From f15efe40f673c89beb4ebf7e2b20d322daa48c54 Mon Sep 17 00:00:00 2001
From: kjuulh <contact@kjuulh.io>
Date: Mon, 9 May 2022 09:46:08 +0200
Subject: [PATCH] Add helm chart

---
 clank/platform/cert-manager/certificate.yaml  | 36 +++++++------------
 .../platform/cert-manager/cluster-issuer.yaml | 25 +++++++++++++
 .../traefik/helm-chart-config.traefik.yaml    |  0
 clank/platform/traefik/ingress.yaml           |  2 ++
 4 files changed, 40 insertions(+), 23 deletions(-)
 create mode 100644 clank/platform/cert-manager/cluster-issuer.yaml
 create mode 100644 clank/platform/traefik/helm-chart-config.traefik.yaml

diff --git a/clank/platform/cert-manager/certificate.yaml b/clank/platform/cert-manager/certificate.yaml
index dd02343..05dbd89 100644
--- a/clank/platform/cert-manager/certificate.yaml
+++ b/clank/platform/cert-manager/certificate.yaml
@@ -1,25 +1,15 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
 metadata:
-  name: letsencrypt-issuer
+  name: clank
+  namespace: kube-system
 spec:
-  acme:
-    # You must replace this email address with your own.
-    # Let's Encrypt will use this to contact you about expiring
-    # certificates, and issues related to your account.
-    email: contact@kjuulh.io
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      # Secret resource that will be used to store the account's private key.
-      name: letsencrypt-issuer-secret
-    # Add a single challenge solver, HTTP01 using nginx
-    solvers:
-    - dns01:
-        cloudflare:
-          apiTokenSecretRef:
-            name: cloudflare-api-token-secret
-            key: api-token
-      selector:
-        dnsNames:
-        - 'kjuulh.app'
-        - '*.kjuulh.app'
+  commonName: kjuulh.app
+  secretName: clank-cert
+  dnsNames:
+    - kjuulh.app
+    - *.kjuulh.app
+  issuerRef:
+    name: letsencrypt-issuer
+    kind: ClusterIssuer
diff --git a/clank/platform/cert-manager/cluster-issuer.yaml b/clank/platform/cert-manager/cluster-issuer.yaml
new file mode 100644
index 0000000..dd02343
--- /dev/null
+++ b/clank/platform/cert-manager/cluster-issuer.yaml
@@ -0,0 +1,25 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-issuer
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: contact@kjuulh.io
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-issuer-secret
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
+      selector:
+        dnsNames:
+        - 'kjuulh.app'
+        - '*.kjuulh.app'
diff --git a/clank/platform/traefik/helm-chart-config.traefik.yaml b/clank/platform/traefik/helm-chart-config.traefik.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/clank/platform/traefik/ingress.yaml b/clank/platform/traefik/ingress.yaml
index 9b77287..67864ac 100644
--- a/clank/platform/traefik/ingress.yaml
+++ b/clank/platform/traefik/ingress.yaml
@@ -14,3 +14,5 @@ spec:
       services: # Service to redirect requests to
         - name: api@internal # Special service created by Traefik pod
           kind: TraefikService
+  tls:
+    secretName: clank-cert