feat: add cert-manager with hetzner dns01 webhook for automatic tls
This commit is contained in:
parent
07f4ec586f
commit
2640806593
5 changed files with 121 additions and 0 deletions
28
apps/cert-manager-config.yaml
Normal file
28
apps/cert-manager-config.yaml
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: cert-manager-config
|
||||||
|
namespace: argocd
|
||||||
|
annotations:
|
||||||
|
argocd.argoproj.io/sync-wave: "1"
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git
|
||||||
|
targetRevision: HEAD
|
||||||
|
path: manifests/cert-manager
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: cert-manager
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
- SkipDryRunOnMissingResource=true
|
||||||
|
retry:
|
||||||
|
limit: 10
|
||||||
|
backoff:
|
||||||
|
duration: 30s
|
||||||
|
factor: 2
|
||||||
24
apps/cert-manager.yaml
Normal file
24
apps/cert-manager.yaml
Normal file
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: cert-manager
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: https://charts.jetstack.io
|
||||||
|
chart: cert-manager
|
||||||
|
targetRevision: v1.17.2
|
||||||
|
helm:
|
||||||
|
parameters:
|
||||||
|
- name: crds.enabled
|
||||||
|
value: "true"
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: cert-manager
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
22
apps/hetzner-webhook.yaml
Normal file
22
apps/hetzner-webhook.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: hetzner-webhook
|
||||||
|
namespace: argocd
|
||||||
|
annotations:
|
||||||
|
argocd.argoproj.io/sync-wave: "1"
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: https://charts.hetzner.cloud
|
||||||
|
chart: cert-manager-webhook-hetzner
|
||||||
|
targetRevision: 1.0.1
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: cert-manager
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
39
manifests/cert-manager/clusterissuer.yaml
Normal file
39
manifests/cert-manager/clusterissuer.yaml
Normal file
|
|
@ -0,0 +1,39 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-staging
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
email: tonda.kol55@seznam.cz
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-staging-account-key
|
||||||
|
solvers:
|
||||||
|
- dns01:
|
||||||
|
webhook:
|
||||||
|
groupName: acme.hetzner.com
|
||||||
|
solverName: hetzner
|
||||||
|
config:
|
||||||
|
secretName: hetzner-secret
|
||||||
|
zoneName: libretalk.eu
|
||||||
|
apiUrl: https://dns.hetzner.com/api/v1
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
email: tonda.kol55@seznam.cz
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-prod-account-key
|
||||||
|
solvers:
|
||||||
|
- dns01:
|
||||||
|
webhook:
|
||||||
|
groupName: acme.hetzner.com
|
||||||
|
solverName: hetzner
|
||||||
|
config:
|
||||||
|
secretName: hetzner-secret
|
||||||
|
zoneName: libretalk.eu
|
||||||
|
apiUrl: https://dns.hetzner.com/api/v1
|
||||||
8
manifests/cert-manager/secret.yaml
Normal file
8
manifests/cert-manager/secret.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: hetzner-secret
|
||||||
|
namespace: cert-manager
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
api-token: PLACEHOLDER
|
||||||
Loading…
Add table
Reference in a new issue