Add sealed secret for cluster-issuer
This commit is contained in:
parent
a5940a3bb6
commit
35e4ed430e
16
infrastructure/cert-manager/cloudflare-secret.sealed.yaml
Normal file
16
infrastructure/cert-manager/cloudflare-secret.sealed.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api-token-secret
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
encryptedData:
|
||||
api-token: AgBfxV2k7bG5Zf9KIvaSGwgisxhpi6Wxg6TlgIqdJmARkWezhnM7kc41oU2FxK2rOroYF4ailxBJVbCyeCSPoaPu7sn9Fc7+EgGvlb1DOHKvLVLXoAdu3b1opta6gYi05Uzc8anU9uAsMoEJFcn71RTzFIGNMVKVs2VovtajtRf6UW61kNaC54wmMPuhEYsYKYs75sCc/CgmhMD7P8bx6/b6f7QnsksP07mR5GXS1Q8DePu4dHGx9FhMNXVu+lajyd6wW2eLk0EqzNsZ1cSoK3gZrbpKtHGOkuO6TIoBPAgtgqN8wQzurFkeHowTuEU7GMas0FJtP5b/uH0GwKzYeKvqLvX2LLybwiD/idb/fGSZiPIdk5g3ENSOa8bUiVB78mVGXfSWmVcJCAmKY5uB7vRxq44jZI6eTvalrZoAFKF0zzHi1PBTOimgiDUWJXNd6gVORcqqvsbuAOYi/8KzBSXd+qR+EGbAfYgC/0UAhQPr2uuH0MP1x2gnOLtulxU5oRMvtSzMVZrv85qGrkp1KOtK5oQoDT6kgNZKJ6FBV8JsKhISPUGdM0xsgH+cXyqVZ73UlyohaiPYVHpvoRtcMMw0zQM/tQnhMdstEKQgsSGuzg8g7cOgv2aiYFL1sfm08XEofCBeBXrTNodxAa77I4KnNeB1tbR/WXdX/kzLxb0aGheCxsv8nDU3KJyrvAbRj9wVL3hnBnIc6p/bg8KPLrJkp2Qe+3ree/7Wma0+qhlswdvjLn4dGeb9
|
||||
template:
|
||||
data: null
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api-token-secret
|
||||
namespace: cert-manager
|
||||
|
25
infrastructure/cert-manager/cluster-issuer.yaml
Normal file
25
infrastructure/cert-manager/cluster-issuer.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-issuer
|
||||
spec:
|
||||
acme:
|
||||
# You must replace this email address with your own.
|
||||
# Let's Encrypt will use this to contact you about expiring
|
||||
# certificates, and issues related to your account.
|
||||
email: contact@kasperhermansen.com
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
# Secret resource that will be used to store the account's private key.
|
||||
name: letsencrypt-issuer-secret
|
||||
# Add a single challenge solver, HTTP01 using nginx
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-api-token-secret
|
||||
key: api-token
|
||||
selector:
|
||||
dnsNames:
|
||||
- 'kjuulh.app'
|
||||
- '*.kjuulh.app'
|
15
infrastructure/cert-manager/create-secret.sh
Executable file
15
infrastructure/cert-manager/create-secret.sh
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
echo "Encrypt secret with 'sealed-secrets'"
|
||||
kubectl -n default create secret generic cloudflare-api-token-secret \
|
||||
--from-literal=api-token="$1" \
|
||||
--namespace="cert-manager" \
|
||||
--dry-run=client \
|
||||
-o yaml > cloudflare-secret.yaml
|
||||
echo "secret: $1"
|
||||
kubeseal \
|
||||
--format=yaml \
|
||||
--controller-name=sealed-secrets \
|
||||
--controller-namespace=kube-system \
|
||||
< cloudflare-secret.yaml > cloudflare-secret.sealed.yaml
|
||||
echo "Updated/created secret"
|
||||
rm cloudflare-secret.yaml
|
@ -4,3 +4,5 @@ namespace: cert-manager
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- release.yaml
|
||||
- cloudflare-secret.sealed.yaml
|
||||
- cluster-issuer.yaml
|
||||
|
Loading…
Reference in New Issue
Block a user