Add sealed secret for cluster-issuer
This commit is contained in:
parent
a5940a3bb6
commit
35e4ed430e
16
infrastructure/cert-manager/cloudflare-secret.sealed.yaml
Normal file
16
infrastructure/cert-manager/cloudflare-secret.sealed.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cloudflare-api-token-secret
|
||||||
|
namespace: cert-manager
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
api-token: AgBfxV2k7bG5Zf9KIvaSGwgisxhpi6Wxg6TlgIqdJmARkWezhnM7kc41oU2FxK2rOroYF4ailxBJVbCyeCSPoaPu7sn9Fc7+EgGvlb1DOHKvLVLXoAdu3b1opta6gYi05Uzc8anU9uAsMoEJFcn71RTzFIGNMVKVs2VovtajtRf6UW61kNaC54wmMPuhEYsYKYs75sCc/CgmhMD7P8bx6/b6f7QnsksP07mR5GXS1Q8DePu4dHGx9FhMNXVu+lajyd6wW2eLk0EqzNsZ1cSoK3gZrbpKtHGOkuO6TIoBPAgtgqN8wQzurFkeHowTuEU7GMas0FJtP5b/uH0GwKzYeKvqLvX2LLybwiD/idb/fGSZiPIdk5g3ENSOa8bUiVB78mVGXfSWmVcJCAmKY5uB7vRxq44jZI6eTvalrZoAFKF0zzHi1PBTOimgiDUWJXNd6gVORcqqvsbuAOYi/8KzBSXd+qR+EGbAfYgC/0UAhQPr2uuH0MP1x2gnOLtulxU5oRMvtSzMVZrv85qGrkp1KOtK5oQoDT6kgNZKJ6FBV8JsKhISPUGdM0xsgH+cXyqVZ73UlyohaiPYVHpvoRtcMMw0zQM/tQnhMdstEKQgsSGuzg8g7cOgv2aiYFL1sfm08XEofCBeBXrTNodxAa77I4KnNeB1tbR/WXdX/kzLxb0aGheCxsv8nDU3KJyrvAbRj9wVL3hnBnIc6p/bg8KPLrJkp2Qe+3ree/7Wma0+qhlswdvjLn4dGeb9
|
||||||
|
template:
|
||||||
|
data: null
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: cloudflare-api-token-secret
|
||||||
|
namespace: cert-manager
|
||||||
|
|
25
infrastructure/cert-manager/cluster-issuer.yaml
Normal file
25
infrastructure/cert-manager/cluster-issuer.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-issuer
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
# You must replace this email address with your own.
|
||||||
|
# Let's Encrypt will use this to contact you about expiring
|
||||||
|
# certificates, and issues related to your account.
|
||||||
|
email: contact@kasperhermansen.com
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
privateKeySecretRef:
|
||||||
|
# Secret resource that will be used to store the account's private key.
|
||||||
|
name: letsencrypt-issuer-secret
|
||||||
|
# Add a single challenge solver, HTTP01 using nginx
|
||||||
|
solvers:
|
||||||
|
- dns01:
|
||||||
|
cloudflare:
|
||||||
|
apiTokenSecretRef:
|
||||||
|
name: cloudflare-api-token-secret
|
||||||
|
key: api-token
|
||||||
|
selector:
|
||||||
|
dnsNames:
|
||||||
|
- 'kjuulh.app'
|
||||||
|
- '*.kjuulh.app'
|
15
infrastructure/cert-manager/create-secret.sh
Executable file
15
infrastructure/cert-manager/create-secret.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
echo "Encrypt secret with 'sealed-secrets'"
|
||||||
|
kubectl -n default create secret generic cloudflare-api-token-secret \
|
||||||
|
--from-literal=api-token="$1" \
|
||||||
|
--namespace="cert-manager" \
|
||||||
|
--dry-run=client \
|
||||||
|
-o yaml > cloudflare-secret.yaml
|
||||||
|
echo "secret: $1"
|
||||||
|
kubeseal \
|
||||||
|
--format=yaml \
|
||||||
|
--controller-name=sealed-secrets \
|
||||||
|
--controller-namespace=kube-system \
|
||||||
|
< cloudflare-secret.yaml > cloudflare-secret.sealed.yaml
|
||||||
|
echo "Updated/created secret"
|
||||||
|
rm cloudflare-secret.yaml
|
@ -4,3 +4,5 @@ namespace: cert-manager
|
|||||||
resources:
|
resources:
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- release.yaml
|
- release.yaml
|
||||||
|
- cloudflare-secret.sealed.yaml
|
||||||
|
- cluster-issuer.yaml
|
||||||
|
Loading…
Reference in New Issue
Block a user