cert-manager nach der alte Muster eingerichtet

2024-10-10 16:07:19 +02:00
parent 8396251dea
commit 896285a1f9
5 changed files with 70 additions and 14 deletions
--- a/argocd/apps/cert-manager/cert-manager.yaml
+++ b/argocd/apps/cert-manager/cert-manager.yaml
@@ -2,21 +2,37 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: cert-manager
-  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  destination:
-    namespace: cert-manager
-    server: https://kubernetes.default.svc
  project: default
-  source:
-    chart: cert-manager
-    helm:
-      parameters:
-        - name: installCRDs
-          value: "true"
-    repoURL: https://charts.jetstack.io
-    targetRevision: v1.15.*
+  sources:
+    - repoURL: 'https://charts.jetstack.io'
+      targetRevision: 1.15.*
+      helm:
+        parameters:
+          - name: 'installCRDs'
+            value: 'true'
+          - name: 'namespace'
+            value: 'cert-manager'
+          - name: 'enableCertificateOwnerRef'
+            value: 'true'
+          - name: 'webhook.networkPolicy.enabled'
+            value: 'true'
+          - name: webhook.hostNetwork
+            value: 'true'
+          - name: webhook.securePort
+            value: '10250'
+      chart: cert-manager
+    - repoURL: 'git@192.168.4.101:innohub/k3s.git'
+      targetRevision: main
+      path: argocd/apps/cert-manager/include 
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: cert-manager
  syncPolicy:
-    automated: {}
+    automated:
+      selfHeal: true
+      prune: true
    syncOptions:
-      - CreateNamespace=true
+      - CreateNamespace=true
--- a/argocd/apps/cert-manager/include/.cluster-issuer.yaml.swp
+++ b/argocd/apps/cert-manager/include/.cluster-issuer.yaml.swp
--- a/argocd/apps/cert-manager/include/cluster-issuer.yaml
+++ b/argocd/apps/cert-manager/include/cluster-issuer.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lets-encrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: lets-encrypt
+    email: titus.innohubni@outlook.de
+    solvers:
+    - dns01:
+        cloudflare:
+          email: titus.innohubni@outlook.de
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
--- a/argocd/apps/cert-manager/include/tls-store.yaml
+++ b/argocd/apps/cert-manager/include/tls-store.yaml
@@ -0,0 +1,8 @@
+iapiVersion: traefik.io/v1alpha1
+kind: TLSStore
+metadata:
+  name: default
+  namespace: kube-system
+spec:
+  defaultCertificate:
+    secretName: innovation-hub-niedeersachsen.de-wildcard-tls
--- a/argocd/apps/cert-manager/include/wildcard-cerficate.yaml
+++ b/argocd/apps/cert-manager/include/wildcard-cerficate.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: innovation-hub-niedersachsen.de-wildcard
+  namespace: kube-system
+spec:
+  secretName: innovation-hub-niedersachsen.de-wildcard-tls
+  commonName: '*.innovation-hub-niedersachsen.de'
+  dnsNames:
+    - 'innovation-hub-niedersachsen.de'
+    - '*.innovation-hub-niedersachsen.de'
+  issuerRef:
+    name: lets-encrypt
+    kind: ClusterIssuer
+    group: cert-manager.io