From 12087d99b5c2f6b109cce9197e9c22b127abf38d Mon Sep 17 00:00:00 2001
From: titver968 <vermesan@hotmail.com>
Date: Thu, 19 Jun 2025 15:49:08 +0200
Subject: [PATCH] cert-manager-dev added

---
 .../cert-manager-dev/cert-manager-dev.yaml    | 37 +++++++++++++++++++
 .../include/cloudflare-api-token-secret.yaml  |  8 ++++
 .../include/cluster-issuer.yaml               | 15 ++++++++
 .../include/cluster-staging-issuer.yaml       | 15 ++++++++
 .../include/tatort-dev-cerficate.yaml         | 14 +++++++
 5 files changed, 89 insertions(+)
 create mode 100644 argocd/apps/cert-manager-dev/cert-manager-dev.yaml
 create mode 100644 argocd/apps/cert-manager-dev/include/cloudflare-api-token-secret.yaml
 create mode 100644 argocd/apps/cert-manager-dev/include/cluster-issuer.yaml
 create mode 100644 argocd/apps/cert-manager-dev/include/cluster-staging-issuer.yaml
 create mode 100644 argocd/apps/cert-manager-dev/include/tatort-dev-cerficate.yaml

diff --git a/argocd/apps/cert-manager-dev/cert-manager-dev.yaml b/argocd/apps/cert-manager-dev/cert-manager-dev.yaml
new file mode 100644
index 0000000..91dc1c7
--- /dev/null
+++ b/argocd/apps/cert-manager-dev/cert-manager-dev.yaml
@@ -0,0 +1,37 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager-dev
+  namespace: argocd
+spec:
+  destination:
+    namespace: cert-manager
+    server: https://192.168.4.202:6443
+    name: dev
+  project: default
+  sources:
+    - repoURL: https://charts.jetstack.io
+      targetRevision: v1.17.*
+      chart: cert-manager
+      helm:
+        version: v3
+        passCredentials: true
+        skipCrds: true
+        parameters:
+          - name: installCRDs
+            value: "true"
+          - name: 'namespace'
+            value: 'cert-manager'
+          - name: 'enableCertificateOwnerRef'
+            value: 'true'
+    - repoURL: 'git@innovation-hub-niedersachsen.de:innohub/k3s.git'
+      targetRevision: main
+      path: argocd/apps/cert-manager-dev/include        
+      directory:
+        recurse: true
+  syncPolicy:
+    automated:
+       selfHeal: true
+       prune: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/argocd/apps/cert-manager-dev/include/cloudflare-api-token-secret.yaml b/argocd/apps/cert-manager-dev/include/cloudflare-api-token-secret.yaml
new file mode 100644
index 0000000..91e9472
--- /dev/null
+++ b/argocd/apps/cert-manager-dev/include/cloudflare-api-token-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token-secret
+  namespace: cert-manager
+type: Opaque
+stringData:
+  api-token: 8U6YVJlQe3UCkw6P2Xx0Qvmpy975EwK14FV8IMdp
diff --git a/argocd/apps/cert-manager-dev/include/cluster-issuer.yaml b/argocd/apps/cert-manager-dev/include/cluster-issuer.yaml
new file mode 100644
index 0000000..eab4c1d
--- /dev/null
+++ b/argocd/apps/cert-manager-dev/include/cluster-issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lets-encrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: lets-encrypt
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
diff --git a/argocd/apps/cert-manager-dev/include/cluster-staging-issuer.yaml b/argocd/apps/cert-manager-dev/include/cluster-staging-issuer.yaml
new file mode 100644
index 0000000..31fa4c8
--- /dev/null
+++ b/argocd/apps/cert-manager-dev/include/cluster-staging-issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lets-encrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: lets-encrypt-staging
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
diff --git a/argocd/apps/cert-manager-dev/include/tatort-dev-cerficate.yaml b/argocd/apps/cert-manager-dev/include/tatort-dev-cerficate.yaml
new file mode 100644
index 0000000..d918060
--- /dev/null
+++ b/argocd/apps/cert-manager-dev/include/tatort-dev-cerficate.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: innovation-hub-niedersachsen.de-tatort-dev
+  namespace: kube-system
+spec:
+  secretName: tatort-dev-tls
+  commonName: 'tatort-dev.innovation-hub-niedersachsen.de'
+  dnsNames:
+    - 'tatort-dev.innovation-hub-niedersachsen.de'
+  issuerRef:
+    name: lets-encrypt
+    kind: ClusterIssuer
+    group: cert-manager.io