From 695cbc94888a30b7b06c62f1a7674d5fa696632f Mon Sep 17 00:00:00 2001 From: Christian Date: Wed, 19 Jan 2022 11:06:26 +0100 Subject: [PATCH 1/3] bind9 template --- docker-compose/bind9/README.md | 0 docker-compose/bind9/config/example.named.conf | 0 docker-compose/bind9/docker-compose.yml | 13 +++++++++++++ 3 files changed, 13 insertions(+) create mode 100644 docker-compose/bind9/README.md create mode 100644 docker-compose/bind9/config/example.named.conf create mode 100644 docker-compose/bind9/docker-compose.yml diff --git a/docker-compose/bind9/README.md b/docker-compose/bind9/README.md new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose/bind9/config/example.named.conf b/docker-compose/bind9/config/example.named.conf new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose/bind9/docker-compose.yml b/docker-compose/bind9/docker-compose.yml new file mode 100644 index 0000000..1aaee01 --- /dev/null +++ b/docker-compose/bind9/docker-compose.yml @@ -0,0 +1,13 @@ +version: '3' + +services: + bind9: + image: ubuntu/bind9:latest + container_name: bind9 + ports: + - "53:53" + volumes: + - /etc/bind/:/etc/bind/ + - /var/cache/bind:/var/cache/bind + - /var/lib/bind:/var/lib/bind + restart: unless-stopped From 9428b0afe0fe0164a7d8675ca25f086c72a71f14 Mon Sep 17 00:00:00 2001 From: Christian Date: Tue, 1 Feb 2022 09:31:40 +0100 Subject: [PATCH 2/3] Insert cert-manager Fixes #31 --- kubernetes/certmanager/README.md | 19 + kubernetes/certmanager/default-values.yml | 516 ++++++++++++++++++ .../templates/cloudflare-issuer.yml | 0 .../templates/cloudflare-secret.yml | 0 .../templates/digitalocean-issuer.yml | 0 .../templates/digitalocean-secret.yml | 0 .../certmanager/templates/http-issuer.yml | 0 kubernetes/certmanager/values.yml | 25 + 8 files changed, 560 insertions(+) create mode 100644 kubernetes/certmanager/README.md create mode 100644 kubernetes/certmanager/default-values.yml create mode 100644 kubernetes/certmanager/templates/cloudflare-issuer.yml create mode 100644 kubernetes/certmanager/templates/cloudflare-secret.yml create mode 100644 kubernetes/certmanager/templates/digitalocean-issuer.yml create mode 100644 kubernetes/certmanager/templates/digitalocean-secret.yml create mode 100644 kubernetes/certmanager/templates/http-issuer.yml create mode 100644 kubernetes/certmanager/values.yml diff --git a/kubernetes/certmanager/README.md b/kubernetes/certmanager/README.md new file mode 100644 index 0000000..8a7ef74 --- /dev/null +++ b/kubernetes/certmanager/README.md @@ -0,0 +1,19 @@ + + +helm repo add jetstack https://charts.jetstack.io + + +Install CRDs +(option 1) manually: +kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.0/cert-manager.crds.yaml + +Or +install with helm +--set installCRDs=true + +$ helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --create-namespace \ + --version v1.7.0 \ + # --set installCRDs=true \ No newline at end of file diff --git a/kubernetes/certmanager/default-values.yml b/kubernetes/certmanager/default-values.yml new file mode 100644 index 0000000..f20c2d6 --- /dev/null +++ b/kubernetes/certmanager/default-values.yml @@ -0,0 +1,516 @@ +# Default values for cert-manager. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + + # Optional priority class to be used for the cert-manager pods + priorityClassName: "" + rbac: + create: true + + podSecurityPolicy: + enabled: false + useAppArmor: true + + # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. + logLevel: 2 + + leaderElection: + # Override the namespace used to store the ConfigMap for leader election + namespace: "kube-system" + + # The duration that non-leader candidates will wait after observing a + # leadership renewal until attempting to acquire leadership of a led but + # unrenewed leader slot. This is effectively the maximum duration that a + # leader can be stopped before it is replaced by another candidate. + # leaseDuration: 60s + + # The interval between attempts by the acting master to renew a leadership + # slot before it stops leading. This must be less than or equal to the + # lease duration. + # renewDeadline: 40s + + # The duration the clients should wait between attempting acquisition and + # renewal of a leadership. + # retryPeriod: 15s + +installCRDs: false + +replicaCount: 1 + +strategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + +# Comma separated list of feature gates that should be enabled on the +# controller pod. +featureGates: "" + +image: + repository: quay.io/jetstack/cert-manager-controller + # You can manage a registry with + # registry: quay.io + # repository: jetstack/cert-manager-controller + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. + # tag: canary + + # Setting a digest will override any tag + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + pullPolicy: IfNotPresent + +# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer +# resources. By default, the same namespace as cert-manager is deployed within is +# used. This namespace will not be automatically created by the Helm chart. +clusterResourceNamespace: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + # name: "" + # Optional additional annotations to add to the controller's ServiceAccount + # annotations: {} + # Automount API credentials for a Service Account. + automountServiceAccountToken: true + +# Additional command line flags to pass to cert-manager controller binary. +# To see all available flags run docker run quay.io/jetstack/cert-manager-controller: --help +extraArgs: [] + # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted + # - --enable-certificate-owner-ref=true + # Use this flag to enabled or disable arbitrary controllers, for example, disable the CertificiateRequests approver + # - --controllers=*,-certificaterequests-approver + +extraEnv: [] +# - name: SOME_VAR +# value: 'some value' + +resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + +# Pod Security Context +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +securityContext: + runAsNonRoot: true +# legacy securityContext parameter format: if enabled is set to true, only fsGroup and runAsUser are supported +# securityContext: +# enabled: false +# fsGroup: 1001 +# runAsUser: 1001 +# to support additional securityContext parameters, omit the `enabled` parameter and simply specify the parameters +# you want to set, e.g. +# securityContext: +# fsGroup: 1000 +# runAsUser: 1000 +# runAsNonRoot: true + +# Container Security Context to be set on the controller component container +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +containerSecurityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + +volumes: [] + +volumeMounts: [] + +# Optional additional annotations to add to the controller Deployment +# deploymentAnnotations: {} + +# Optional additional annotations to add to the controller Pods +# podAnnotations: {} + +podLabels: {} + +# Optional annotations to add to the controller Service +# serviceAnnotations: {} + +# Optional additional labels to add to the controller Service +# serviceLabels: {} + +# Optional DNS settings, useful if you have a public and private DNS zone for +# the same domain on Route 53. What follows is an example of ensuring +# cert-manager can access an ingress or DNS TXT records at all times. +# NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for +# the cluster to work. +# podDnsPolicy: "None" +# podDnsConfig: +# nameservers: +# - "1.1.1.1" +# - "8.8.8.8" + +nodeSelector: {} + +ingressShim: {} + # defaultIssuerName: "" + # defaultIssuerKind: "" + # defaultIssuerGroup: "" + +prometheus: + enabled: true + servicemonitor: + enabled: false + prometheusInstance: default + targetPort: 9402 + path: /metrics + interval: 60s + scrapeTimeout: 30s + labels: {} + honorLabels: false + +# Use these variables to configure the HTTP_PROXY environment variables +# http_proxy: "http://proxy:8080" +# https_proxy: "https://proxy:8080" +# no_proxy: 127.0.0.1,localhost + +# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core +# for example: +# affinity: +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: foo.bar.com/role +# operator: In +# values: +# - master +affinity: {} + +# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core +# for example: +# tolerations: +# - key: foo.bar.com/role +# operator: Equal +# value: master +# effect: NoSchedule +tolerations: [] + +webhook: + replicaCount: 1 + timeoutSeconds: 10 + + # Used to configure options for the webhook pod. + # This allows setting options that'd usually be provided via flags. + # An APIVersion and Kind must be specified in your values.yaml file. + # Flags will override options that are set here. + config: + # apiVersion: webhook.config.cert-manager.io/v1alpha1 + # kind: WebhookConfiguration + + # The port that the webhook should listen on for requests. + # In GKE private clusters, by default kubernetes apiservers are allowed to + # talk to the cluster nodes only on 443 and 10250. so configuring + # securePort: 10250, will work out of the box without needing to add firewall + # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. + # This should be uncommented and set as a default by the chart once we graduate + # the apiVersion of WebhookConfiguration past v1alpha1. + # securePort: 10250 + + strategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + + # Pod Security Context to be set on the webhook component Pod + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: + runAsNonRoot: true + + # Container Security Context to be set on the webhook component container + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + containerSecurityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + # Optional additional annotations to add to the webhook Deployment + # deploymentAnnotations: {} + + # Optional additional annotations to add to the webhook Pods + # podAnnotations: {} + + # Optional additional annotations to add to the webhook Service + # serviceAnnotations: {} + + # Optional additional annotations to add to the webhook MutatingWebhookConfiguration + # mutatingWebhookConfigurationAnnotations: {} + + # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration + # validatingWebhookConfigurationAnnotations: {} + + # Additional command line flags to pass to cert-manager webhook binary. + # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook: --help + extraArgs: [] + # Path to a file containing a WebhookConfiguration object used to configure the webhook + # - --config= + + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + + nodeSelector: {} + + affinity: {} + + tolerations: [] + + # Optional additional labels to add to the Webhook Pods + podLabels: {} + + # Optional additional labels to add to the Webhook Service + serviceLabels: {} + + image: + repository: quay.io/jetstack/cert-manager-webhook + # You can manage a registry with + # registry: quay.io + # repository: jetstack/cert-manager-webhook + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. + # tag: canary + + # Setting a digest will override any tag + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + pullPolicy: IfNotPresent + + serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + # name: "" + # Optional additional annotations to add to the controller's ServiceAccount + # annotations: {} + # Automount API credentials for a Service Account. + automountServiceAccountToken: true + + # The port that the webhook should listen on for requests. + # In GKE private clusters, by default kubernetes apiservers are allowed to + # talk to the cluster nodes only on 443 and 10250. so configuring + # securePort: 10250, will work out of the box without needing to add firewall + # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000 + securePort: 10250 + + # Specifies if the webhook should be started in hostNetwork mode. + # + # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom + # CNI (such as calico), because control-plane managed by AWS cannot communicate + # with pods' IP CIDR and admission webhooks are not working + # + # Since the default port for the webhook conflicts with kubelet on the host + # network, `webhook.securePort` should be changed to an available port if + # running in hostNetwork mode. + hostNetwork: false + + # Specifies how the service should be handled. Useful if you want to expose the + # webhook to outside of the cluster. In some cases, the control plane cannot + # reach internal services. + serviceType: ClusterIP + # loadBalancerIP: + + # Overrides the mutating webhook and validating webhook so they reach the webhook + # service using the `url` field instead of a service. + url: {} + # host: + +cainjector: + enabled: true + replicaCount: 1 + + strategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + + # Pod Security Context to be set on the cainjector component Pod + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: + runAsNonRoot: true + + # Container Security Context to be set on the cainjector component container + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + containerSecurityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + + + # Optional additional annotations to add to the cainjector Deployment + # deploymentAnnotations: {} + + # Optional additional annotations to add to the cainjector Pods + # podAnnotations: {} + + # Additional command line flags to pass to cert-manager cainjector binary. + # To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector: --help + extraArgs: [] + # Enable profiling for cainjector + # - --enable-profiling=true + + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + + nodeSelector: {} + + affinity: {} + + tolerations: [] + + # Optional additional labels to add to the CA Injector Pods + podLabels: {} + + image: + repository: quay.io/jetstack/cert-manager-cainjector + # You can manage a registry with + # registry: quay.io + # repository: jetstack/cert-manager-cainjector + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. + # tag: canary + + # Setting a digest will override any tag + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + pullPolicy: IfNotPresent + + serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + # name: "" + # Optional additional annotations to add to the controller's ServiceAccount + # annotations: {} + # Automount API credentials for a Service Account. + automountServiceAccountToken: true + +# This startupapicheck is a Helm post-install hook that waits for the webhook +# endpoints to become available. +# The check is implemented using a Kubernetes Job- if you are injecting mesh +# sidecar proxies into cert-manager pods, you probably want to ensure that they +# are not injected into this Job's pod. Otherwise the installation may time out +# due to the Job never being completed because the sidecar proxy does not exit. +# See https://github.com/jetstack/cert-manager/pull/4414 for context. +startupapicheck: + enabled: true + + # Pod Security Context to be set on the startupapicheck component Pod + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + securityContext: + runAsNonRoot: true + + # Timeout for 'kubectl check api' command + timeout: 1m + + # Job backoffLimit + backoffLimit: 4 + + # Optional additional annotations to add to the startupapicheck Job + jobAnnotations: + helm.sh/hook: post-install + helm.sh/hook-weight: "1" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + + # Optional additional annotations to add to the startupapicheck Pods + # podAnnotations: {} + + # Additional command line flags to pass to startupapicheck binary. + # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl: --help + extraArgs: [] + + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + + nodeSelector: {} + + affinity: {} + + tolerations: [] + + # Optional additional labels to add to the startupapicheck Pods + podLabels: {} + + image: + repository: quay.io/jetstack/cert-manager-ctl + # You can manage a registry with + # registry: quay.io + # repository: jetstack/cert-manager-ctl + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. + # tag: canary + + # Setting a digest will override any tag + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + pullPolicy: IfNotPresent + + rbac: + # annotations for the startup API Check job RBAC and PSP resources + annotations: + helm.sh/hook: post-install + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + + serviceAccount: + # Specifies whether a service account should be created + create: true + + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + # name: "" + + # Optional additional annotations to add to the Job's ServiceAccount + annotations: + helm.sh/hook: post-install + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + + # Automount API credentials for a Service Account. + automountServiceAccountToken: true \ No newline at end of file diff --git a/kubernetes/certmanager/templates/cloudflare-issuer.yml b/kubernetes/certmanager/templates/cloudflare-issuer.yml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/certmanager/templates/cloudflare-secret.yml b/kubernetes/certmanager/templates/cloudflare-secret.yml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/certmanager/templates/digitalocean-issuer.yml b/kubernetes/certmanager/templates/digitalocean-issuer.yml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/certmanager/templates/digitalocean-secret.yml b/kubernetes/certmanager/templates/digitalocean-secret.yml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/certmanager/templates/http-issuer.yml b/kubernetes/certmanager/templates/http-issuer.yml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/certmanager/values.yml b/kubernetes/certmanager/values.yml new file mode 100644 index 0000000..0e7e4cb --- /dev/null +++ b/kubernetes/certmanager/values.yml @@ -0,0 +1,25 @@ + +global: + logLevel: 2 # default: 2 + +replicaCount: 1 # default: 1 + +installCRDs: true # default: false + +extraArgs: [] + +extraEnv: [] + +resources: {} + +prometheus: + enabled: true + servicemonitor: + enabled: false + prometheusInstance: default + targetPort: 9402 + path: /metrics + interval: 60s + scrapeTimeout: 30s + labels: {} + honorLabels: false \ No newline at end of file From ac32340c1ec6c9f3c4265580d567aefb10e25885 Mon Sep 17 00:00:00 2001 From: Christian Date: Thu, 10 Feb 2022 12:37:21 +0100 Subject: [PATCH 3/3] Insert cert-manager Fixes #31 --- .../templates/cloudflare-issuer.yml | 0 .../templates/cloudflare-secret.yml | 0 .../templates/digitalocean-issuer.yml | 0 .../templates/digitalocean-secret.yml | 0 .../certmanager/templates/http-issuer.yml | 0 .../certmanager/templates/issuer-acme.yml | 52 +++++++++++++++++++ .../templates/issuer-selfsigned.yml | 9 ++++ .../templates/secret-cloudflare.yml | 14 +++++ kubernetes/certmanager/values.yml | 25 --------- 9 files changed, 75 insertions(+), 25 deletions(-) delete mode 100644 kubernetes/certmanager/templates/cloudflare-issuer.yml delete mode 100644 kubernetes/certmanager/templates/cloudflare-secret.yml delete mode 100644 kubernetes/certmanager/templates/digitalocean-issuer.yml delete mode 100644 kubernetes/certmanager/templates/digitalocean-secret.yml delete mode 100644 kubernetes/certmanager/templates/http-issuer.yml create mode 100644 kubernetes/certmanager/templates/issuer-acme.yml create mode 100644 kubernetes/certmanager/templates/issuer-selfsigned.yml create mode 100644 kubernetes/certmanager/templates/secret-cloudflare.yml delete mode 100644 kubernetes/certmanager/values.yml diff --git a/kubernetes/certmanager/templates/cloudflare-issuer.yml b/kubernetes/certmanager/templates/cloudflare-issuer.yml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/certmanager/templates/cloudflare-secret.yml b/kubernetes/certmanager/templates/cloudflare-secret.yml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/certmanager/templates/digitalocean-issuer.yml b/kubernetes/certmanager/templates/digitalocean-issuer.yml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/certmanager/templates/digitalocean-secret.yml b/kubernetes/certmanager/templates/digitalocean-secret.yml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/certmanager/templates/http-issuer.yml b/kubernetes/certmanager/templates/http-issuer.yml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/certmanager/templates/issuer-acme.yml b/kubernetes/certmanager/templates/issuer-acme.yml new file mode 100644 index 0000000..d1554ad --- /dev/null +++ b/kubernetes/certmanager/templates/issuer-acme.yml @@ -0,0 +1,52 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: acme-issuer + # (Optional) Metadata + # --- + # namespace: your-namespace +spec: + acme: + # Configure your email here... + # --- + # email: your-email@address + + # Configure your server here... + # --- + # Letsencrypt Production + # server: https://acme-v02.api.letsencrypt.org/directory + # - or - + # Letsencrypt Staging + # server: https://acme-staging-v02.api.letsencrypt.org/directory + + privateKeySecretRef: + name: example-issuer-account-key + solvers: + # Configure DNS or HTTP Challenge here... + # --- + # DNS Challenge: + - dns01: + # Configure your DNS Provider here... + # --- + # cloudflare: + # email: your-email@address + # API Key: + # apiKeySecretRef: + # name: cloudflare-api-key-secret + # key: api-key + # - or - + # API Token: + # apiTokenSecretRef: + # name: cloudflare-api-token-secret + # key: api-token + # (Optional) Add DNS selectors + # --- + # selector: + # dnsNames: + # - 'your-domain' + # - '*.your-domain' + + # HTTP Challenge: + # - http01: + # ingress: + # class: traefik diff --git a/kubernetes/certmanager/templates/issuer-selfsigned.yml b/kubernetes/certmanager/templates/issuer-selfsigned.yml new file mode 100644 index 0000000..8771d2a --- /dev/null +++ b/kubernetes/certmanager/templates/issuer-selfsigned.yml @@ -0,0 +1,9 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + # (Optional) Metadata + # --- + # namespace: your-namespace +spec: + selfSigned: {} \ No newline at end of file diff --git a/kubernetes/certmanager/templates/secret-cloudflare.yml b/kubernetes/certmanager/templates/secret-cloudflare.yml new file mode 100644 index 0000000..2d9e1ba --- /dev/null +++ b/kubernetes/certmanager/templates/secret-cloudflare.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-key-secret + namespace: cert-manager +type: Opaque +stringData: + # Configure your API Key or Credentials here... + # --- + # API Key: + # api-key: your-api-key + # - or - + # Token: + # api-token: your-api-token \ No newline at end of file diff --git a/kubernetes/certmanager/values.yml b/kubernetes/certmanager/values.yml deleted file mode 100644 index 0e7e4cb..0000000 --- a/kubernetes/certmanager/values.yml +++ /dev/null @@ -1,25 +0,0 @@ - -global: - logLevel: 2 # default: 2 - -replicaCount: 1 # default: 1 - -installCRDs: true # default: false - -extraArgs: [] - -extraEnv: [] - -resources: {} - -prometheus: - enabled: true - servicemonitor: - enabled: false - prometheusInstance: default - targetPort: 9402 - path: /metrics - interval: 60s - scrapeTimeout: 30s - labels: {} - honorLabels: false \ No newline at end of file