Deduplicated certificates config

clusters/testing/flux-system/kustomization.yaml

@@ -3,3 +3,13 @@ kind: Kustomization
 resources:
   - gotk-components.yaml
   - gotk-sync.yaml
+patches:
+  - patch: |
+      - op: add
+        path: /spec/postBuild
+        value:
+          substitute:
+            cluster_env: staging
+    target:
+      kind: Kustomization
+      name: flux-system

clusters/testing/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - ../../controllers/cert-manager/cert-manager.yaml
   - ../../configs/artifacts.yaml
   - ../../configs/letsencrypt/letsencrypt.yaml
+  - ../../configs/certificates/certificates.yaml

configs/artifacts.yaml

@@ -14,3 +14,8 @@ spec:
       copy:
         - from: "@foundation/configs/letsencrypt/**"
           to: "@artifact/"
+    - name: certificates
+      originRevision: "@foundation"
+      copy:
+        - from: "@foundation/configs/certificates/**"
+          to: "@artifact/"

configs/certificates/base/certificate-huizinga-dev.yaml

@@ -0,0 +1,10 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: huizinga-dev
+  namespace: certificates
+spec:
+  secretName: huizinga-dev-tls
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer

configs/certificates/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - certificate-huizinga-dev.yaml

configs/certificates/base/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: certificates

configs/certificates/certificates.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: certificates
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
+  dependsOn:
+    - name: cert-manager
+  sourceRef:
+    kind: ExternalArtifact
+    name: certificates
+  path: ./${cluster_env}
+  prune: true
+  wait: true

configs/certificates/production/certificate-huizinga-dev.yaml

@@ -0,0 +1,10 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: huizinga-dev
+  namespace: certificates
+spec:
+  commonName: "huizinga.dev"
+  dnsNames:
+    - "huizinga.dev"
+    - "*.huizinga.dev"

configs/certificates/production/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+patches:
+  - path: certificate-huizinga-dev.yaml
+    target:
+      kind: Certificate

configs/certificates/staging/certificate-huizinga-dev.yaml

@@ -0,0 +1,10 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: huizinga-dev
+  namespace: certificates
+spec:
+  commonName: "staging.huizinga.dev"
+  dnsNames:
+    - "staging.huizinga.dev"
+    - "*.staging.huizinga.dev"

configs/certificates/staging/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../base
+patches:
+  - path: certificate-huizinga-dev.yaml
+    target:
+      kind: Certificate