From cea83e62462e097c7900faaad5d62ee1895b906c Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 27 Nov 2023 18:59:28 -0600 Subject: [PATCH] adding cloudflare to cert issuers --- .../issuers/cloudflare/externalsecret.yaml | 19 ++++++++++++++++ .../cloudflare/issuer-letsencrypt-prod.yaml | 22 +++++++++++++++++++ .../issuer-letsencrypt-staging.yaml | 22 +++++++++++++++++++ .../{ => dnsimple}/dnsimple-issuer-rbac.yaml | 0 .../{ => dnsimple}/externalsecret.yaml | 0 .../issuers/{ => dnsimple}/helmrelease.yaml | 0 .../issuer-letsencrypt-prod.yaml | 5 +++-- .../issuer-letsencrypt-staging.yaml | 1 + .../cert-manager/issuers/kustomization.yaml | 13 ++++++----- 9 files changed, 75 insertions(+), 7 deletions(-) create mode 100644 kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/externalsecret.yaml create mode 100644 kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-prod.yaml create mode 100644 kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-staging.yaml rename kubernetes/apps/cert-manager/cert-manager/issuers/{ => dnsimple}/dnsimple-issuer-rbac.yaml (100%) rename kubernetes/apps/cert-manager/cert-manager/issuers/{ => dnsimple}/externalsecret.yaml (100%) rename kubernetes/apps/cert-manager/cert-manager/issuers/{ => dnsimple}/helmrelease.yaml (100%) rename kubernetes/apps/cert-manager/cert-manager/issuers/{ => dnsimple}/issuer-letsencrypt-prod.yaml (72%) rename kubernetes/apps/cert-manager/cert-manager/issuers/{ => dnsimple}/issuer-letsencrypt-staging.yaml (84%) diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/externalsecret.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/externalsecret.yaml new file mode 100644 index 0000000..d0f24c6 --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/externalsecret.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: cloudflare-api-token + namespace: cert-manager +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: cloudflare-api-token + creationPolicy: Owner + data: + - secretKey: api-token + remoteRef: + key: Cloudflare + property: cert-manager diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-prod.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-prod.yaml new file mode 100644 index 0000000..e94b0ea --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-prod.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-cloudflare-production +spec: + acme: + email: "joe@veri.dev" + preferredChain: "" + privateKeySecretRef: + name: letsencrypt-cloudflare-production + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token + key: api-token + selector: + dnsZones: + - hsn.dev diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-staging.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-staging.yaml new file mode 100644 index 0000000..09429f9 --- /dev/null +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/cloudflare/issuer-letsencrypt-staging.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-cloudflare-staging +spec: + acme: + email: "joe@veri.dev" + preferredChain: "" + privateKeySecretRef: + name: letsencrypt-cloudflare-staging + server: https://acme-staging-v02.api.letsencrypt.org/directory + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token + key: api-token + selector: + dnsZones: + - hsn.dev diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple-issuer-rbac.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/dnsimple-issuer-rbac.yaml similarity index 100% rename from kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple-issuer-rbac.yaml rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/dnsimple-issuer-rbac.yaml diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/externalsecret.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml similarity index 100% rename from kubernetes/apps/cert-manager/cert-manager/issuers/externalsecret.yaml rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/helmrelease.yaml similarity index 100% rename from kubernetes/apps/cert-manager/cert-manager/issuers/helmrelease.yaml rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/helmrelease.yaml diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-prod.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod.yaml similarity index 72% rename from kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-prod.yaml rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod.yaml index fdf28c8..16d5003 100644 --- a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-prod.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod.yaml @@ -1,14 +1,15 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: letsencrypt-production + name: letsencrypt-dnsimple-production spec: acme: email: "joe@veri.dev" preferredChain: "" privateKeySecretRef: - name: letsencrypt-production + name: letsencrypt-dnsimple-production server: https://acme-v02.api.letsencrypt.org/directory solvers: - dns01: diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-staging.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-staging.yaml similarity index 84% rename from kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-staging.yaml rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-staging.yaml index 32d35ee..da67735 100644 --- a/kubernetes/apps/cert-manager/cert-manager/issuers/issuer-letsencrypt-staging.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-staging.yaml @@ -1,4 +1,5 @@ --- +# yaml-language-server: $schema=https://ks.hsn.dev/cert-manager.io/clusterissuer_v1.json apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml index 9ffee24..1e33035 100644 --- a/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml @@ -4,8 +4,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: cert-manager resources: - - ./externalsecret.yaml - - ./issuer-letsencrypt-prod.yaml - - ./issuer-letsencrypt-staging.yaml - - ./dnsimple-issuer-rbac.yaml - - ./helmrelease.yaml + - ./dnsimple/externalsecret.yaml + - ./dnsimple/issuer-letsencrypt-prod.yaml + - ./dnsimple/issuer-letsencrypt-staging.yaml + - ./dnsimple/dnsimple-issuer-rbac.yaml + - ./dnsimple/helmrelease.yaml + - ./cloudflare/externalsecret.yaml + - ./cloudflare/issuer-letsencrypt-prod.yaml + - ./cloudflare/issuer-letsencrypt-staging.yaml