From 44ca237d98aa5f65d6ceaec1dfe4fec947907fa7 Mon Sep 17 00:00:00 2001 From: Tom Neuber Date: Mon, 27 May 2024 18:40:34 +0200 Subject: [PATCH] add cert-manager to core-deployments --- app-files/core-deployments.yaml | 30 ++++++++++++++++++++++++++ cert-manager/issuer.yaml | 30 ++++++++++++++++++++++++++ cert-manager/values.yaml | 37 +++++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 cert-manager/issuer.yaml create mode 100644 cert-manager/values.yaml diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index e962e34..1c5d057 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -345,3 +345,33 @@ spec: automated: selfHeal: true prune: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + project: default + sources: + - repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: 1.14.5 + helm: + releaseName: cert-manager + valueFiles: + - $values/cert-manager/values.yaml + - repoURL: https://git.ar21.de/yolokube/core-deployments.git + targetRevision: HEAD + ref: values + - repoURL: https://git.ar21.de/yolokube/core-deployments.git + targetRevision: HEAD + path: cert-manager + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true diff --git a/cert-manager/issuer.yaml b/cert-manager/issuer.yaml new file mode 100644 index 0000000..0c7a26d --- /dev/null +++ b/cert-manager/issuer.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + email: letsencrypt@ar21.de + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-prod-key + solvers: + - http01: + ingress: + class: traefik +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + email: letsencrypt@ar21.de + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-staging-key + solvers: + - http01: + ingress: + class: traefik diff --git a/cert-manager/values.yaml b/cert-manager/values.yaml new file mode 100644 index 0000000..700121c --- /dev/null +++ b/cert-manager/values.yaml @@ -0,0 +1,37 @@ +namespace: cert-manager +replicaCount: 3 +installCRDs: true +podDisruptionBudget: + enabled: true +strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 +ingressShim: + defaultIssuerName: letsencrypt-prod + defaultIssuerKind: ClusterIssuer + defaultIssuerGroup: cert-manager.io +webhook: + replicaCount: 3 + podDisruptionBudget: + enabled: true + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 +cainjector: + replicaCount: 3 + podDisruptionBudget: + enabled: true + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 +crds: + enabled: true +prometheus: + servicemonitor: + enabled: true