diff --git a/apps/argocd-ingress/application.yaml b/apps/argocd-ingress-app.yaml similarity index 100% rename from apps/argocd-ingress/application.yaml rename to apps/argocd-ingress-app.yaml diff --git a/apps/whoami/base/deployment.yaml b/apps/whoami/base/deployment.yaml index 798022e..1a19256 100644 --- a/apps/whoami/base/deployment.yaml +++ b/apps/whoami/base/deployment.yaml @@ -1,44 +1,18 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: whoami -spec: - replicas: 1 - selector: - matchLabels: - app: whoami - template: - metadata: - labels: - app: whoami - spec: - containers: - - name: whoami - image: traefik/whoami:latest - ports: - - containerPort: 80 ---- -apiVersion: v1 -kind: Service -metadata: - name: whoami -spec: - ports: - - port: 80 - targetPort: 80 - selector: - app: whoami ---- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: whoami annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + cert-manager.io/cluster-issuer: letsencrypt-prod # <-- NEU + traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" spec: + tls: # <-- NEU + - hosts: + - whoami.k3s.stabify.de + secretName: whoami-tls rules: - - host: whoami.k3s.stabify.de # Placeholder, wird im Overlay überschrieben + - host: whoami.k3s.stabify.de http: paths: - path: / diff --git a/infrastructure/cert-manager-app.yaml b/infrastructure/cert-manager-app.yaml new file mode 100644 index 0000000..f37d5a4 --- /dev/null +++ b/infrastructure/cert-manager-app.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: + project: default + source: + repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.13.3 + helm: + values: | + installCRDs: true + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infrastructure/cert-manager-config-app.yaml b/infrastructure/cert-manager-config-app.yaml new file mode 100644 index 0000000..cd40605 --- /dev/null +++ b/infrastructure/cert-manager-config-app.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager-config + namespace: argocd +spec: + project: default + source: + repoURL: https://git.cloud-infra.prod.openmailserver.de/stabify/gitops.git + targetRevision: HEAD + path: infrastructure/cert-manager + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/infrastructure/cert-manager/cluster-issuer.yaml b/infrastructure/cert-manager/cluster-issuer.yaml new file mode 100644 index 0000000..f17dc69 --- /dev/null +++ b/infrastructure/cert-manager/cluster-issuer.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: admin@stabify.de + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - dns01: + cloudflare: + email: admin@stabify.de + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token + selector: + dnsZones: + - "stabify.de"