diff --git a/apps/cert-manager-config.yaml b/apps/cert-manager-config.yaml new file mode 100644 index 0000000..8afcb15 --- /dev/null +++ b/apps/cert-manager-config.yaml @@ -0,0 +1,28 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager-config + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + project: default + source: + repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git + targetRevision: HEAD + path: manifests/cert-manager + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - SkipDryRunOnMissingResource=true + retry: + limit: 10 + backoff: + duration: 30s + factor: 2 diff --git a/apps/cert-manager.yaml b/apps/cert-manager.yaml new file mode 100644 index 0000000..e9cfa3a --- /dev/null +++ b/apps/cert-manager.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + project: default + source: + repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.17.2 + helm: + parameters: + - name: crds.enabled + value: "true" + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/hetzner-webhook.yaml b/apps/hetzner-webhook.yaml new file mode 100644 index 0000000..f8aeaad --- /dev/null +++ b/apps/hetzner-webhook.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: hetzner-webhook + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + project: default + source: + repoURL: https://charts.hetzner.cloud + chart: cert-manager-webhook-hetzner + targetRevision: 1.0.1 + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/manifests/cert-manager/clusterissuer.yaml b/manifests/cert-manager/clusterissuer.yaml new file mode 100644 index 0000000..009d93f --- /dev/null +++ b/manifests/cert-manager/clusterissuer.yaml @@ -0,0 +1,39 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: tonda.kol55@seznam.cz + privateKeySecretRef: + name: letsencrypt-staging-account-key + solvers: + - dns01: + webhook: + groupName: acme.hetzner.com + solverName: hetzner + config: + secretName: hetzner-secret + zoneName: libretalk.eu + apiUrl: https://dns.hetzner.com/api/v1 +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: tonda.kol55@seznam.cz + privateKeySecretRef: + name: letsencrypt-prod-account-key + solvers: + - dns01: + webhook: + groupName: acme.hetzner.com + solverName: hetzner + config: + secretName: hetzner-secret + zoneName: libretalk.eu + apiUrl: https://dns.hetzner.com/api/v1 diff --git a/manifests/cert-manager/secret.yaml b/manifests/cert-manager/secret.yaml new file mode 100644 index 0000000..ba3bdcf --- /dev/null +++ b/manifests/cert-manager/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: hetzner-secret + namespace: cert-manager +type: Opaque +stringData: + api-token: PLACEHOLDER