steffen/kubedeploy-k3s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modify annotation by kustomize

Browse Source
This commit is contained in:
Steffen Illium
2024-04-10 12:25:15 +02:00
parent ca24d7dc73
commit 24c049dc50
9 changed files with 22 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
infrastructure/07-cert-manager/dns-issuer.yaml
View File

@ -1,55 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: steffen.illium@gmail.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-staging-key
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.steffenillium.de
solverName: ionos
config:
apiUrl: https://api.hosting.ionos.com/dns/v1
publicKeySecretRef:
key: PREFIX
name: ionos-secret
secretKeySecretRef:
key: SECRET
name: ionos-secret
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/
# Email address used for ACME registration
email: steffen.illium@gmail.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-key
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.steffenillium.de
solverName: ionos
config:
apiUrl: https://api.hosting.ionos.com/dns/v1
publicKeySecretRef:
key: PREFIX
name: ionos-secret
secretKeySecretRef:
key: SECRET
name: ionos-secret

29
infrastructure/07-cert-manager/ionos-secret-sealed.yaml
View File

@ -1,29 +0,0 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "ionos-secret",
"namespace": "cert-manager",
"creationTimestamp": null,
"annotations": {
"sealedsecrets.bitnami.com/namespace-wide": "true"
}
},
"spec": {
"template": {
"metadata": {
"name": "ionos-secret",
"namespace": "cert-manager",
"creationTimestamp": null,
"annotations": {
"sealedsecrets.bitnami.com/namespace-wide": "true"
}
},
"type": "Opaque"
},
"encryptedData": {
"PREFIX": "AgAq4okbPaF6zKP44PpXdhvMkx5Ndxcozz0l594nDxkydUB5uliX1s3gX/Z1YgW9k5Ula9x/Ypx/cW9SKOZ1W601VFgkaxe6ocaRWccZLeJmdj7c5h4OqmvDIRvscSC+Z4vts7XzSor4TKBLRD3rcWbthoXMyabMUYMNjETB8m+lEU1qa/O6CP9eHicC1PlAccWvzjwK7zImooo+od3436go8kLJNI9Sewmywmq09G39tuiCV59kzIZeXdNcwuxkxe49lZfbsFxcLkfl82ay1I68zZWQ8C2j3U6mxgh81CIkmswYk6qbnYCaZsLHp2vzJ05YGD/2Odvvlc0OA2EGCpomBwHEDtUKCCdyH+/3HeBspi3X0nKuLuWR0zX8FlOXoj0WPJMfWAMVBHDrqRJcC5NvT3xhx/L4YKUxIp+424CvxFnUT1lox3Dw1ssDPG1LcKZKn7OOEmkUOSVHkysMkKpmR6PKEAnWU6SIntoWD86Grw91Fnw6GOxPgyOsPcxsL+p/5meqtJKMLKQoRMq+NIAwmaXnoOhc30wjfQjquyFaQ6PGAGRbcriPZmdOOWVJBwOC7doMz51u7lvAq9VHJrveZEHfq7TMLgbCPUaVHpIN0qXcHYRPnZfhJyRGdbOaV0l8XsNvJkEiOJ81ZOajhUhbkt69Hn0cm0ifRiPF2K7/6N5rxwrf6E4W3d/KS+WXTMz+7QsfQ6nEy6S+pt3IvZWlJbhHNb18oqRfX2ofuzWztQ==",
"SECRET": "AgCGbeIjGAq8iJFuM0tneDHMVfrHkptmWDRLzMGnzcSOTwUFp0zzwgpsTK4dXPmWoq0Mc7OhZkezAkkD5NpkH3N1y+w8w26D7Zj054c7yl3/7GC1OGsEnfGYGLCzhxQ0M0iB2mxX4D8V1fGshoG/jlx1bPuncrOImT7/JzKCdgkfU8qb0Y9MTGwpwbCcp2PsSkK4gu37MltcF+y6pCkGTyFjJ3ioib6KkCVsu4dEyjp5LtnNe0v+6Op6PZ3OxNJFp/qD18DqLsebWzRo/j/e6ta3G53waSbF0ujCwFgCqpmy6wXSRhArqhvPswC9G4mtumGTY6G6G0JDZEnNi608oAvS560/0ik/EUldDoYf0UdmHATA39x0jCBajKRyiiIsz6NQCoxsijHSmWuXg7m4mE8C02wU7M3UrRNr8Cb8Hv48iBGNyRDBV5Fo+OYb9v0wdFhhMAWkTvZiOfM82isGYpNpVZ31sbO+yycCJkURUNc796eERj9GwdFqhjytCrivtfi7NKnGpXZyNlcKEaaxOcQgFEPIPmzo8qb3sfwusMYVnS+kIA6W1eAqlNUU8tclpuVMojt6tQJiKVcxqY4ktOwwe8Gh9Eb7hkX8z/ephg2DdupeBmZGh9gqWkXANoGm7xaYQ57XzohygXtpn3Hp47KCgmx3x0cX5Nc3OC9CWNEHpKrRUvFBYdCha9uc+vJbP+NeT1cjKuZVc+3GuMXLqLwAP3NiSX6G4b/YsWWIgMLkurqSZZgku4e/3kOxuxZc1jmqDGDsSn8OONnU4Oxn6qfdZAWBGlwmU5EvmQRHhB+8TPmEDPy6Nw=="
}
}
}

18
infrastructure/07-cert-manager/kustomization.yaml
View File

@ -1,18 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- dns-issuer.yaml
- https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
- ionos-secret-sealed.yaml
- namespace.yaml
helmCharts:
- name: cert-manager
includeCRDs: false
version: 1.14.4
releaseName: "cert-manager"
repo: https://charts.jetstack.io
valuesFile: values.yaml

4
infrastructure/07-cert-manager/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager

5
infrastructure/07-cert-manager/values.yaml
View File

@ -1,5 +0,0 @@
webhook:
securePort: 10260
global:
leaderElection:
namespace: cert-manager

6
infrastructure/07-certmanager/kustomization.yaml
View File

@ -16,3 +16,9 @@ helmCharts:
releaseName: "cert-manager" releaseName: "cert-manager"
repo: https://charts.jetstack.io repo: https://charts.jetstack.io
valuesFile: values.yaml valuesFile: values.yaml
# patches:
# - path: patches/mutating-webhook-namespace.yaml
transformers:
- patches/annotation-transfom.yaml

10
infrastructure/07-certmanager/patches/annotation-transfom.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: builtin
kind: AnnotationsTransformer
metadata:
name: webhook.cert-manager.io
annotations:
cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
fieldSpecs:
- path: metadata/annotations
create: true
kind: MutatingWebhookConfiguration

5
infrastructure/07-certmanager/patches/mutating-webhook-namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca

5
infrastructure/07-certmanager/values.yaml
View File

@ -5,7 +5,4 @@ global:
webhook: webhook:
securePort: 10260 securePort: 10260
validatingWebhookConfigurationAnnotations: validatingWebhookConfigurationAnnotations:
cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca