Changes as per GPT recommendation

charts/subcharts/templates/cart-manager.yaml

@@ -1,39 +0,0 @@
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-rfc2136
-spec:
-  acme:
-    email: {{ .Values.ssl.email }}
-    server: https://acme-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-rfc2136
-    solvers:
-      - dns01:
-          rfc2136:
-            nameserver: hawke.hxst.com.au:53
-            tsigKeyName: "hxme-update-key"
-            tsigAlgorithm: HMACSHA512
-            tsigSecretSecretRef:
-              name: hxme-update-key
-              key: hxme-update-key
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: {{ .Values.ssl.secret_name }}
-  namespace: {{ .Release.Namespace }}
-spec:
-  secretName: {{ .Values.ssl.secret_name }}
-  secretTemplate:
-    annotations:
-      replicator.v1.mittwald.de/replication-allowed: "true"
-  issuerRef:
-    name: letsencrypt-rfc2136
-    kind: ClusterIssuer
-  commonName: "{{ .Values.global.domain }}"
-  dnsNames:
-    - "{{ .Values.global.domain }}"
-    - "*.{‌{ .Values.global.domain }}"
-

charts/subcharts/templates/cert-manager.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: {{ .Values.global.issuerName }}
+spec:
+  acme:
+    email: {{ .Values.global.email | quote }}
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: {{ .Values.global.issuerName }}
+    solvers:
+      - dns01:
+          rfc2136:
+            nameserver: {{ .Values.rfc2136.nameserver | quote }}
+            tsigKeyName: {{ .Values.rfc2136.tsigKeyName | quote }}
+            tsigAlgorithm: {{ .Values.rfc2136.tsigAlgorithm | quote }}
+            tsigSecretSecretRef:
+              name: {{ .Values.rfc2136.tsigSecretName | quote }}
+              key: {{ .Values.rfc2136.tsigSecretKey | quote }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-{{ .Values.global.domain | replace "." "-" }}
+  namespace: {{ .Values.global.namespace }}
+spec:
+  secretName: wildcard-{{ .Values.global.domain | replace "." "-" }}
+  secretTemplate:
+    annotations:
+      replicator.v1.mittwald.de/replication-allowed: "true"
+      replicator.v1.mittwald.de/replicate-to: "{{ .Values.replicatorNamespaces }}"
+  issuerRef:
+    name: {{ .Values.global.issuerName }}
+    kind: ClusterIssuer
+  commonName: {{ .Values.global.domain | quote }}
+  dnsNames:
+    - {{ .Values.global.domain | quote }}
+    - "*."{{ .Values.global.domain | quote }}
+

values.yaml

@@ -1,6 +1,14 @@
 global:
   domain: hxme.net
-
+  namespace: cert-manager
-ssl:
+  issuerName: letsencrypt-rfc2136
-  secret_name: wildcard-hxme-net
   email: admin@hxme.net
+
+rfc2136:
+  nameserver: hawke.hxst.com.au:53
+  tsigKeyName: hxme-update-key
+  tsigAlgorithm: HMACSHA512
+  tsigSecretName: hxme-update-key
+  tsigSecretKey: hxme-update-key
+
+replicatorNamespaces: "monitoring,authentik,nextcloud"