remove cert manager, foreign service routes

2024-03-28 22:09:07 +01:00
parent a2631f611c
commit 663d4ac44e
9 changed files with 30 additions and 139 deletions
--- a/infrastructure/03-traefik/external-overlay/kustomization.yaml
+++ b/infrastructure/03-traefik/external-overlay/kustomization.yaml
@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: traefik-external
+
+resources:
+- ../base
+namePrefix: dev-
--- a/infrastructure/03-traefik/foreign/home-assistant/home-assistant-ingress.yaml
+++ b/infrastructure/03-traefik/foreign/home-assistant/home-assistant-ingress.yaml
@ -1,15 +1,16 @@
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: cert-manager-ui
+  name: home-assitant
+  namespace: external
 spec:
  entryPoints:
    - web
    - websecure
  routes:
-  - match: Host(`cert-manager.steffenillium.de`)
+  - match: Host(`home.steffenillium.de`)
    kind: Rule
    services:
-    - name: lcl-cert-manager
-      kind: Service
-      port: 443
+    - name: home-assitant
+      port: 80
+
--- a/infrastructure/03-traefik/foreign/home-assistant/home-assistant-service.yaml
+++ b/infrastructure/03-traefik/foreign/home-assistant/home-assistant-service.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant
+  namespace: external
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 192.168.178.3  # static IP pre-allocated.
+  ports:
+    - port: 80
+      name: http
+    - port: 443
+      name: https
--- a/infrastructure/03-traefik/kustomization.yaml
+++ b/infrastructure/03-traefik/kustomization.yaml
@ -6,6 +6,9 @@ namespace: traefik
 resources:
  - base/traefik-middleware-default-headers.yaml
  - base/traefik-adguard-service-udp-dns.yaml
+  ### Routes and Services for out of cluster deployments/legacy
+  - foreign/home-assistant/home-assistant-ingress.yaml
+  - foreign/home-assistant/home-assistant-service.yaml

 helmCharts:
 - name: traefik
--- a/infrastructure/05-cert-manager/base/ionos-certificate.yaml
+++ b/infrastructure/05-cert-manager/base/ionos-certificate.yaml
@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: steffenillium-de
-  annotations:
-    sealedsecrets.bitnami.com/cluster-wide: "true"
-spec:
-  dnsNames:
-    - '*.steffenillium.de'
-  issuerRef:
-    name: letsencrypt-ionos-staging
-  secretName: default-tls
--- a/infrastructure/05-cert-manager/base/ionos-issuer.yaml
+++ b/infrastructure/05-cert-manager/base/ionos-issuer.yaml
@ -1,55 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt-ionos-staging
-spec:
-  acme:
-    # The ACME server URL
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: mail@steffenillium.de
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-ionos-staging-key
-    # Enable the dns01 challenge provider
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.fabmade.de
-            solverName: ionos
-            config:
-              apiUrl: https://api.hosting.ionos.com/dns/v1
-              publicKeySecretRef:
-                key: IONOS_PUBLIC_PREFIX
-                name: ionos-secret
-              secretKeySecretRef:
-                key: IONOS_SECRET
-                name: ionos-secret
--- 
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: letsencrypt-ionos-prod
-spec:
-  acme:
-    # The ACME server URL
-    server: https://acme-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: mail@steffenillium.de
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-ionos-prod
-    # Enable the dns01 challenge provider
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.fabmade.de
-            solverName: ionos
-            config:
-              apiUrl: https://api.hosting.ionos.com/dns/v1
-              publicKeySecretRef:
-                key: IONOS_PUBLIC_PREFIX
-                name: ionos-secret
-              secretKeySecretRef:
-                key: IONOS_SECRET
-                name: ionos-secret
--- a/infrastructure/05-cert-manager/base/ionos-secret-sealed.yaml
+++ b/infrastructure/05-cert-manager/base/ionos-secret-sealed.yaml
@ -1,29 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "ionos-secret",
-    "namespace": "cert-manager",
-    "creationTimestamp": null,
-    "annotations": {
-      "sealedsecrets.bitnami.com/namespace-wide": "true"
-    }
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "ionos-secret",
-        "namespace": "cert-manager",
-        "creationTimestamp": null,
-        "annotations": {
-          "sealedsecrets.bitnami.com/namespace-wide": "true"
-        }
-      },
-      "type": "Opaque"
-    },
-    "encryptedData": {
-      "IONOS_PUBLIC_PREFIX": "AgAPVKRcabyIa98sbuckzf39rnuZvciQuh1QZ94QEtopyPmNPR7MUehceSIK3jJ4XAJMFy+bENO27Lhl5+6z5d1LldFJtGQBZ5oJ34Aobb/J5wFJntvOLX8PVGRKkHcd6EyqCq/gY+JXX6prWRlAaIazSVJnx1X66c2q0jdGZ3gUSxK62iwspCpSk7WbRa4fxoJLskB6Pia5Tm3AwPs5TJRPAl689gxeWy2uYTLAoBLFCLhioF6RHtlu0c7o+CjMhIWG3nbitaNXkvsw9BUJfRTJx/NNTqahh3VgBo5mN8vNb2NXakmWykwla6khA51czT6uCicXk9CMefZOZx+nMlsWyXrob5AC/X5zD7P1dYxhRAZgiNTTaOWrIIyP/ttkG/YJvZG4iC3cC/RbauNGuaHoI4+QKG+HOqwZP7Y7TrCZ6zn7ljzo7xbsIrzmVm7qzVPjlNwx8Rjm5C45W5gJzqfey8kd7u/szBbK9IdudrDMfaeOTFpWA0YnPlKuk2HAIcPcE4dNzDahsisaKA0kBerESxAmzGcav6EF5LsYqDFClkEtBIOrNanAt0cxVNX117/lBZ2R/o5lWoqvbkHfWDYSD602IJfDT93ElN79lCZ1oyr7KEoSdRHCTKnnc6Jfby2D3FiOyIQpUN2vEe0DltCedX70dEN+gfBS3Jp5sXADmb/JMh7qurvL/DxGWsLnU8qvOl50QZzB0hy/wxZCsXfTWJmRdR9gNAWD9NvNhrHAgA==",
-      "IONOS_SECRET": "AgA9RcFprv2QImD82XW728QBGwoTCUx6fuI1BA5SPDE4G1scr8MR0OLWIEgjcaa6jxtXE0vU8B/0R8tGQuvpRMCG7LirJloP5jcYTqF5MQYAJCiUNXtARrbTLaYzQbQdTHii+RbQHJvdGIeY+dcgd1M919t/moJd6Zl82COdpm4LcIRF+Qig3fFXLJ59hLrwDwx7xq9cbRkThHV+t7uoYQiDIkGktAU3u7ql+FjnIjyJCInNGlI7Hlq15k+1Hb8FUvSAtT3phZyD2yRHBabgFEkaqGOx4Ztrf37m8s6Sh32cHDyI8zSf+StK5e/AAY97mL+f3OiyuWK/Vs2jiW0rKoTF7WMj42cL48lQPovYOG+zM2rjz5NMeTuO0WmnuiSX+tN5BoxyMZF+1209J0hWy2/QCH0V1Ec7fALgKIEtbKrGV02LgmoZbv3F1QcL7z/S8rKkcym7kFqMhjR3R7sRQZ1H/fmF+NuET48wzIUhEdjeyqYUJj3USZf2+T3UvJvp0mzGJODYNFgOG5I5J/Dbrc/0vU8YQ3PB7wRKa40+C8D9+hwGKTWc+vW38mJErnw724IjerRJCsex12B0gSMM5n+nQbvGd7n8N7Q2nNm2uAMdT60MP/fRgx1g6fOPQm7welhJYjTpvKciSEcGXcZSqM+Q8ADvWd9RLEeRo15/7hBs6VpQdbt0nntrC8Ej0yHjq411tbauOc27lB/XVfreKozUFtSzsTCAoDQq32lJI180Udupw3kAwMViDwxYZ/Rh61gQpVpg4jRsGMbNWTLnAT79QBeSbo+vK1dJcjK8NekUOJn51hTlsQ=="
-    }
-  }
-}
--- a/infrastructure/05-cert-manager/kustomization.yaml
+++ b/infrastructure/05-cert-manager/kustomization.yaml
@ -1,29 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: cert-manager
-
-resources:
- base/cert-manager-ui-ingress.yaml
- base/ionos-secret-sealed.yaml
- base/ionos-certificate.yaml
- base/ionos-issuer.yaml
-
-helmCharts:
- name: cert-manager
-  includeCRDs: true
-  releaseName: lcl
-  version: 1.14.4
-  repo: https://charts.jetstack.io
-  # valuesFile: base/values.yaml
- name: cert-manager-webhook-ionos
-  includeCRDs: true
-  releaseName: lcl
-  version: 1.0.2
-  repo: https://fabmade.github.io/cert-manager-webhook-ionos
-  # valuesFile: base/ionos-values.yaml
-
-patches:
- path: patches/nodeselector.yaml
-  target:
-    kind: (StatefulSet|Deployment|Job)
--- a/infrastructure/05-cert-manager/patches/nodeselector.yaml
+++ b/infrastructure/05-cert-manager/patches/nodeselector.yaml
@ -1,9 +0,0 @@
-apiVersion: apps/v1
-kind: not-important
-metadata:
-  name: not-important
-spec:
-  template:
-    spec:
-      nodeSelector:
-        region: local