From c907287cd8dd6eb5588e44f909cef7854eef1b55 Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Tue, 21 Nov 2023 09:10:50 -0500 Subject: [PATCH] letencrypt wildcard cert --- ...stomization-letsencrypt-wildcard-cert.yaml | 16 +++++++++++++++ .../namespace-letsencrypt-wildcard-cert.yaml | 4 ++++ .../cluster-issuer-letsencrypt-prod.yaml | 20 +++++++++++++++++++ .../cluster-issuer-letsencrypt-staging.yaml | 20 +++++++++++++++++++ 4 files changed, 60 insertions(+) create mode 100644 bootstrap/kustomizations/kustomization-letsencrypt-wildcard-cert.yaml create mode 100644 bootstrap/namespaces/namespace-letsencrypt-wildcard-cert.yaml create mode 100644 letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-prod.yaml create mode 100644 letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-staging.yaml diff --git a/bootstrap/kustomizations/kustomization-letsencrypt-wildcard-cert.yaml b/bootstrap/kustomizations/kustomization-letsencrypt-wildcard-cert.yaml new file mode 100644 index 0000000..0ba7283 --- /dev/null +++ b/bootstrap/kustomizations/kustomization-letsencrypt-wildcard-cert.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: letsencrypt-wildcard-cert + namespace: flux-system +spec: + interval: 15m + path: ./letsencrypt-wildcard-cert + dependsOn: + - name: "cert-manager" + - name: "sealed-secrets" + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system diff --git a/bootstrap/namespaces/namespace-letsencrypt-wildcard-cert.yaml b/bootstrap/namespaces/namespace-letsencrypt-wildcard-cert.yaml new file mode 100644 index 0000000..c402246 --- /dev/null +++ b/bootstrap/namespaces/namespace-letsencrypt-wildcard-cert.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: letsencrypt-wildcard-cert diff --git a/letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-prod.yaml b/letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-prod.yaml new file mode 100644 index 0000000..126385e --- /dev/null +++ b/letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-prod.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + email: michael@michaelthomson.dev + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - selector: + dnsZones: + - "michaelthomson.dev" + dns01: + cloudflare: + email: michael@michaelthomson.dev + apiTokenSecretRef: + name: cloudflare-api-key + key: cloudflare_api_key diff --git a/letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-staging.yaml b/letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-staging.yaml new file mode 100644 index 0000000..fa07826 --- /dev/null +++ b/letsencrypt-wildcard-cert/cluster-issuer-letsencrypt-staging.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + email: michael@michaelthomson.dev + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - selector: + dnsZones: + - "michaelthomson.dev" + dns01: + cloudflare: + email: michael@michaelthomson.dev + apiTokenSecretRef: + name: cloudflare-api-key + key: cloudflare_api_key