
   - ../../configs/certificates/certificates.yaml
   - ../../configs/alerts/alerts.yaml
   - ../../configs/longhorn-jobs/longhorn-jobs.yaml

configs/artifacts.yaml

@@ -9,11 +9,6 @@ spec:
       kind: GitRepository
       name: flux-system
   artifacts:
-    - name: letsencrypt
-      originRevision: "@foundation"
-      copy:
-        - from: "@foundation/configs/letsencrypt/**"
-          to: "@artifact/"
     - name: certificates
       originRevision: "@foundation"
       copy:

configs/certificates/base/kustomization.yaml

@@ -3,3 +3,5 @@ kind: Kustomization
 resources:
   - namespace.yaml
   - certificate-huizinga-dev.yaml
+  - secret-cloudflare-token.enc.yaml
+  - cluster-issuer.yaml

configs/certificates/certificates.yaml

@@ -8,10 +8,14 @@ spec:
   retryInterval: 2m
   timeout: 15m
   dependsOn:
-    - name: letsencrypt
+    - name: cert-manager
   sourceRef:
     kind: ExternalArtifact
     name: certificates
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
   path: ./${cluster_env}
   prune: true
   wait: true

configs/letsencrypt/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - secret-cloudflare-token.enc.yaml
-  - cluster-issuer.yaml

configs/letsencrypt/letsencrypt.yaml

@@ -1,21 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: letsencrypt
-  namespace: flux-system
-spec:
-  interval: 1h
-  retryInterval: 2m
-  timeout: 5m
-  dependsOn:
-    - name: cert-manager
-  sourceRef:
-    kind: ExternalArtifact
-    name: letsencrypt
-  decryption:
-    provider: sops
-    secretRef:
-      name: sops-gpg
-  path: ./
-  prune: true
-  wait: true