shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-10-03 01:00:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

new cluster deployment

Browse Source
This commit is contained in:
auricom
2022-10-26 13:41:02 +02:00
parent 0af3d7cc1f
commit 67aafea749
55 changed files with 328 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cluster/apps/networking/cert-manager/helm-release.yaml
View File

@@ -17,11 +17,10 @@ spec:
interval: 15m
install:
createNamespace: true
crds: CreateReplace
remediation:
retries: 3
values:
installCRDs: false
installCRDs: true
webhook:
enabled: true
extraArgs:

2
cluster/apps/networking/cert-manager/issuers/helm-release.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cert-manager-issuers
namespace: cert-manager
namespace: default
spec:
interval: 15m
chart:

4
cluster/apps/networking/cert-manager/kustomization.yaml
View File

@@ -2,8 +2,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- secret.sops.yaml
- helm-release.yaml
- rbac.yaml
- webhook-ovh
- issuers
- certificates
- prometheus-rule.yaml

8
cluster/apps/networking/cert-manager/namespace.yaml
View File

@@ -1,8 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
goldilocks.fairwinds.com/enabled: "true"

25
cluster/apps/networking/cert-manager/rbac.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cert-manager:ovh-dns-challenge
namespace: default
rules:
- apiGroups: ["${SECRET_DOMAIN}"]
resources: ["ovh"]
verbs: ["get", "watch", "list", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cert-manager:ovh-dns-challenge
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager:ovh-dns-challenge
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager
namespace: default