infra/foundation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Added letsencrypt cluster issuer

Browse Source
This commit is contained in:
Dreaded_X
2025-12-01 02:51:25 +01:00
parent dedfa503eb
commit f672b14404
7 changed files with 122 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.sops.yaml Normal file
View File

@@ -0,0 +1,8 @@
creation_rules:
- path_regex: .*.yaml
encrypted_regex: ^(data|stringData)$
pgp: >-
1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E!
age: >-
age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul,
age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj

2
clusters/testing/kustomization.yaml
View File

@@ -4,3 +4,5 @@ resources:
- flux-system/
- ../../controllers/artifacts.yaml
- ../../controllers/cert-manager/cert-manager.yaml
- ../../configs/artifacts.yaml
- ../../configs/letsencrypt/letsencrypt.yaml

16
configs/artifacts.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: source.extensions.fluxcd.io/v1beta1
kind: ArtifactGenerator
metadata:
name: configs
namespace: flux-system
spec:
sources:
- alias: foundation
kind: GitRepository
name: flux-system
artifacts:
- name: letsencrypt
originRevision: "@foundation"
copy:
- from: "@foundation/configs/letsencrypt/**"
to: "@artifact/"

17
configs/letsencrypt/cluster-issuer.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: tim.huizinga@gmail.com
privateKeySecretRef:
name: letsencrypt
solvers:
- dns01:
cloudflare:
email: tim.huizinga@gmail.com
apiTokenSecretRef:
name: cloudflare-token
key: token

5
configs/letsencrypt/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- secret-cloudflare-token.enc.yaml
- cluster-issuer.yaml

21
configs/letsencrypt/letsencrypt.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: letsencrypt
namespace: flux-system
spec:
interval: 1h
retryInterval: 2m
timeout: 5m
dependsOn:
- name: cert-manager
sourceRef:
kind: ExternalArtifact
name: letsencrypt
decryption:
provider: sops
secretRef:
name: sops-gpg
path: ./
prune: true
wait: true

53
configs/letsencrypt/secret-cloudflare-token.enc.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-token
namespace: cert-manager
type: Opaque
stringData:
token: ENC[AES256_GCM,data:uwFPBz9+EMnpXUgvkJ0u9/iEFbpJ2Rz+oX2pqwcJrH04r8E91weFOA==,iv:m9yka2XMfbuu0d/12RvG7UPWvxJEZ0UeDG+OMqxTpkg=,tag:F7EDh3PCHk2yE0MDIjmo2g==,type:str]
sops:
age:
- recipient: age1860txadrlqrjwnqh0g466re2nt8jk7xhj640pq9gpsddpg23uynqsp2hul
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuZGVBS1dpRlVQemlRR2gv
WFQraFRxV1hGTVZ1UlNPeXV5Z1VTQ0o2QVFjCjZmYzh0dmhDczllU1pUdGs3Ti82
blBOZTAwSUVMTVlJcHNRNVA1NytTMk0KLS0tIGtwR0dYOUxOaUVWb041SXQ5cktU
b0QwUVJNVDBTUkcwcWxmV3R4Rm4wNjQKC/hMgUvkTlROHPiBZcJ1ALu2zqknkFhw
qDBjJmwpCApaLKrFMxgMEMySNbN2l04fnCQQtZ97ZH87C1lj5WFT8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hktythzvsnth6u5en2lvag0tftnj9r03w7rpnzfgzgf5w95qxycq2azufj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSDA1NkJGdUsyR3hUeG85
TUpldmk1V054SDNyNHdlVEhtM3NSMlBjc3hJCk9yQXd5ajl5VnFsZytMWHA5dlNN
Q2pxNHVMd01mMEwwT0pKVnBBYjByWXMKLS0tIE9uQ3pzMW90MEhZUGtxVUkrZFJH
VXJSejR2bzRLamdoemhSRkwwRGxnVDAKOVvuGT6ZO+JB33RrCF0oqyA0GXAznGOE
gT/7i9aMKuJfJr5RhfK1GY6JJf18mHt+jwM2epjtcFYzZpMjh2zjcg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-01T01:33:08Z"
mac: ENC[AES256_GCM,data:9pXCN0JoIFc7OXJvJFBtd/BGP9aByPFq+8KKUqv0MKXVWJWXxzTzN8yoinxsPrw0KSLOJ98ieDIHj2ukVMpuOILOzDELArDsiP0/TAq387V9S7vx+Z2OnCSVuHoW97fvvqSxqhyAuZ8a4alNQ83TtOdZ2gK6VMxWMKizZWdpGeI=,iv:KaEJ6avIlBSTBSIdi/xDF249WEbzubLviBTaDHSwp5A=,tag:TbwJvDuYJY8EdL6yxekWzQ==,type:str]
pgp:
- created_at: "2025-12-01T01:33:08Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7pKPTYH5bqOAQ//XvRMEPLhIX1a7oAq5bBY/rl8o5NiBl2z78Bi2ddZ5Fnt
J1f9syNMfYCrtkrZ5dgGcbELYcdP0QFajyDYWDViz4elmdqsvdzIPY7DAdzj7NQU
gZhoJyBSK5EP4x/89fFdd9zR54nVH8K9036bp4KEGzu611YxdwHT9EtheTSM12S/
ZVvVrN0wq6ld9NH0PxEimGL1GhGn+dpVczN1CL1Qh81dz1FpvADd7AJQ7JprkbN8
SBSG+omRBhuZaoXTurihgL702q/zzX0/ZyQ24ONsaQGWXJmdXx+lRBgfmWPL9w8b
6tcAwfCyOw6QTaTPipOvtHG3M6rhl3AxPWFm2eIv1oXtFGMAbmxOCDfGzy+Tkuva
JdlObrgU1v9CAxeKSeqetEZWHY/kPiUSlRUD+C4sHxJBO0MEzxQzNBlh7NgGBOPh
Ldum/jZbcCJCOyPXS1Q4bW89gwaTVTeOVpadSwwsJap8+13E2sar3BES2tIGiGTZ
e44S5pS/ycSMLQHxmPgyVnMTtMcRU5qtmEo6hjhrB05bppGQFAiCDilM6PHFJ+oN
1IDOXCoqiDwS2Yxm7IQrw/7WvHqngTwwJyxjy6q4bgocgrnSqKzqoE0pBZvX1oGN
1Num+9u+XwWAb2m9QUJAiWy9R16AgDD9Gp3ekArwztlMSWrXnIGz/zUL+ehh3avS
XgH1P2d8+QPjhrXq9Hyu9wANeL1Z1qQFKTTe9ReqRUc+B4Ts8ACf26FYSneksgJd
2lyesmgmrGlFzGCVdPCBOuCPCicP/w28WzYUI7amzraPa5kHEhl3wzkQiTE710c=
=XaqU
-----END PGP MESSAGE-----
fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E!
encrypted_regex: ^(data|stringData)$
version: 3.11.0