feat: add cert-manager with hetzner dns01 webhook for automatic tls
This commit is contained in:
parent
07f4ec586f
commit
2640806593
5 changed files with 121 additions and 0 deletions
28
apps/cert-manager-config.yaml
Normal file
28
apps/cert-manager-config.yaml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cert-manager-config
|
||||
namespace: argocd
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "1"
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: http://forgejo.forgejo.svc.cluster.local:3000/jad0s/gitops.git
|
||||
targetRevision: HEAD
|
||||
path: manifests/cert-manager
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: cert-manager
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- SkipDryRunOnMissingResource=true
|
||||
retry:
|
||||
limit: 10
|
||||
backoff:
|
||||
duration: 30s
|
||||
factor: 2
|
||||
24
apps/cert-manager.yaml
Normal file
24
apps/cert-manager.yaml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: cert-manager
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://charts.jetstack.io
|
||||
chart: cert-manager
|
||||
targetRevision: v1.17.2
|
||||
helm:
|
||||
parameters:
|
||||
- name: crds.enabled
|
||||
value: "true"
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: cert-manager
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
22
apps/hetzner-webhook.yaml
Normal file
22
apps/hetzner-webhook.yaml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: hetzner-webhook
|
||||
namespace: argocd
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "1"
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://charts.hetzner.cloud
|
||||
chart: cert-manager-webhook-hetzner
|
||||
targetRevision: 1.0.1
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: cert-manager
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
39
manifests/cert-manager/clusterissuer.yaml
Normal file
39
manifests/cert-manager/clusterissuer.yaml
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
email: tonda.kol55@seznam.cz
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging-account-key
|
||||
solvers:
|
||||
- dns01:
|
||||
webhook:
|
||||
groupName: acme.hetzner.com
|
||||
solverName: hetzner
|
||||
config:
|
||||
secretName: hetzner-secret
|
||||
zoneName: libretalk.eu
|
||||
apiUrl: https://dns.hetzner.com/api/v1
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: tonda.kol55@seznam.cz
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-prod-account-key
|
||||
solvers:
|
||||
- dns01:
|
||||
webhook:
|
||||
groupName: acme.hetzner.com
|
||||
solverName: hetzner
|
||||
config:
|
||||
secretName: hetzner-secret
|
||||
zoneName: libretalk.eu
|
||||
apiUrl: https://dns.hetzner.com/api/v1
|
||||
8
manifests/cert-manager/secret.yaml
Normal file
8
manifests/cert-manager/secret.yaml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: hetzner-secret
|
||||
namespace: cert-manager
|
||||
type: Opaque
|
||||
stringData:
|
||||
api-token: PLACEHOLDER
|
||||
Loading…
Add table
Reference in a new issue