From c2016332501587834bcdf4d04af2b2fc4330603c Mon Sep 17 00:00:00 2001 From: j Date: Thu, 10 Jul 2025 11:26:46 +1000 Subject: [PATCH] Changes as per GPT recommendation --- charts/subcharts/templates/cart-manager.yaml | 39 ------------------- charts/subcharts/templates/cert-manager.yaml | 40 ++++++++++++++++++++ values.yaml | 14 +++++-- 3 files changed, 51 insertions(+), 42 deletions(-) delete mode 100644 charts/subcharts/templates/cart-manager.yaml create mode 100644 charts/subcharts/templates/cert-manager.yaml diff --git a/charts/subcharts/templates/cart-manager.yaml b/charts/subcharts/templates/cart-manager.yaml deleted file mode 100644 index 89d09b6..0000000 --- a/charts/subcharts/templates/cart-manager.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-rfc2136 -spec: - acme: - email: {{ .Values.ssl.email }} - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: letsencrypt-rfc2136 - solvers: - - dns01: - rfc2136: - nameserver: hawke.hxst.com.au:53 - tsigKeyName: "hxme-update-key" - tsigAlgorithm: HMACSHA512 - tsigSecretSecretRef: - name: hxme-update-key - key: hxme-update-key ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Values.ssl.secret_name }} - namespace: {{ .Release.Namespace }} -spec: - secretName: {{ .Values.ssl.secret_name }} - secretTemplate: - annotations: - replicator.v1.mittwald.de/replication-allowed: "true" - issuerRef: - name: letsencrypt-rfc2136 - kind: ClusterIssuer - commonName: "{{ .Values.global.domain }}" - dnsNames: - - "{{ .Values.global.domain }}" - - "*.{‌{ .Values.global.domain }}" - diff --git a/charts/subcharts/templates/cert-manager.yaml b/charts/subcharts/templates/cert-manager.yaml new file mode 100644 index 0000000..a13f295 --- /dev/null +++ b/charts/subcharts/templates/cert-manager.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.global.issuerName }} +spec: + acme: + email: {{ .Values.global.email | quote }} + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: {{ .Values.global.issuerName }} + solvers: + - dns01: + rfc2136: + nameserver: {{ .Values.rfc2136.nameserver | quote }} + tsigKeyName: {{ .Values.rfc2136.tsigKeyName | quote }} + tsigAlgorithm: {{ .Values.rfc2136.tsigAlgorithm | quote }} + tsigSecretSecretRef: + name: {{ .Values.rfc2136.tsigSecretName | quote }} + key: {{ .Values.rfc2136.tsigSecretKey | quote }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-{{ .Values.global.domain | replace "." "-" }} + namespace: {{ .Values.global.namespace }} +spec: + secretName: wildcard-{{ .Values.global.domain | replace "." "-" }} + secretTemplate: + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + replicator.v1.mittwald.de/replicate-to: "{{ .Values.replicatorNamespaces }}" + issuerRef: + name: {{ .Values.global.issuerName }} + kind: ClusterIssuer + commonName: {{ .Values.global.domain | quote }} + dnsNames: + - {{ .Values.global.domain | quote }} + - "*."{{ .Values.global.domain | quote }} + diff --git a/values.yaml b/values.yaml index f777320..25b6ed3 100644 --- a/values.yaml +++ b/values.yaml @@ -1,6 +1,14 @@ global: domain: hxme.net - -ssl: - secret_name: wildcard-hxme-net + namespace: cert-manager + issuerName: letsencrypt-rfc2136 email: admin@hxme.net + +rfc2136: + nameserver: hawke.hxst.com.au:53 + tsigKeyName: hxme-update-key + tsigAlgorithm: HMACSHA512 + tsigSecretName: hxme-update-key + tsigSecretKey: hxme-update-key + +replicatorNamespaces: "monitoring,authentik,nextcloud"