Convert cert manager to Application and Argoify
This commit is contained in:
parent
6ef535f701
commit
9849f08dde
1 changed files with 41 additions and 38 deletions
|
|
@ -1,37 +1,38 @@
|
||||||
---
|
---
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
# 1. cert-manager Helm chart
|
||||||
kind: HelmRepository
|
apiVersion: argoproj.io/v1alpha1
|
||||||
metadata:
|
kind: Application
|
||||||
name: jetstack
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
url: https://charts.jetstack.io
|
|
||||||
interval: 1h
|
|
||||||
---
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
metadata:
|
||||||
name: cert-manager
|
name: cert-manager
|
||||||
namespace: home-server
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
interval: 30m
|
project: default
|
||||||
chart:
|
source:
|
||||||
spec:
|
repoURL: "https://charts.jetstack.io"
|
||||||
chart: cert-manager
|
chart: "cert-manager"
|
||||||
version: v1.18.2
|
targetRevision: "v1.18.2"
|
||||||
sourceRef:
|
helm:
|
||||||
kind: HelmRepository
|
releaseName: "cert-manager"
|
||||||
name: jetstack
|
values: |
|
||||||
namespace: flux-system
|
installCRDs: true
|
||||||
install:
|
extraArgs:
|
||||||
crds: CreateReplace
|
- --dns01-recursive-nameservers-only
|
||||||
createNamespace: true
|
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
||||||
values:
|
destination:
|
||||||
installCRDs: true
|
server: "https://kubernetes.default.svc"
|
||||||
extraArgs:
|
namespace: home-server
|
||||||
- --dns01-recursive-nameservers-only
|
syncPolicy:
|
||||||
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
- ApplyOutOfSyncOnly=true
|
||||||
|
- SkipHooks=false
|
||||||
|
- SyncWave=0 # ensure cert-manager is installed first
|
||||||
|
|
||||||
---
|
---
|
||||||
|
# 2. ClusterIssuer
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -40,19 +41,20 @@ spec:
|
||||||
acme:
|
acme:
|
||||||
email: admin@hxme.net
|
email: admin@hxme.net
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
#server: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
||||||
privateKeySecretRef:
|
privateKeySecretRef:
|
||||||
name: letsencrypt-rfc2136
|
name: letsencrypt-rfc2136
|
||||||
solvers:
|
solvers:
|
||||||
- dns01:
|
- dns01:
|
||||||
rfc2136:
|
rfc2136:
|
||||||
nameserver: hawke.hxst.com.au:53
|
nameserver: hawke.hxst.com.au:53
|
||||||
tsigKeyName: "hxme-update-key"
|
tsigKeyName: "hxme-update-key"
|
||||||
tsigAlgorithm: HMACSHA512
|
tsigAlgorithm: HMACSHA512
|
||||||
tsigSecretSecretRef:
|
tsigSecretSecretRef:
|
||||||
name: hxme-update-key
|
name: hxme-update-key
|
||||||
key: hxme-update-key
|
key: hxme-update-key
|
||||||
|
|
||||||
---
|
---
|
||||||
|
# 3. Certificate
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Certificate
|
kind: Certificate
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -71,3 +73,4 @@ spec:
|
||||||
dnsNames:
|
dnsNames:
|
||||||
- "hxme.net"
|
- "hxme.net"
|
||||||
- "*.hxme.net"
|
- "*.hxme.net"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue