remove cert manager because it is pain

infrastructure/03-traefik/shared/cert/tls-store.yaml

@@ -0,0 +1,13 @@
+apiVersion: traefik.io/v1alpha1
+kind: TLSStore
+metadata:
+  name: default
+  namespace: traefik
+
+spec:
+  defaultGeneratedCert:
+    resolver: default
+    domain:
+      main: steffenillium.de
+      sans:
+        - "*.steffenillium.de"

infrastructure/07-certmanager/additional-roles.yaml

@@ -1,23 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: cert-manager-lego-webhook-challenges
-rules:
-- apiGroups:
-    - "cert-manager.io"
-    - "acme.cert-manager.io"
-  resources: ["challenges"]
-  verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: cert-manager-lego-webhook-challenges-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cert-manager-lego-webhook-challenges
-subjects:
-- kind: ServiceAccount
-  name: cert-manager
-  namespace: cert-manager

infrastructure/07-certmanager/dns-issuer.yaml

@@ -1,49 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-staging
-spec:
-  acme:
-    # The ACME server URL
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: steffen.illium@gmail.com
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-ionos-staging-key
-    # Enable the dns01 challenge provider
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.steffenillium.de
-            solverName: lego-solver
-            config:
-              provider: ionos
-              envFrom:
-                secret:
-                  name: ionos-secret
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-prod
-spec:
-  acme:
-    # The ACME server URL
-    server: https://acme-v02.api.letsencrypt.org/directory
-    # Email address used for ACME registration
-    email: steffen.illium@gmail.com
-    # Name of a secret used to store the ACME account private key
-    privateKeySecretRef:
-      name: letsencrypt-ionos-key
-    # Enable the dns01 challenge provider
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.steffenillium.de
-            solverName: lego-solver
-            config:
-              provider: ionos
-              envFrom:
-                secret:
-                  name: ionos-secret

infrastructure/07-certmanager/kustomization.yaml

@@ -1,33 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: cert-manager
-
-components:
-  - ../../components/local-region-selector.yaml
-
-resources:
-  - wildcard-cert.yaml
-  - dns-issuer.yaml
-  - ionos-secret-sealed.yaml
-  # - additional-roles.yaml
-  - https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
-  - namespace.yaml
-
-helmCharts:
-- name: "cert-manager-lego-webhook"
-  includeCRDs: false
-  version: 1.0.1
-  releaseName: "cert-manager-lego-webhook"
-  repo: https://yxwuxuanl.github.io/cert-manager-lego-webhook/
-  valuesFile: values-lego.yaml
-- name: "cert-manager"
-  includeCRDs: false
-  version: 1.14.4
-  releaseName: "cert-manager"
-  repo: https://charts.jetstack.io
-  valuesFile: values.yaml
-
-transformers:
-  - patches/annotation-transfom.yaml
-  - patches/annotation-transfom-api.yaml

infrastructure/07-certmanager/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cert-manager

infrastructure/07-certmanager/patches/annotation-transfom-api.yaml

@@ -1,10 +0,0 @@
-apiVersion: builtin
-kind: AnnotationsTransformer
-metadata:
-  name: v1alpha1.acme.steffenillium.de
-annotations:
-  cert-manager.io/inject-ca-from: cert-manager/cert-manager
-fieldSpecs:
-- path: metadata/annotations
-  create: true
-  kind: APIService

infrastructure/07-certmanager/patches/annotation-transfom.yaml

@@ -1,10 +0,0 @@
-apiVersion: builtin
-kind: AnnotationsTransformer
-metadata:
-  name: webhook.cert-manager.io
-annotations:
-  cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
-fieldSpecs:
-- path: metadata/annotations
-  create: true
-  kind: MutatingWebhookConfiguration

infrastructure/07-certmanager/values-lego.yaml

@@ -1,9 +0,0 @@
-groupName: acme.steffenillium.de
-
-webhook:
-  image:
-    tag: main
-
-certManager:
-  namespace: "cert-manager"
-  serviceAccountName: "cert-manager-lego"

infrastructure/07-certmanager/wildcard-cert.yaml

@@ -1,24 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: wildcard-cert
-  namespace: traefik
-spec:
-  secretName: wildcard-cert
-  dnsNames:
-    # - "steffenillium.de"
-    - "*.steffenillium.de"
-  issuerRef:
-    name: letsencrypt-staging
-    kind: ClusterIssuer
----
-apiVersion: traefik.io/v1alpha1
-kind: TLSStore
-metadata:
-  name: default
-  namespace: traefik
-spec:
-  defaultCertificate:
-    secretName: wildcard-cert
-  certificates:
-    - secretName: wildcard-cert