renamed to certmanager

2024-04-10 10:38:17 +02:00 · 2024-04-10 10:38:17 +02:00 · f5d062650b
commit f5d062650b
parent de920cc19c
5 changed files with 111 additions and 0 deletions
--- a/infrastructure/07-certmanager/dns-issuer.yaml
+++ b/infrastructure/07-certmanager/dns-issuer.yaml
@ -0,0 +1,55 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: steffen.illium@gmail.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-ionos-staging-key
+    # Enable the dns01 challenge provider
+    solvers:
+      - dns01:
+          webhook:
+            groupName: acme.steffenillium.de
+            solverName: ionos
+            config:
+              apiUrl: https://api.hosting.ionos.com/dns/v1
+              publicKeySecretRef:
+                key: PREFIX 
+                name: ionos-secret
+              secretKeySecretRef:
+                key: SECRET
+                name: ionos-secret
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/
+    # Email address used for ACME registration
+    email: steffen.illium@gmail.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-ionos-key
+    # Enable the dns01 challenge provider
+    solvers:
+      - dns01:
+          webhook:
+            groupName: acme.steffenillium.de
+            solverName: ionos
+            config:
+              apiUrl: https://api.hosting.ionos.com/dns/v1
+              publicKeySecretRef:
+                key: PREFIX 
+                name: ionos-secret
+              secretKeySecretRef:
+                key: SECRET
+                name: ionos-secret
--- a/infrastructure/07-certmanager/ionos-secret-sealed.yaml
+++ b/infrastructure/07-certmanager/ionos-secret-sealed.yaml
@ -0,0 +1,29 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "ionos-secret",
+    "namespace": "cert-manager",
+    "creationTimestamp": null,
+    "annotations": {
+      "sealedsecrets.bitnami.com/namespace-wide": "true"
+    }
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "ionos-secret",
+        "namespace": "cert-manager",
+        "creationTimestamp": null,
+        "annotations": {
+          "sealedsecrets.bitnami.com/namespace-wide": "true"
+        }
+      },
+      "type": "Opaque"
+    },
+    "encryptedData": {
+      "PREFIX": "AgAq4okbPaF6zKP44PpXdhvMkx5Ndxcozz0l594nDxkydUB5uliX1s3gX/Z1YgW9k5Ula9x/Ypx/cW9SKOZ1W601VFgkaxe6ocaRWccZLeJmdj7c5h4OqmvDIRvscSC+Z4vts7XzSor4TKBLRD3rcWbthoXMyabMUYMNjETB8m+lEU1qa/O6CP9eHicC1PlAccWvzjwK7zImooo+od3436go8kLJNI9Sewmywmq09G39tuiCV59kzIZeXdNcwuxkxe49lZfbsFxcLkfl82ay1I68zZWQ8C2j3U6mxgh81CIkmswYk6qbnYCaZsLHp2vzJ05YGD/2Odvvlc0OA2EGCpomBwHEDtUKCCdyH+/3HeBspi3X0nKuLuWR0zX8FlOXoj0WPJMfWAMVBHDrqRJcC5NvT3xhx/L4YKUxIp+424CvxFnUT1lox3Dw1ssDPG1LcKZKn7OOEmkUOSVHkysMkKpmR6PKEAnWU6SIntoWD86Grw91Fnw6GOxPgyOsPcxsL+p/5meqtJKMLKQoRMq+NIAwmaXnoOhc30wjfQjquyFaQ6PGAGRbcriPZmdOOWVJBwOC7doMz51u7lvAq9VHJrveZEHfq7TMLgbCPUaVHpIN0qXcHYRPnZfhJyRGdbOaV0l8XsNvJkEiOJ81ZOajhUhbkt69Hn0cm0ifRiPF2K7/6N5rxwrf6E4W3d/KS+WXTMz+7QsfQ6nEy6S+pt3IvZWlJbhHNb18oqRfX2ofuzWztQ==",
+      "SECRET": "AgCGbeIjGAq8iJFuM0tneDHMVfrHkptmWDRLzMGnzcSOTwUFp0zzwgpsTK4dXPmWoq0Mc7OhZkezAkkD5NpkH3N1y+w8w26D7Zj054c7yl3/7GC1OGsEnfGYGLCzhxQ0M0iB2mxX4D8V1fGshoG/jlx1bPuncrOImT7/JzKCdgkfU8qb0Y9MTGwpwbCcp2PsSkK4gu37MltcF+y6pCkGTyFjJ3ioib6KkCVsu4dEyjp5LtnNe0v+6Op6PZ3OxNJFp/qD18DqLsebWzRo/j/e6ta3G53waSbF0ujCwFgCqpmy6wXSRhArqhvPswC9G4mtumGTY6G6G0JDZEnNi608oAvS560/0ik/EUldDoYf0UdmHATA39x0jCBajKRyiiIsz6NQCoxsijHSmWuXg7m4mE8C02wU7M3UrRNr8Cb8Hv48iBGNyRDBV5Fo+OYb9v0wdFhhMAWkTvZiOfM82isGYpNpVZ31sbO+yycCJkURUNc796eERj9GwdFqhjytCrivtfi7NKnGpXZyNlcKEaaxOcQgFEPIPmzo8qb3sfwusMYVnS+kIA6W1eAqlNUU8tclpuVMojt6tQJiKVcxqY4ktOwwe8Gh9Eb7hkX8z/ephg2DdupeBmZGh9gqWkXANoGm7xaYQ57XzohygXtpn3Hp47KCgmx3x0cX5Nc3OC9CWNEHpKrRUvFBYdCha9uc+vJbP+NeT1cjKuZVc+3GuMXLqLwAP3NiSX6G4b/YsWWIgMLkurqSZZgku4e/3kOxuxZc1jmqDGDsSn8OONnU4Oxn6qfdZAWBGlwmU5EvmQRHhB+8TPmEDPy6Nw=="
+    }
+  }
+}
--- a/infrastructure/07-certmanager/kustomization.yaml
+++ b/infrastructure/07-certmanager/kustomization.yaml
@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: cert-manager
+
+resources:
+  - dns-issuer.yaml
+  - https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
+  - ionos-secret-sealed.yaml
+  - namespace.yaml
+
+helmCharts:
+- name: cert-manager
+  includeCRDs: false
+  version: 1.14.4
+  releaseName: "cert-manager"
+  repo: https://charts.jetstack.io
+  valuesFile: values.yaml
--- a/infrastructure/07-certmanager/namespace.yaml
+++ b/infrastructure/07-certmanager/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
--- a/infrastructure/07-certmanager/values.yaml
+++ b/infrastructure/07-certmanager/values.yaml
@ -0,0 +1,5 @@
+webhook:
+  securePort: 10260
+global:
+  leaderElection:
+    namespace: cert-manager