new ingressroute for woodpecker

traefik-certmanager/base/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - traefik-certmanager.yaml

traefik-certmanager/base/traefik-certmanager.yaml

@@ -0,0 +1,66 @@
+# from https://github.com/ncsa/traefik-certmanager
+#
+# Used to automatically create cert request for IngressRoute Objects
+#
+# Added by Aaron
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: traefik-certmanager
+  namespace: traefik
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-certmanager
+rules:
+- apiGroups: ["traefik.io"]
+  resources: ["ingressroutes"]
+  verbs: ["watch", "patch"]
+- apiGroups: ["cert-manager.io"]
+  resources: ["certificates"]
+  verbs: ["get", "create", "delete"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-certmanager
+subjects:
+- kind: ServiceAccount
+  name: traefik-certmanager
+  namespace: traefik
+roleRef:
+  kind: ClusterRole
+  name: traefik-certmanager
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik-certmanager
+  namespace: traefik
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: traefik-certmanager
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: traefik-certmanager
+    spec:
+      serviceAccount: traefik-certmanager
+      containers:
+      - name: traefik-certmanager
+        image: git.ar21.de/yolokube/traefik-certmanager:latest
+        imagePullPolicy: Always
+        env:
+        - name: ISSUER_NAME
+          value: letsencrypt-prod
+        - name: ISSUER_KIND
+          value: ClusterIssuer
+        - name: CERT_CLEANUP
+          value: "true"
+        - name: PATCH_SECRETNAME
+          value: "true"