scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-11-02 02:48:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(certs): Cleaning up Traefik with cert-manager and Cloudflare DNS

Browse Source
This commit is contained in:
Vegard Hagen
2023-12-14 20:29:41 +01:00
parent a8595e79ed
commit 681adedfbe
7 changed files with 7 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/traefik/cloudflare-issuer.yaml
View File

@@ -13,5 +13,5 @@ spec:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare
name: cloudflare-token-cert-manager
key: api-token

15
infra/traefik/cloudflare.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: cloudflare-tls
namespace: traefik-system
spec:
encryptedData:
tls.crt: AgBk/waXimuAvWLnfjZhZVQv5O9nQlkzATY2kX7f8G889SRJs9uLunXw468lh91jGyRJ5U5YKADsR2rGwuyL63CSYL/AuMaJA741qizhBBIWB0vOfEeric+TUm2AKeWywhkOAT9QuSa2DFnnRqttG29o+ilqwINJUz/EzVgEzz6Hnt0iGD6yElimT4KCL+ez05FlR09iL2Ni9lTw6YS/Mt1kBDHl5eEqwIiLgnA3Lh9kzv9qbVEv/3XhEkE0S4SrliqldFfeiwCbJI1iQ76Xw6gXb42iPrHPxWA8pmi2Yp11/BB8hZOtbRvJsDTWc0xgvSVkddHyKBSvV8bG1tbnLEETyABDPf64m5uisp3cMQSLJsxhQ2BzbDJjUvdNQyLmVWARLsRw/FiL528yu3dcxh95Wuz6pt9EvLbs5r8Vt8/qw1AmWnAli8RdjSgZpD6MjjxJ1U6j9xyzalSTjBAoet9X3ASO7Vt/HgxEilj2CQDMrHhdVu6R1K/Uqau9eCegFB0nAfnpWuPCPEbKvzKCi8SY3OR8YRx49MXaVf5L3MYMHOjjsTfhQxJRKLwcyahKW61nFVtws5YQjX7PMiK4vHTbZZsFu2N2CoCPaqhc1FxrRiOBWPUeLGOD4k4G+1TQmFb9Y6jPYXMCEBC/HqgE2ytkGUWzAz6z/vauiMb/zWNXzgIPdMga3IFHyDWwreKTEENDr11kwg+p62Ex+8wAA6UtVPhHPl7/aTEdw5FE4CutlzKA58LycrbyDbmxTtgPrZo73Mv/dZuI2mEPJzd5Thhxs00mi79Ax1tE6I078x2TaEW0MmTSkHdgMwzU8xLoFbfcTGqI3jDoz7mTDRaeOPG9JbiXl6I2sPL2SUHbquJAiIMfTxXLcrUOwWgwTGG3Nuwurlaui/fBtVMAapv6YSns1lVGz6jP4T8Di/O/ekijGhBdCPl1xtgxpkcxG6V5xGKBzKpy3N+oMiIs1A0VNrkv1u20rO29a8vYtPQcsYblFdhhnCj4ha0Feyn6TAwKhJiqwh5bv9VE61uCh7qix4gQeeaD475S5vveXB3iKWimwrtgs4eJqXGGWoxRosnSZHPwr9lmdZPY88TEnO2dl9DjdaBmqgRiYN2NNcs3g3LCBptKeI5SeUpTIQNpaaeIV2C+HgbbDSwevFE84X+6dX+oHAZLW55Qy9ZQYmx9+KdKlcaSXMnOCftwj1bk2Zk3IddMw8dn1dVl56OgDMGlmSFya8qoOCkb4fBEFtKKSmkw+/unnxncO/sy4at9G5yd31DiObH3wiB9DvThxO75caEBamuKKjq/VwrSDwieFYsUDi5WpRC5rqS19LIr1r/5yzfLN5VJ486tDXH2URcCUCxfOsLH9/Sms+eHwZVI3iCgBb7n03R+jHArInYcaeYuNlaQmfE2sbCrJ9sDOFcMpr+YfZovltF5FOxJxVGwwN+MqziwzsEl+UezjUOlr1X0oSHQT+vU4ZjXuf1V9dqvtVsDkvQXamSIZ73rgnYIv7DHRG305Vzf52PKJBXDxXin9Vdy3ZqP8fLl6QoTiHomjm0QVoVvutVaRkeLivnNf9CIGOjTI1puT1+IU4xiQfFrmMbSeyVYz0y0OldzmoitK7RXGbbJ2oF1kV6nB/9v99mqnHP+pWl9PzYDw8AIGukliZA3hHWc5qF/+5XNQPews21pqQLGZBW/YVdd4Ccgql1mkjBhhkOGCBdW01XQw/3W3FGA9Ha0Sl02+D/OdllVEejDXBRk68BCOtC2LjSc97Y2+iqzFNUh9eUevJKf1AtOBYJt0BAP8wF90UyFvifjYVuRkk9bdfuVh5tQqVvP/BM5xvh47DUN9DnCh7AayZa7dO+tQaUYWfE44KT2Lb571LRdhQuP4lojC79HRjRzrDZ3hwGMG/yl4e0MNRZPTLkhUOq8eUd2AbKxY1G1yGT9UMqP5kpl815DpEwFpWwGrpGkb6oz1Evzj0pj1YpGurXmz7k0Ti8ZCSL0mVczu9hOmByP5ylI6+8jAtUARDyh2T2PNvuGzshVG0EKElAipnB5qDtNHELA7OgjvoaKjWnp9oqIdiiyUppFVs3c8Jhsewx4+yyoxf1o76ACj6NG+vfN96bKwz4x42T8m8xABA4yZRKn42yp19rHOa+dFqd4z+QVZ8Vtwuj11fHA8DRnCacO5LFKH7FcOJ7rVA0nlXawtZ9/kr3IoD/GnT6k41k+cohnAkckTF7Hzak34dWkd8+OLRh1xLyo5yzs8AuG5YGUIcqx8Zj160+8ahxk3Fis/KoWtoILbPjP8FR+oMVBhN+8X0Kd3cHeVvgebKd6lGDOx+8MRxzYL6XUjwnt2jhMECaunMey/b0Q3Hu9raaCxPVV1IVPGbE2+VlfJvOOziAQzL7NGO8fN0C2Dy8oCS39zJxXlypFbIx5OPCcjxtujZ9hHLqAul2IIrKR+tgQiwgU/U50dzQrjJtJePc9ue6PSheNNsZLyVKv5kQQ48Iun6unViwU5qH6yWFV0JOpVLkIu9+l5SQb85k7Hwt7Bq04LPmYjj7wpKAdO7GYWTJfQP6zCisjjJWzgYeN5EhRP5pFci1hOwkwNffD2YroNStvHEucGkyENzpgk+2Jr2N6vgXVs8gAlggdgH5Ic0k9yKlPozxP7rXWhSH/lF7L5E42nd2baFzByhmjTiCYLzqGJVAe1emglyyNvO9aPXNbYQTodrT3uRWmGOWuZRI8xmim9bCBWeKmQdxu3kOgQGiVfn+mdCIHjllz5rjwJxxnlowgrGLZDuI4ZHx8+LsI3Ak+9IeKXVkQYsSzmYYiPT9/qPf6kruUda5xAvOWtj8YqQNmoQxfymHtJcTjMqR8o816IMsCCSC4Bo2RTjOK4lra9voq9/Ou39OAC/GRw+CmTNBQqsEU1+d9/m0cmwZGhvIZG3U7z3JICobmf7ca9BYXaXLacA==
tls.key: AgAvr24ow27+pgLVIZWAIbOzwf1pwL/KH4xw9Vav2Afu+bk4LIbgua60+eLULLbZrx7WgJbHOTy2qt2Yjl/Ug9aNpgLzFQe8A6dlrGmzTNi0rBcWL1q8l6WLVS9d2zVc0NoK7gQx6ZLlMtVkogHTX7g+U8Rw4MQcfOZQwo4nPFxJDj56qEalY7OaYfT01SbUczGQ43KPyE2Bgb5ZOL+PyUTtC8qf3dD8PCfmpU8RJNRk2xhBe41udcYCz2NKy75kFZcFqDcCz4WQWeNGXckl4lUpUw4HQ0pRiU6ROz9CF7IG+2J1cTd/Yj/wqY3+jNOi3NhBnGfCeO7VP3uVFqL4ctXeLVkcHazjHuSlChJRq2ab9G53UF/Jah8PF4tUG1VtCXVT8Mm9KwEdmqND4BA3qMmsRwYUhPMdjLi2oN0jQRqeDxG66GKFvAXMxeZtGpcs5+tFY33ZKEW+CqS9eo3eh6ZjKD1bDN6I90fKRFRPx+xKR/FHZYqhUZxB/7j0ybR1QzW4TJdYvOrOpYCsr97D8kIiy0f8sjOv21MDCXyH6HRENcWfsYaqjocVm5E5GTPH8ncZL8JszPUTolnfZZYIqeyzYBrB7IFXQ6B15JBRsu8HUf4F853QgUIW+nglTtKIjN14qnc+yUT5yU1n26bN/EbjEMmry6DXQdD+4Sqdb2Z7GedrA466cewpP6bIfeHZd6OwPxAeFp0YL/HOQGE5vXCWYf/7A4NXDsTbpoI9dh175J9/7l0lqyLExHz5+4qcjwRhXEAbioCivr6vK9jYMLT5yXpObj2FBDas4Z4ZIUDAZjAiSV7LHoI+WYjf86U4wB6gHLidvKGNDYKrETvrUxGcbLqFMJ6M6YFMyHWVRAM6UaKZngF4w0rl6PiRP99cZnUrRiq0Qdghyswd6LA78S1fcOGgQcwtL984uzktrhrIBlFwRhcmuSwCqmuqcjLBDVLI8GD49XQjKhb0BYBhvmS4cXrlrAHosv1vrekXvzVh3YJjR1U2FObxFkR3f5dVblgDFw2qlpd+Le/za0CrZJPlKzWoMOfcme4K3jzv3yfOC16bzgYMZGxwtQoNfZh/LyZy3+93ZH3Ad+51//UXqZ4KdfmhsCshw7X3BnDB8qQjS2aqiLZXS2jTnKnOtaJHs195gAYroZukAlJpFQvFwvlCIHoDKvT0el6bvPU6Fz7BB4n2kB/FFvTrmmwf4fOxNaEz1M2SOzZg9swc7Fx4U1uN9TLoLDoCcgsQCui0ojztxUqoICzCTfJ9860mqGTi19Xt79BjHgt+VXx1Ng0nLEXjU8v52UakPMbzojlR1k5YX7nVasNXLfiFa4OTjYy/MPtIJ60VI6cQGbVo7QhGZwYTSFNfOpRwtz1aNbPDw8wtr0vFDwkoZ+A9HrHdyu/VlYZgRboVyEc249e7bl46XJQzKw38Iyat+g0V0eT1KYIZgvX/nzhKmRcB044ECNj0+6VnWrlx/FVKjSL40/Sh0ExD6G2ARKfaw+EzUDZOGr6DfdmjDjHvtqDiLvZrn0WNNjlaLqAPcKaR9femK+RDr2QHnacITDMy63TldgNfioo3ecIFNCnvXIFYHTCY66Zd8USpIuejC4LCHYcPWo6sFcnT4I/A0irqWpwPB2wUD5P8pmuIOXfldsnzpD7qFAyNIpq3S1uR7r9/TiQ9Xz4gLfMu9ZoEIw8vBKxnoZnnQ+OcE0qeGbKvJGhtj9T6pi8BZIrss6xC+sZ1omrRaXy2CJc6gMrKzGBGtAPhn8tRZaWWODOaKllBHFwyP8A/KaC2gWSQ5t6gAKuzLNQGFuFPIpkyTc0grSMhiw3F9T6U6kJoVtsdCaO31wG4AWZZMv5Z4oc8H14qMCiKtsjMmFoVOlDK+KI9NBfNOEwBZKBKwett7RBdvzOHufkYzyVVwtd1gJfV1DE/MZYVCIYdDRNwLeRTEtRFDAow5EbDeNSJvfpLOgye8yqSGsvRA/xhGVFxhMLxeD8zuw26kurOH6BLoXmiVhnOE/Cknt3dzJs0cKpTXobdObqFH4QwwzkWrW4HTaDqY1vMdH84YtBmQ+TK4taQKqjc1/KR97O2Q7RoAKCxiDc5EUVnUudcrnpZzMrbN5Jm/djkVX3fTqp67xEOAgDiDKbOlEzSvnE5Tm7O0ANRq3jDL9S7VPEltp2djYv9RN2L7K0NP8/zSnq6cbFQnMTg8y2WeMOV7yZ0hvhOI5oZvVRx9n3ezUlzu59wv3hdq1jUiviihlMBLv86sFOElXL/K7CSbzNF6GYbwelyO0jvl1rjicDQysSg4Po3zEsv7P970JMKUwZQQIo5Mz2GL5eOlWFGwvvHnpLWqDHFMni87fShhnz5qLsC3X3I7xTzpGkYTUtXlCx1HKzZKPkaz4hAtmAbvWWuIGC1VRb9WzbzUHPJB745mhzKAIPNmBjVILRQE/NAxFrZR5+3dUupsHRnAhCTPjH3HJqOw/yOYZUKuf2x3fe81VWdw7N6cXFQTSkdT7ChCOBtpy5ckoQsnJ8fUWJhFyR1K2qd6WxP/+PCw7PjSredOY8F8LXN9u/NJ5EU5NzN+FnqIC6KZ1Nag5WkqZccM9wWOvKB8xX0njhe6XwFWn01/6O3cGglZxmd1WuDgpi0Y9EEOC9xc154PjPGXXy6nfqs7CSY9zZrUOOmfausOdHLWZOTmktH8rx7GrKbXSoyQ7az+s4YY/8KU5lMnjDsGOMvpyfctFBn0az8Avc9a9oHeTU8gVDDsi28bX0zCNh29Ds7h6yQvtAKm4RGGNPWMa6pjAYxP49WvI7XNjJIVsIrasuO4NrKjVwBp/IH1LRsbxznzqEayU9H5u51evLp/Pj2y/ep5YHt7Rdj+CZeavrG35Oc3pYHAslScUHUAiRPuoiMJW6UJplCqKW3032N8f6VrV11ChGGX7BZrOMq8Z6GTCJdEdJkh3Y0o3q3ufyAfwqiUXzlkmgIRvWpxbGjDbxip7cqgDo/
template:
metadata:
name: cloudflare-tls
namespace: traefik-system
type: kubernetes.io/tls

11
infra/traefik/kustomization.yaml
View File

@@ -3,11 +3,11 @@ kind: Kustomization
namespace: traefik-system
resources:
- namespace.yaml
- cloudflare.yaml
- tlsStore.yaml
- storageClass.yaml
- persistentVolume.yaml
- ns.yaml
- cloudflare-token-cert-manager.yaml
- cloudflare-issuer.yaml
- cloudflare-cert.yaml
- pv-certs.yaml
- traefik-forward-auth
- ingress-route.yaml
@@ -16,5 +16,6 @@ helmCharts:
repo: https://helm.traefik.io/traefik
version: 23.0.1
releaseName: "traefik"
namespace: traefik-system
includeCRDs: true
valuesFile: values.yaml

0
infra/traefik/namespace.yaml → infra/traefik/ns.yaml
View File

7
infra/traefik/persistentVolume.yaml → infra/traefik/pv-certs.yaml
View File

@@ -7,13 +7,6 @@ metadata:
spec:
capacity:
storage: 128Mi
# claimRef:
# apiVersion: v1
# kind: PersistentVolumeClaim
# name: traefik
# namespace: traefik-system
# resourceVersion: "5491071"
# uid: 60ee134d-dcba-4615-a218-7f06a523fb46
volumeMode: Filesystem
accessModes:
- ReadWriteOnce

7
infra/traefik/storageClass.yaml
View File

@@ -1,7 +0,0 @@
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: cert-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

8
infra/traefik/tlsStore.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: cloudflare
namespace: traefik-system
spec:
defaultCertificate:
secretName: cloudflare-tls