Restructure deployments

2025-12-22 16:44:24 +00:00 · 2024-12-24 13:25:02 +01:00
parent c267c4ea65
commit 487ce7c0ec
34 changed files with 83 additions and 91 deletions
--- a/infrastructure/configs/cert-manager/certificate.yaml
+++ b/infrastructure/configs/cert-manager/certificate.yaml
@@ -0,0 +1,14 @@
+# /infrastructure/configs/cert-manager/certificate.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-nmsny-dev
+  namespace: traefik
+spec:
+  secretName: wildcard-nmsny-dev-tls
+  dnsNames:
+    - "example.com"
+    - "*.example.com"
+  issuerRef:
+    name: cloudflare-prod
+    kind: Issuer
--- a/infrastructure/configs/cert-manager/cloudflare-secret.enc.yaml
+++ b/infrastructure/configs/cert-manager/cloudflare-secret.enc.yaml
@@ -0,0 +1,29 @@
+# /infrastructure/configs/cert-manager/secret.enc.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+    name: cloudflare-api-token-secret
+    namespace: cert-manager
+type: Opaque
+stringData:
+    api-token: ENC[AES256_GCM,data:Urnj7HrYPocHC+h2k75e/H9WDxmh8iF9mReyeWyuB+oOlGKn534SdA==,iv:TTKtIJa4ixQhq9Mh3KeB1VcqoTHFceQJzkSm1gqg3So=,tag:RnckzpR2BRcp8U/J+qX5Lg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZWprTlZDbUhFdU12bkc3
+            RVlFVjk0dHNyc21ZVHRzaTZlSTlENDB4MVJjCkFWV1RKcXU2Nk1jeSt4eG9nV0or
+            UVJmcHNMdnNGd2Jxc2h4M0FoY0RyTmMKLS0tIE9SZ2R3OFZOTVBncVAyUDFyS2Jz
+            THljamdxWFVpaVdtZFpiQXV0SjdicE0KgvRRtxMKub4V0xQTDU7De+7Es7vLbHn+
+            BkIKFMqJRnFk32vcPdoXqMlKIncZ3SV0/DSo0L0A/8gKYDN5uQlKVA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-23T19:59:37Z"
+    mac: ENC[AES256_GCM,data:6gM7IN2Ktv/ckSLXdexX19GgbnRnQHAreRzcTdwgW0ptuW05zjW6sZXT3OBg6RyQ1Ua8d33XgNcIgz9w/mB80UsB2oudCdOTOcvxclS/oIts+4Bs0cCsEPpP57LjG68RCyRZAEetnSr7q/0urbTqWxIX8kK5nV4NaumZrfAqqN8=,iv:Swsc8oEgw/4GFBeRmbELq+VIJBxqiE1TPAvi3F+Dpng=,tag:lRKnB0v4atLreLlCg5QX0Q==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.9.0
--- a/infrastructure/configs/cert-manager/issuer.yaml
+++ b/infrastructure/configs/cert-manager/issuer.yaml
@@ -0,0 +1,15 @@
+# /infrastructure/configs/cert-manager/issuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-prod
+spec:
+  acme:
+    email: admin@example.com
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
--- a/infrastructure/configs/cert-manager/kustomization.yaml
+++ b/infrastructure/configs/cert-manager/kustomization.yaml
@@ -0,0 +1,7 @@
+# /infrastructure/configs/cert-manager/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cloudflare-secret.enc.yaml
+  - issuer.yaml
+  - certificate.yaml