add cert-manager to core-deployments
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Tom Neuber 2024-05-27 18:40:34 +02:00
parent ae12bc6b0e
commit 44ca237d98
Signed by: tom
GPG key ID: F17EFE4272D89FF6
3 changed files with 97 additions and 0 deletions

View file

@ -345,3 +345,33 @@ spec:
automated:
selfHeal: true
prune: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
spec:
project: default
sources:
- repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: 1.14.5
helm:
releaseName: cert-manager
valueFiles:
- $values/cert-manager/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
ref: values
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD
path: cert-manager
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true

30
cert-manager/issuer.yaml Normal file
View file

@ -0,0 +1,30 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: letsencrypt@ar21.de
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: traefik
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: letsencrypt@ar21.de
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging-key
solvers:
- http01:
ingress:
class: traefik

37
cert-manager/values.yaml Normal file
View file

@ -0,0 +1,37 @@
namespace: cert-manager
replicaCount: 3
installCRDs: true
podDisruptionBudget:
enabled: true
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
ingressShim:
defaultIssuerName: letsencrypt-prod
defaultIssuerKind: ClusterIssuer
defaultIssuerGroup: cert-manager.io
webhook:
replicaCount: 3
podDisruptionBudget:
enabled: true
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
cainjector:
replicaCount: 3
podDisruptionBudget:
enabled: true
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
crds:
enabled: true
prometheus:
servicemonitor:
enabled: true