gitops: add cert-manager

gitops/home-kubernetes/cert-manager/helmrelease.yaml

@@ -0,0 +1,54 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.17.2"
+      sourceRef:
+        kind: HelmRepository
+        name: cert-manager
+        namespace: flux-system
+  install:
+    createNamespace: true
+    crds: CreateReplace
+  upgrade:
+    crds: CreateReplace
+  values:
+    crds:
+      enabled: true
+    prometheus:
+      enabled: false
+    extraObjects:
+    - apiVersion: cert-manager.io/v1
+      kind: ClusterIssuer
+      metadata:
+        name: letsencrypt-staging
+      spec:
+        acme:
+          server: https://acme-staging-v02.api.letsencrypt.org/directory
+          email: kacerr.cz+lets-encrypt@gmail.com
+          privateKeySecretRef:
+            name: letsencrypt-staging-account-key
+          solvers:
+          - http01:
+              ingress:
+                ingressClassName: nginx
+    - apiVersion: cert-manager.io/v1
+      kind: ClusterIssuer
+      metadata:
+        name: letsencrypt-prod
+      spec:
+        acme:
+          server: https://acme-v02.api.letsencrypt.org/directory
+          email: kacerr.cz+lets-encrypt@gmail.com
+          privateKeySecretRef:
+            name: letsencrypt-prod-account-key
+          solvers:
+          - http01:
+              ingress:
+                ingressClassName: nginx

gitops/home-kubernetes/cert-manager/helmrepository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io

gitops/home-kubernetes/cert-manager/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager

gitops/home-kubernetes/flux-system/extra-kustomizations.yaml

@@ -14,6 +14,19 @@ spec:
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./gitops/home-kubernetes/cert-manager
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
 metadata:
   name: ingress-nginx
   namespace: flux-system

gitops/home-kubernetes/podinfo/helmRelease.yaml

@@ -12,10 +12,23 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: podinfo
+        namespace: flux-system
       version: '>5.0.0'
   interval: 1m0s
   releaseName: podinfo
   values:
+    ingress:
+      enabled: true
+      className: nginx
+      hosts:
+        - host: podinfo.lab.home.hrajfrisbee.cz
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+      tls: []
+      #  - secretName: chart-example-tls
+      #    hosts:
+      #      - chart-example.local
     replicaCount: 2
     resources:
       limits:

gitops/home-kubernetes/podinfo/helmRepository.yaml

@@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: podinfo
-  namespace: default
+  namespace: flux-system
 spec:
   interval: 10m0s
   url: https://stefanprodan.github.io/podinfo