steffen/kubedeploy-k3s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove cert manager because it is pain

Browse Source
This commit is contained in:
Steffen Illium
2024-04-10 23:05:03 +02:00
parent 7a26913c8a
commit dbd9a30b14
12 changed files with 13 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
infrastructure/07-certmanager/values.yaml → infrastructure/03-traefik/shared/base/values.yaml
View File

0
infrastructure/03-traefik/shared/base/dc-secret-sealed.yaml → infrastructure/03-traefik/shared/cert/dc-secret-sealed.yaml
View File

0
infrastructure/07-certmanager/ionos-secret-sealed.yaml → infrastructure/03-traefik/shared/cert/ionos-secret-sealed.yaml
View File

13
infrastructure/03-traefik/shared/cert/tls-store.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: traefik
spec:
defaultGeneratedCert:
resolver: default
domain:
main: steffenillium.de
sans:
- "*.steffenillium.de"

23
infrastructure/07-certmanager/additional-roles.yaml
View File

@ -1,23 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cert-manager-lego-webhook-challenges
rules:
- apiGroups:
- "cert-manager.io"
- "acme.cert-manager.io"
resources: ["challenges"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cert-manager-lego-webhook-challenges-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-lego-webhook-challenges
subjects:
- kind: ServiceAccount
name: cert-manager
namespace: cert-manager

49
infrastructure/07-certmanager/dns-issuer.yaml
View File

@ -1,49 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: steffen.illium@gmail.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-staging-key
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.steffenillium.de
solverName: lego-solver
config:
provider: ionos
envFrom:
secret:
name: ionos-secret
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: steffen.illium@gmail.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ionos-key
# Enable the dns01 challenge provider
solvers:
- dns01:
webhook:
groupName: acme.steffenillium.de
solverName: lego-solver
config:
provider: ionos
envFrom:
secret:
name: ionos-secret

33
infrastructure/07-certmanager/kustomization.yaml
View File

@ -1,33 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
components:
- ../../components/local-region-selector.yaml
resources:
- wildcard-cert.yaml
- dns-issuer.yaml
- ionos-secret-sealed.yaml
# - additional-roles.yaml
- https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
- namespace.yaml
helmCharts:
- name: "cert-manager-lego-webhook"
includeCRDs: false
version: 1.0.1
releaseName: "cert-manager-lego-webhook"
repo: https://yxwuxuanl.github.io/cert-manager-lego-webhook/
valuesFile: values-lego.yaml
- name: "cert-manager"
includeCRDs: false
version: 1.14.4
releaseName: "cert-manager"
repo: https://charts.jetstack.io
valuesFile: values.yaml
transformers:
- patches/annotation-transfom.yaml
- patches/annotation-transfom-api.yaml

4
infrastructure/07-certmanager/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager

10
infrastructure/07-certmanager/patches/annotation-transfom-api.yaml
View File

@ -1,10 +0,0 @@
apiVersion: builtin
kind: AnnotationsTransformer
metadata:
name: v1alpha1.acme.steffenillium.de
annotations:
cert-manager.io/inject-ca-from: cert-manager/cert-manager
fieldSpecs:
- path: metadata/annotations
create: true
kind: APIService

10
infrastructure/07-certmanager/patches/annotation-transfom.yaml
View File

@ -1,10 +0,0 @@
apiVersion: builtin
kind: AnnotationsTransformer
metadata:
name: webhook.cert-manager.io
annotations:
cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
fieldSpecs:
- path: metadata/annotations
create: true
kind: MutatingWebhookConfiguration

9
infrastructure/07-certmanager/values-lego.yaml
View File

@ -1,9 +0,0 @@
groupName: acme.steffenillium.de
webhook:
image:
tag: main
certManager:
namespace: "cert-manager"
serviceAccountName: "cert-manager-lego"

24
infrastructure/07-certmanager/wildcard-cert.yaml
View File

@ -1,24 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-cert
namespace: traefik
spec:
secretName: wildcard-cert
dnsNames:
# - "steffenillium.de"
- "*.steffenillium.de"
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
---
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: traefik
spec:
defaultCertificate:
secretName: wildcard-cert
certificates:
- secretName: wildcard-cert