Mathis/dev-cluster
1
0
Fork 0
mirror of https://github.com/lordmathis/dev-cluster.git synced 2025-12-23 09:04:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add domain2 configurations for Cloudflare issuer and secrets

Browse Source
This commit is contained in:
Matúš Námešný
2025-04-18 14:59:24 +02:00
parent 00eae4e548
commit c8a3adaa9e
3 changed files with 56 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infrastructure/configs/cert-manager/certificate.yaml
View File

@@ -23,5 +23,5 @@ spec:
dnsNames: dnsNames:
- "${GHOST_DOMAIN}" - "${GHOST_DOMAIN}"
issuerRef: issuerRef:
name: cloudflare-prod name: cloudflare-prod-domain2
kind: ClusterIssuer kind: ClusterIssuer

47
infrastructure/configs/cert-manager/cloudflare-secret.enc.yaml
View File

@@ -1,4 +1,4 @@
# /infrastructure/configs/cert-manager/secret.enc.yaml #ENC[AES256_GCM,data:cu+9wnuR6pqcsIbg5yBclb5u5dgXlHiPOaPltjTQDWpW3venFx8hLzxfNChMNOHEwChhb9Y=,iv:TqzQq1wOkaGAzgou/rqQ1ihKy7ujZ7sy72oCM0L1HUs=,tag:iPgFZQWdROAywGL9QFAtFg==,type:comment]
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@@ -6,7 +6,7 @@ metadata:
namespace: cert-manager namespace: cert-manager
type: Opaque type: Opaque
stringData: stringData:
api-token: ENC[AES256_GCM,data:Urnj7HrYPocHC+h2k75e/H9WDxmh8iF9mReyeWyuB+oOlGKn534SdA==,iv:TTKtIJa4ixQhq9Mh3KeB1VcqoTHFceQJzkSm1gqg3So=,tag:RnckzpR2BRcp8U/J+qX5Lg==,type:str] api-token: ENC[AES256_GCM,data:X0TQssUQDhuIkKJ2qFrm/U5ElvelX7mJ9tJnE8Xu4ubYQanddjL4Kg==,iv:fo75MvhvXZjAGjYMKqnlSK2gIMqt7LNznpri/PlLYR4=,tag:9P3msuVx1JVkCQLni995tg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -16,14 +16,43 @@ sops:
- recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZWprTlZDbUhFdU12bkc3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbW9Kalg5Mk5ZQzF3RGdv
RVlFVjk0dHNyc21ZVHRzaTZlSTlENDB4MVJjCkFWV1RKcXU2Nk1jeSt4eG9nV0or R01nUWJRMDhEWUNMMkxFRVRHa3JRZlh1VFJZCmI5VTc4WEt3WFFlUXV1bENsdDlh
UVJmcHNMdnNGd2Jxc2h4M0FoY0RyTmMKLS0tIE9SZ2R3OFZOTVBncVAyUDFyS2Jz c3JTQmJpUXVsT3lzd01OK0RCYU1kQXMKLS0tIHROY3UwTnNFRTE2NWdMWTJPMzRO
THljamdxWFVpaVdtZFpiQXV0SjdicE0KgvRRtxMKub4V0xQTDU7De+7Es7vLbHn+ Um0xQjRtcjFtTWU3WG9sTWxtOWtUTDgKz2lxIK3iXlUuaCPKxrh+iRv7jN7c3Tqc
BkIKFMqJRnFk32vcPdoXqMlKIncZ3SV0/DSo0L0A/8gKYDN5uQlKVA== TNXJvStXa5nCKU5FICHtWNfL6V1E8mojXXgCn5I41fvd8Vl65JKPcw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-23T19:59:37Z" lastmodified: "2025-04-18T12:57:59Z"
mac: ENC[AES256_GCM,data:6gM7IN2Ktv/ckSLXdexX19GgbnRnQHAreRzcTdwgW0ptuW05zjW6sZXT3OBg6RyQ1Ua8d33XgNcIgz9w/mB80UsB2oudCdOTOcvxclS/oIts+4Bs0cCsEPpP57LjG68RCyRZAEetnSr7q/0urbTqWxIX8kK5nV4NaumZrfAqqN8=,iv:Swsc8oEgw/4GFBeRmbELq+VIJBxqiE1TPAvi3F+Dpng=,tag:lRKnB0v4atLreLlCg5QX0Q==,type:str] mac: ENC[AES256_GCM,data:LiZIXu67ZIxfROc9NIlZRniqBRlUFYOUCKF+SKV6TPW2eVyN0VxgsTn5j1ltirJbV/BkfRcHI9ccnNO+hcWGnZtoIWomIo1puieXwI0uKBpDwp7qgkQoO8yr1VTQ0b7iqaM2EbjrPYO6LpxehMVoNGys1FzWjKRIQcP4Fu5zAfY=,iv:tW3uubNQ3gzjGiiMl8CgHcpeShkbqzpnSaXFWMwiEfM=,tag:eGCfHV00z+tBcTBiGTDGjw==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.9.0
---
apiVersion: cert-manager.io/v1
kind: Secret
metadata:
name: cloudflare-api-token-secret-domain2
namespace: cert-manager
type: Opaque
stringData:
api-token: ENC[AES256_GCM,data:z80b0SFZWgXV0Jyk5Gtv7pqdb+hR5OjODwn853/DLmksj622TlrZhw==,iv:BlCv2/6p5mA9Bj757iBSHGXg8iEPgSp0TmtbJUixzDg=,tag:W8pmzZRySEZPMEluEei+yg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbW9Kalg5Mk5ZQzF3RGdv
R01nUWJRMDhEWUNMMkxFRVRHa3JRZlh1VFJZCmI5VTc4WEt3WFFlUXV1bENsdDlh
c3JTQmJpUXVsT3lzd01OK0RCYU1kQXMKLS0tIHROY3UwTnNFRTE2NWdMWTJPMzRO
Um0xQjRtcjFtTWU3WG9sTWxtOWtUTDgKz2lxIK3iXlUuaCPKxrh+iRv7jN7c3Tqc
TNXJvStXa5nCKU5FICHtWNfL6V1E8mojXXgCn5I41fvd8Vl65JKPcw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-18T12:57:59Z"
mac: ENC[AES256_GCM,data:LiZIXu67ZIxfROc9NIlZRniqBRlUFYOUCKF+SKV6TPW2eVyN0VxgsTn5j1ltirJbV/BkfRcHI9ccnNO+hcWGnZtoIWomIo1puieXwI0uKBpDwp7qgkQoO8yr1VTQ0b7iqaM2EbjrPYO6LpxehMVoNGys1FzWjKRIQcP4Fu5zAfY=,iv:tW3uubNQ3gzjGiiMl8CgHcpeShkbqzpnSaXFWMwiEfM=,tag:eGCfHV00z+tBcTBiGTDGjw==,type:str]
pgp: [] pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$ unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.9.0 version: 3.9.0

17
infrastructure/configs/cert-manager/issuer.yaml
View File

@@ -15,3 +15,20 @@ spec:
apiTokenSecretRef: apiTokenSecretRef:
name: cloudflare-api-token-secret name: cloudflare-api-token-secret
key: api-token key: api-token
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cloudflare-prod-domain2
spec:
acme:
email: ${LETSENCRYPT_EMAIL}
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cloudflare-prod-issuer-account-key-domain2
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret-domain2
key: api-token