add cert-manager

2024-09-21 22:26:30 +01:00 · 2024-09-21 22:26:30 +01:00 · 09d137b092
commit 09d137b092
parent 2bdf2de9d1
12 changed files with 90 additions and 37 deletions
--- a/apps/base/traefik/kustomization.yaml
+++ b/apps/base/traefik/kustomization.yaml
@ -1,7 +0,0 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - rbac.yaml
  - traefik.yaml
  - svc.yaml
--- a/apps/production/cert-manager/certificates/fascinated-cc.yml
+++ b/apps/production/cert-manager/certificates/fascinated-cc.yml
@ -0,0 +1,15 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: fascinated-cc
  namespace: traefik
 spec:
  secretName: fascinated-cc
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "*.fascinated.cc"
  dnsNames:
    - "fascinated.cc"
    - "*.fascinated.cc"
--- a/apps/production/cert-manager/certificates/local-fascinated-cc.yml
+++ b/apps/production/cert-manager/certificates/local-fascinated-cc.yml
@ -0,0 +1,14 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: local-fascinated-cc
  namespace: traefik
 spec:
  secretName: local-fascinated-cc
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "*.local.fascinated.cc"
  dnsNames:
    - "*.local.fascinated.cc"
--- a/apps/production/cert-manager/certificates/mcutils-xyz.yml
+++ b/apps/production/cert-manager/certificates/mcutils-xyz.yml
@ -0,0 +1,15 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: mcutils-xyz
  namespace: traefik
 spec:
  secretName: mcutils-xyz
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "*.mcutils.xyz"
  dnsNames:
    - "mcutils.xyz"
    - "*.mcutils.xyz"
--- a/apps/production/cert-manager/issuer.yml
+++ b/apps/production/cert-manager/issuer.yml
@ -0,0 +1,23 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-production
  namespace: cert-manager
 spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: liam@fascinated.cc
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
      - dns01:
          cloudflare:
            email: liam@fascinated.cc
            apiTokenSecretRef:
              name: cloudflare-token-secret
              key: cloudflare-token
        selector:
          dnsZones:
            - "fascinated.cc"
            - "mcutils.xyz"
--- a/apps/production/cert-manager/kustomization.yaml
+++ b/apps/production/cert-manager/kustomization.yaml
@ -0,0 +1,8 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: cert-manager
 resources:
  - namespace.yaml
  - certificates/*.yaml
  - issuers.yaml
--- a/apps/production/cert-manager/namespace.yaml
+++ b/apps/production/cert-manager/namespace.yaml
@ -0,0 +1,5 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: cert-manager
--- a/apps/production/traefik/kustomization.yaml
+++ b/apps/production/traefik/kustomization.yaml
@ -4,7 +4,6 @@ kind: Kustomization
 namespace: traefik-production
 resources:
  - namespace.yaml
-  - ../../base/traefik
+  - rbac.yaml
-
+  - traefik.yaml
-patchesStrategicMerge:
+  - service.yaml
  - traefik-patch.yaml
--- a/apps/production/traefik/rbac.yaml
+++ b/apps/production/traefik/rbac.yaml
--- a/apps/production/traefik/service.yaml
+++ b/apps/production/traefik/service.yaml
@ -12,7 +12,6 @@ spec:
    app.kubernetes.io/name: traefik
  type: LoadBalancer
  loadBalancerIP: 10.0.69.250
  externalTrafficPolicy: Local
  ports:
    - port: 80
      name: web
--- a/apps/production/traefik/traefik-patch.yaml
+++ b/apps/production/traefik/traefik-patch.yaml
@ -1,23 +0,0 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: traefik
 spec:
  template:
    spec:
      containers:
        - name: traefik
          args:
            - "--entryPoints.web.address=:8000/tcp"
            - "--entryPoints.websecure.address=:8443/tcp"
            - "--ping=true"
            - "--global.sendanonymoususage=false"
            - "--global.checknewversion=false"
            - "--serversTransport.insecureSkipVerify=true"
            - "--log.level=INFO"
            - "--providers.kubernetescrd"
            - "--providers.kubernetescrd.allowCrossNamespace=true"
            - "--providers.kubernetescrd.allowExternalNameServices=true"
            - "--providers.kubernetesingress.allowCrossNamespace=true"
            - "--providers.kubernetesingress.allowExternalNameServices=true"
--- a/apps/production/traefik/traefik.yaml
+++ b/apps/production/traefik/traefik.yaml
@ -26,11 +26,16 @@ spec:
          args:
            - "--entryPoints.web.address=:8000/tcp"
            - "--entryPoints.websecure.address=:8443/tcp"
            - "--api=true"
            - "--api.dashboard=true"
            - "--ping=true"
            - "--global.sendanonymoususage=false"
            - "--global.checknewversion=false"
            - "--serversTransport.insecureSkipVerify=true"
            - "--log.level=INFO"
            - "--providers.kubernetescrd"
            - "--providers.kubernetescrd.allowCrossNamespace=true"
            - "--providers.kubernetescrd.allowExternalNameServices=true"
            - "--providers.kubernetesingress.allowCrossNamespace=true"
            - "--providers.kubernetesingress.allowExternalNameServices=true"
          readinessProbe:
            httpGet:
              path: /ping