From c8a3adaa9ea4faaa37588c47d3e049b9e2e86466 Mon Sep 17 00:00:00 2001 From: LordMathis Date: Fri, 18 Apr 2025 14:59:24 +0200 Subject: [PATCH] Add domain2 configurations for Cloudflare issuer and secrets --- .../configs/cert-manager/certificate.yaml | 2 +- .../cert-manager/cloudflare-secret.enc.yaml | 47 +++++++++++++++---- .../configs/cert-manager/issuer.yaml | 17 +++++++ 3 files changed, 56 insertions(+), 10 deletions(-) diff --git a/infrastructure/configs/cert-manager/certificate.yaml b/infrastructure/configs/cert-manager/certificate.yaml index e2ca0e4..7461a58 100644 --- a/infrastructure/configs/cert-manager/certificate.yaml +++ b/infrastructure/configs/cert-manager/certificate.yaml @@ -23,5 +23,5 @@ spec: dnsNames: - "${GHOST_DOMAIN}" issuerRef: - name: cloudflare-prod + name: cloudflare-prod-domain2 kind: ClusterIssuer \ No newline at end of file diff --git a/infrastructure/configs/cert-manager/cloudflare-secret.enc.yaml b/infrastructure/configs/cert-manager/cloudflare-secret.enc.yaml index de3c0f2..18d72b7 100644 --- a/infrastructure/configs/cert-manager/cloudflare-secret.enc.yaml +++ b/infrastructure/configs/cert-manager/cloudflare-secret.enc.yaml @@ -1,4 +1,4 @@ -# /infrastructure/configs/cert-manager/secret.enc.yaml +#ENC[AES256_GCM,data:cu+9wnuR6pqcsIbg5yBclb5u5dgXlHiPOaPltjTQDWpW3venFx8hLzxfNChMNOHEwChhb9Y=,iv:TqzQq1wOkaGAzgou/rqQ1ihKy7ujZ7sy72oCM0L1HUs=,tag:iPgFZQWdROAywGL9QFAtFg==,type:comment] apiVersion: v1 kind: Secret metadata: @@ -6,7 +6,7 @@ metadata: namespace: cert-manager type: Opaque stringData: - api-token: ENC[AES256_GCM,data:Urnj7HrYPocHC+h2k75e/H9WDxmh8iF9mReyeWyuB+oOlGKn534SdA==,iv:TTKtIJa4ixQhq9Mh3KeB1VcqoTHFceQJzkSm1gqg3So=,tag:RnckzpR2BRcp8U/J+qX5Lg==,type:str] + api-token: ENC[AES256_GCM,data:X0TQssUQDhuIkKJ2qFrm/U5ElvelX7mJ9tJnE8Xu4ubYQanddjL4Kg==,iv:fo75MvhvXZjAGjYMKqnlSK2gIMqt7LNznpri/PlLYR4=,tag:9P3msuVx1JVkCQLni995tg==,type:str] sops: kms: [] gcp_kms: [] @@ -16,14 +16,43 @@ sops: - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZWprTlZDbUhFdU12bkc3 - RVlFVjk0dHNyc21ZVHRzaTZlSTlENDB4MVJjCkFWV1RKcXU2Nk1jeSt4eG9nV0or - UVJmcHNMdnNGd2Jxc2h4M0FoY0RyTmMKLS0tIE9SZ2R3OFZOTVBncVAyUDFyS2Jz - THljamdxWFVpaVdtZFpiQXV0SjdicE0KgvRRtxMKub4V0xQTDU7De+7Es7vLbHn+ - BkIKFMqJRnFk32vcPdoXqMlKIncZ3SV0/DSo0L0A/8gKYDN5uQlKVA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbW9Kalg5Mk5ZQzF3RGdv + R01nUWJRMDhEWUNMMkxFRVRHa3JRZlh1VFJZCmI5VTc4WEt3WFFlUXV1bENsdDlh + c3JTQmJpUXVsT3lzd01OK0RCYU1kQXMKLS0tIHROY3UwTnNFRTE2NWdMWTJPMzRO + Um0xQjRtcjFtTWU3WG9sTWxtOWtUTDgKz2lxIK3iXlUuaCPKxrh+iRv7jN7c3Tqc + TNXJvStXa5nCKU5FICHtWNfL6V1E8mojXXgCn5I41fvd8Vl65JKPcw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-23T19:59:37Z" - mac: ENC[AES256_GCM,data:6gM7IN2Ktv/ckSLXdexX19GgbnRnQHAreRzcTdwgW0ptuW05zjW6sZXT3OBg6RyQ1Ua8d33XgNcIgz9w/mB80UsB2oudCdOTOcvxclS/oIts+4Bs0cCsEPpP57LjG68RCyRZAEetnSr7q/0urbTqWxIX8kK5nV4NaumZrfAqqN8=,iv:Swsc8oEgw/4GFBeRmbELq+VIJBxqiE1TPAvi3F+Dpng=,tag:lRKnB0v4atLreLlCg5QX0Q==,type:str] + lastmodified: "2025-04-18T12:57:59Z" + mac: ENC[AES256_GCM,data:LiZIXu67ZIxfROc9NIlZRniqBRlUFYOUCKF+SKV6TPW2eVyN0VxgsTn5j1ltirJbV/BkfRcHI9ccnNO+hcWGnZtoIWomIo1puieXwI0uKBpDwp7qgkQoO8yr1VTQ0b7iqaM2EbjrPYO6LpxehMVoNGys1FzWjKRIQcP4Fu5zAfY=,iv:tW3uubNQ3gzjGiiMl8CgHcpeShkbqzpnSaXFWMwiEfM=,tag:eGCfHV00z+tBcTBiGTDGjw==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.9.0 +--- +apiVersion: cert-manager.io/v1 +kind: Secret +metadata: + name: cloudflare-api-token-secret-domain2 + namespace: cert-manager +type: Opaque +stringData: + api-token: ENC[AES256_GCM,data:z80b0SFZWgXV0Jyk5Gtv7pqdb+hR5OjODwn853/DLmksj622TlrZhw==,iv:BlCv2/6p5mA9Bj757iBSHGXg8iEPgSp0TmtbJUixzDg=,tag:W8pmzZRySEZPMEluEei+yg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbW9Kalg5Mk5ZQzF3RGdv + R01nUWJRMDhEWUNMMkxFRVRHa3JRZlh1VFJZCmI5VTc4WEt3WFFlUXV1bENsdDlh + c3JTQmJpUXVsT3lzd01OK0RCYU1kQXMKLS0tIHROY3UwTnNFRTE2NWdMWTJPMzRO + Um0xQjRtcjFtTWU3WG9sTWxtOWtUTDgKz2lxIK3iXlUuaCPKxrh+iRv7jN7c3Tqc + TNXJvStXa5nCKU5FICHtWNfL6V1E8mojXXgCn5I41fvd8Vl65JKPcw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-18T12:57:59Z" + mac: ENC[AES256_GCM,data:LiZIXu67ZIxfROc9NIlZRniqBRlUFYOUCKF+SKV6TPW2eVyN0VxgsTn5j1ltirJbV/BkfRcHI9ccnNO+hcWGnZtoIWomIo1puieXwI0uKBpDwp7qgkQoO8yr1VTQ0b7iqaM2EbjrPYO6LpxehMVoNGys1FzWjKRIQcP4Fu5zAfY=,iv:tW3uubNQ3gzjGiiMl8CgHcpeShkbqzpnSaXFWMwiEfM=,tag:eGCfHV00z+tBcTBiGTDGjw==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.9.0 diff --git a/infrastructure/configs/cert-manager/issuer.yaml b/infrastructure/configs/cert-manager/issuer.yaml index 4e08df4..501026a 100644 --- a/infrastructure/configs/cert-manager/issuer.yaml +++ b/infrastructure/configs/cert-manager/issuer.yaml @@ -14,4 +14,21 @@ spec: cloudflare: apiTokenSecretRef: name: cloudflare-api-token-secret + key: api-token +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cloudflare-prod-domain2 +spec: + acme: + email: ${LETSENCRYPT_EMAIL} + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: cloudflare-prod-issuer-account-key-domain2 + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret-domain2 key: api-token \ No newline at end of file