github-personal/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-01-27 10:18:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(cert-manager): add cert-manager

Browse Source
This commit is contained in:
JJGadgets
2023-01-31 09:25:59 +08:00
parent ae94022dcb
commit 09be3245f5
8 changed files with 208 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
kube/2-kube-crds/cert-manager/crds.yaml Normal file
View File

@@ -0,0 +1,54 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: cert-manager-source
namespace: flux-system
spec:
interval: 12h
url: https://github.com/cert-manager/cert-manager.git
ref:
# renovate: registryUrl=https://charts.jetstack.io chart=cert-manager
tag: v1.11.0
ignore: |
# exclude all
/*
# include crd directory
!/deploy/crds
# exclude file extensions from crd dir
/deploy/crds/*.md
/deploy/crds/*.bazel
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: crds-cert-manager
namespace: flux-system
spec:
interval: 30m
prune: false
wait: true
sourceRef:
kind: GitRepository
name: cert-manager-source
# Remove the Helm templating from labels and annotations
patches:
- target:
version: v1
kind: CustomResourceDefinition
patch: |-
- op: replace
path: /metadata/labels/app
value: cert-manager
- op: replace
path: /metadata/labels/app.kubernetes.io~1name
value: cert-manager
- op: replace
path: /metadata/labels/app.kubernetes.io~1instance
value: cert-manager
- op: add
path: /metadata/labels/app.kubernetes.io~1version
# renovate: registryUrl=https://charts.jetstack.io depName=cert-manager
value: v1.8.0
- op: remove
path: /metadata/annotations

5
kube/2-kube-crds/cert-manager/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds.yaml

1
kube/2-kube-crds/kustomization.yaml
View File

@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rook-ceph
- cert-manager

7
kube/3-kube-core/3-certs/.sops.yaml Normal file
View File

@@ -0,0 +1,7 @@
creation_rules:
- path_regex: .*.yaml
encrypted_regex: ^(email|dnsZones|stringData)$
age: >-
age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu
pgp: >-
31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2

7
kube/3-kube-core/3-certs/1-namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
kustomize.toolkit.fluxcd.io/prune: disabled

41
kube/3-kube-core/3-certs/2-install.yaml Normal file
View File

@@ -0,0 +1,41 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 15m
chart:
spec:
chart: cert-manager
version: v1.11.0
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
maxHistory: 3
install:
createNamespace: true
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
uninstall:
keepHistory: false
values:
installCRDs: false
extraArgs:
- --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53,1.1.1.2:53,1.0.0.2:53,1.1.1.3:53,1.0.0.3:53
- --dns01-recursive-nameservers-only
podDnsPolicy: None
podDnsConfig:
nameservers:
- "1.1.1.1"
- "1.0.0.1"
- "1.1.1.2"
- "1.0.0.2"
- "1.1.1.3"
- "1.0.0.3"

92
kube/3-kube-core/3-certs/3-issuer.yaml Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ENC[AES256_GCM,data:uuLsQXAAIWcALTJ6orWD7MBg5w==,iv:kvyi6mf0zgPw5WCjabDtTevl9vpgc9R59HgBUvE5KsA=,tag:BO8EE0020vIqYTZdmGbIIw==,type:str]
privateKeySecretRef:
name: letsencrypt-production
solvers:
- dns01:
cloudflare:
email: ENC[AES256_GCM,data:MY+x8id2bh7h325/66hgOeeoX+zO5A==,iv:PZ6mgOoC4ITjznlq0UWs8CVpaOsmH3yDx7RL9sPRJKA=,tag:N23nR51/OtHOxO20unxKwA==,type:str]
apiKeySecretRef:
name: dns01-api
key: cloudflare
selector:
dnsZones:
- ENC[AES256_GCM,data:PPCkOrLe,iv:kbKa7Z7OGgthzi37pdNRm/ZnXkWtKLd/KFeW5VRThEk=,tag:Q6b7GEwPorxNRWeOQOr/MA==,type:str]
- ENC[AES256_GCM,data:JMSQS5ks1mkIakPBiqI=,iv:nRB4+tCh8XzJM9um1DNbfaks1kahTmdZB1Gmg+vIbMI=,tag:QAuo9QHZRJEQ5YrbM1MDxg==,type:str]
- ENC[AES256_GCM,data:fTgjL2NqXzTLPFpzBA==,iv:3hc8weLymnamZ2+ZNzobD79yGX3vElmF2M6vbNo7310=,tag:32XkUOr9JL6Wt6wHAhvw1g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHa3RKV1d5N3BhL2ZXWGRo
VjZPRFZQMDdUVm9VaWNDQ3RvQUQ2MkRDNUZvCmF0TEpjdmhDcjNpdDY3eGRicmtM
U3VGT3AyNGpyTy83OTIvWURWUFcwVnMKLS0tIGxwMklXUWUzT21GRUxPcWpXL2xl
bkhuMktzNGxSSytXYmJDOG1vOEpEemMKMwcArlt/YauK8yfxiIEpnhMFEBgpNFY7
HeiLqiDg/BZDjYeCk1Nov8zHDADUpZ2/Im37MJwHxO1pwcH7lPARWg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-31T01:23:48Z"
mac: ENC[AES256_GCM,data:BUeE7d+lEuKXYg/Spn3OteJDhG6OFXRSkqABVHVC104ru1ZwVY+riOhzH/cp6lamxnOdW6Q7sAD6xFbO9RmeitKED91S9FtHJNagxw4Nnk4PuMqDloFFDYGjf6jkI8CfQ4xylFAsM5jVVSKdxI5AHSsgsvqP4J6xXS2qmCY1tS0=,iv:cR5qJU1lNa1kFqQud5XJVCLrymGhcwibuJU8IXwgJrs=,tag:ec1JFb6wdvUHtwXYsyXErw==,type:str]
pgp:
- created_at: "2023-01-31T01:22:56Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DAAAAAAAAAAASAQdAi25jYS+jTgkmZHsUPzrOaFxUnGuap75b0lBTILIWc08w
exBxZIt0/1Ni/jLyGxg529if+yT5hkkSO4ijn/JQAD5Y1VrdbcFAx/pIOhuNey76
0lwBWTpvI4sSAHs1qNdouWeqtL/Ufno0nN4KszjCvIGtdr3EUFzpO5PBQ/cQrrE8
kerNMDXc6veD6x9YuCPuHSS9t7C9B+eYJ9+CL4HVa7oNVMtjgqfN75geaC7w/w==
=A7V1
-----END PGP MESSAGE-----
fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
encrypted_regex: ^(email|dnsZones|stringData)$
version: 3.7.3
---
apiVersion: v1
kind: Secret
metadata:
name: dns01-api
namespace: cert-manager
stringData:
cloudflare: ENC[AES256_GCM,data:3Clxd4p/dbBwztU1OtdD5i8HJZiJY34Ja10KPgbjgBiAm/Z6oR5HjA==,iv:FALCaWOBWCPo+y+sTJzosFECACU3UFbqcqYVgzpQKqQ=,tag:GJpro8jGwnQU8LiPjSzjLg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHa3RKV1d5N3BhL2ZXWGRo
VjZPRFZQMDdUVm9VaWNDQ3RvQUQ2MkRDNUZvCmF0TEpjdmhDcjNpdDY3eGRicmtM
U3VGT3AyNGpyTy83OTIvWURWUFcwVnMKLS0tIGxwMklXUWUzT21GRUxPcWpXL2xl
bkhuMktzNGxSSytXYmJDOG1vOEpEemMKMwcArlt/YauK8yfxiIEpnhMFEBgpNFY7
HeiLqiDg/BZDjYeCk1Nov8zHDADUpZ2/Im37MJwHxO1pwcH7lPARWg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-31T01:23:48Z"
mac: ENC[AES256_GCM,data:BUeE7d+lEuKXYg/Spn3OteJDhG6OFXRSkqABVHVC104ru1ZwVY+riOhzH/cp6lamxnOdW6Q7sAD6xFbO9RmeitKED91S9FtHJNagxw4Nnk4PuMqDloFFDYGjf6jkI8CfQ4xylFAsM5jVVSKdxI5AHSsgsvqP4J6xXS2qmCY1tS0=,iv:cR5qJU1lNa1kFqQud5XJVCLrymGhcwibuJU8IXwgJrs=,tag:ec1JFb6wdvUHtwXYsyXErw==,type:str]
pgp:
- created_at: "2023-01-31T01:22:56Z"
enc: |
-----BEGIN PGP MESSAGE-----
hF4DAAAAAAAAAAASAQdAi25jYS+jTgkmZHsUPzrOaFxUnGuap75b0lBTILIWc08w
exBxZIt0/1Ni/jLyGxg529if+yT5hkkSO4ijn/JQAD5Y1VrdbcFAx/pIOhuNey76
0lwBWTpvI4sSAHs1qNdouWeqtL/Ufno0nN4KszjCvIGtdr3EUFzpO5PBQ/cQrrE8
kerNMDXc6veD6x9YuCPuHSS9t7C9B+eYJ9+CL4HVa7oNVMtjgqfN75geaC7w/w==
=A7V1
-----END PGP MESSAGE-----
fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2
encrypted_regex: ^(email|dnsZones|stringData)$
version: 3.7.3

1
kube/3-kube-core/3-certs/nohup.out Normal file
View File

@@ -0,0 +1 @@
bash: -c: line 2: syntax error: unexpected end of file