From 896285a1f9316f60d013d668cd2262b6be411a8f Mon Sep 17 00:00:00 2001
From: titusvermesan <titusvermesan@Innohub-Titus.local>
Date: Thu, 10 Oct 2024 16:07:19 +0200
Subject: [PATCH] cert-manager nach der alte Muster eingerichtet

---
 argocd/apps/cert-manager/cert-manager.yaml    |  44 ++++++++++++------
 .../include/.cluster-issuer.yaml.swp          | Bin 0 -> 12288 bytes
 .../cert-manager/include/cluster-issuer.yaml  |  17 +++++++
 .../apps/cert-manager/include/tls-store.yaml  |   8 ++++
 .../include/wildcard-cerficate.yaml           |  15 ++++++
 5 files changed, 70 insertions(+), 14 deletions(-)
 create mode 100644 argocd/apps/cert-manager/include/.cluster-issuer.yaml.swp
 create mode 100644 argocd/apps/cert-manager/include/cluster-issuer.yaml
 create mode 100644 argocd/apps/cert-manager/include/tls-store.yaml
 create mode 100644 argocd/apps/cert-manager/include/wildcard-cerficate.yaml

diff --git a/argocd/apps/cert-manager/cert-manager.yaml b/argocd/apps/cert-manager/cert-manager.yaml
index df58644..ad9e73e 100644
--- a/argocd/apps/cert-manager/cert-manager.yaml
+++ b/argocd/apps/cert-manager/cert-manager.yaml
@@ -2,21 +2,37 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: cert-manager
-  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  destination:
-    namespace: cert-manager
-    server: https://kubernetes.default.svc
   project: default
-  source:
-    chart: cert-manager
-    helm:
-      parameters:
-        - name: installCRDs
-          value: "true"
-    repoURL: https://charts.jetstack.io
-    targetRevision: v1.15.*
+  sources:
+    - repoURL: 'https://charts.jetstack.io'
+      targetRevision: 1.15.*
+      helm:
+        parameters:
+          - name: 'installCRDs'
+            value: 'true'
+          - name: 'namespace'
+            value: 'cert-manager'
+          - name: 'enableCertificateOwnerRef'
+            value: 'true'
+          - name: 'webhook.networkPolicy.enabled'
+            value: 'true'
+          - name: webhook.hostNetwork
+            value: 'true'
+          - name: webhook.securePort
+            value: '10250'
+      chart: cert-manager
+    - repoURL: 'git@192.168.4.101:innohub/k3s.git'
+      targetRevision: main
+      path: argocd/apps/cert-manager/include 
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: cert-manager
   syncPolicy:
-    automated: {}
+    automated:
+      selfHeal: true
+      prune: true
     syncOptions:
-      - CreateNamespace=true
+      - CreateNamespace=true
\ No newline at end of file
diff --git a/argocd/apps/cert-manager/include/.cluster-issuer.yaml.swp b/argocd/apps/cert-manager/include/.cluster-issuer.yaml.swp
new file mode 100644
index 0000000000000000000000000000000000000000..b2ed3d10511029c4195a92b41ad92a2984da0519
GIT binary patch
literal 12288
zcmeI2yN=W_6o$PtRKxWFFi<C+*{w*0L^Xny5G>Psld~CX5<9Y;k<!3hP*YNE!y{1h
z3@aW1@dBJ&SccUgZM)*P^v80}@wt3biqV|Y`D%GApQUrb>z)wh#qIL-qm^j+MKrMu
zTk<spZF~Da*3w$HZcmew-aoBeuB*MC@Ba#@N)t&dGhSBOmo6`qZknKS@-eBk)g^g$
z$g8#>#m^AQCnkiJeA?-Hf0n(e@e%|;K+MF^;bQpIpFVjkA3k^oCLjO;AOHd&00JNY
z0w4ea{}F-M9EcCx@2#ol`_q1KWuK1NKmY_l00ck)1V8`;KmY_l00ck)1a2S!T?p}G
zCdBa_E}sAY|NZ;_`&}WvvA(j-S)W;-Sj2k8I%3UOg7uT{Ua-EfKC;%VA>Iw-fs#Q0
z1V8`;KmY_l00ck)1V8`;u0cTVtPORU)Qw4^+mIDI7HM@&nanHK7H5_Alw7(cfpSlA
z$D2(jeSo)v;SHT-J4ULtsWLf?m8a7nxi!yS8!P8FX+f91f0B*&6Is|WUyO&~DxPu=
z<Ken7$0jO@At9Ult{JOtyxHnVFR8myaUjo0GP#bi37JwluPNEi4^!?i?ZZq_Qs+xm
z7*Bb0zT*aZ$4rEV^1i@5X={qQ&{1b%V{DPh7vrG(a+s4B9Dc>k8D|;!&Rl(JoZ2qL
EFX2qfkN^Mx

literal 0
HcmV?d00001

diff --git a/argocd/apps/cert-manager/include/cluster-issuer.yaml b/argocd/apps/cert-manager/include/cluster-issuer.yaml
new file mode 100644
index 0000000..e0199a2
--- /dev/null
+++ b/argocd/apps/cert-manager/include/cluster-issuer.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lets-encrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: lets-encrypt
+    email: titus.innohubni@outlook.de
+    solvers:
+    - dns01:
+        cloudflare:
+          email: titus.innohubni@outlook.de
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
diff --git a/argocd/apps/cert-manager/include/tls-store.yaml b/argocd/apps/cert-manager/include/tls-store.yaml
new file mode 100644
index 0000000..a448ace
--- /dev/null
+++ b/argocd/apps/cert-manager/include/tls-store.yaml
@@ -0,0 +1,8 @@
+iapiVersion: traefik.io/v1alpha1
+kind: TLSStore
+metadata:
+  name: default
+  namespace: kube-system
+spec:
+  defaultCertificate:
+    secretName: innovation-hub-niedeersachsen.de-wildcard-tls
diff --git a/argocd/apps/cert-manager/include/wildcard-cerficate.yaml b/argocd/apps/cert-manager/include/wildcard-cerficate.yaml
new file mode 100644
index 0000000..4ad0904
--- /dev/null
+++ b/argocd/apps/cert-manager/include/wildcard-cerficate.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: innovation-hub-niedersachsen.de-wildcard
+  namespace: kube-system
+spec:
+  secretName: innovation-hub-niedersachsen.de-wildcard-tls
+  commonName: '*.innovation-hub-niedersachsen.de'
+  dnsNames:
+    - 'innovation-hub-niedersachsen.de'
+    - '*.innovation-hub-niedersachsen.de'
+  issuerRef:
+    name: lets-encrypt
+    kind: ClusterIssuer
+    group: cert-manager.io