From 2abf740c55a9394a59dd593a63579b9ace4cd91d Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Sat, 7 Sep 2024 00:20:27 -0400 Subject: [PATCH] feat: reorganize cert-manager to avoid crds race condition --- .../{ => app/files}/helm-release.yaml | 0 .../{ => app/files}/helm-repository.yaml | 0 .../cert-manager/app/files/kustomization.yaml | 5 ++++ .../common/apps/cert-manager/app/ks.yaml | 25 +++++++++++++++++ .../files}/cloudflare-cred.sops.yaml | 0 .../certs/files/kustomization.yaml | 7 +++++ .../{ => certs/files}/letsencrypt-prod.yaml | 0 .../{ => certs/files}/letsencrypt-stage.yaml | 0 .../{ => certs/files}/wildcard-cert.yaml | 0 .../common/apps/cert-manager/certs/ks.yaml | 28 +++++++++++++++++++ .../apps/cert-manager/kustomization.yaml | 8 ++---- 11 files changed, 67 insertions(+), 6 deletions(-) rename kubernetes/common/apps/cert-manager/{ => app/files}/helm-release.yaml (100%) rename kubernetes/common/apps/cert-manager/{ => app/files}/helm-repository.yaml (100%) create mode 100644 kubernetes/common/apps/cert-manager/app/files/kustomization.yaml create mode 100644 kubernetes/common/apps/cert-manager/app/ks.yaml rename kubernetes/common/apps/cert-manager/{ => certs/files}/cloudflare-cred.sops.yaml (100%) create mode 100644 kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml rename kubernetes/common/apps/cert-manager/{ => certs/files}/letsencrypt-prod.yaml (100%) rename kubernetes/common/apps/cert-manager/{ => certs/files}/letsencrypt-stage.yaml (100%) rename kubernetes/common/apps/cert-manager/{ => certs/files}/wildcard-cert.yaml (100%) create mode 100644 kubernetes/common/apps/cert-manager/certs/ks.yaml diff --git a/kubernetes/common/apps/cert-manager/helm-release.yaml b/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml similarity index 100% rename from kubernetes/common/apps/cert-manager/helm-release.yaml rename to kubernetes/common/apps/cert-manager/app/files/helm-release.yaml diff --git a/kubernetes/common/apps/cert-manager/helm-repository.yaml b/kubernetes/common/apps/cert-manager/app/files/helm-repository.yaml similarity index 100% rename from kubernetes/common/apps/cert-manager/helm-repository.yaml rename to kubernetes/common/apps/cert-manager/app/files/helm-repository.yaml diff --git a/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml b/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml new file mode 100644 index 0000000..14a2c31 --- /dev/null +++ b/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./helm-repository.yaml +- ./helm-release.yaml \ No newline at end of file diff --git a/kubernetes/common/apps/cert-manager/app/ks.yaml b/kubernetes/common/apps/cert-manager/app/ks.yaml new file mode 100644 index 0000000..471dbc2 --- /dev/null +++ b/kubernetes/common/apps/cert-manager/app/ks.yaml @@ -0,0 +1,25 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/cert-manager/app/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/cert-manager/cloudflare-cred.sops.yaml b/kubernetes/common/apps/cert-manager/certs/files/cloudflare-cred.sops.yaml similarity index 100% rename from kubernetes/common/apps/cert-manager/cloudflare-cred.sops.yaml rename to kubernetes/common/apps/cert-manager/certs/files/cloudflare-cred.sops.yaml diff --git a/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml b/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml new file mode 100644 index 0000000..d721975 --- /dev/null +++ b/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./cloudflare-cred.sops.yaml +- ./letsencrypt-prod.yaml +- ./letsencrypt-stage.yaml +- ./wildcard-cert.yaml \ No newline at end of file diff --git a/kubernetes/common/apps/cert-manager/letsencrypt-prod.yaml b/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-prod.yaml similarity index 100% rename from kubernetes/common/apps/cert-manager/letsencrypt-prod.yaml rename to kubernetes/common/apps/cert-manager/certs/files/letsencrypt-prod.yaml diff --git a/kubernetes/common/apps/cert-manager/letsencrypt-stage.yaml b/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-stage.yaml similarity index 100% rename from kubernetes/common/apps/cert-manager/letsencrypt-stage.yaml rename to kubernetes/common/apps/cert-manager/certs/files/letsencrypt-stage.yaml diff --git a/kubernetes/common/apps/cert-manager/wildcard-cert.yaml b/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml similarity index 100% rename from kubernetes/common/apps/cert-manager/wildcard-cert.yaml rename to kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml diff --git a/kubernetes/common/apps/cert-manager/certs/ks.yaml b/kubernetes/common/apps/cert-manager/certs/ks.yaml new file mode 100644 index 0000000..a24d477 --- /dev/null +++ b/kubernetes/common/apps/cert-manager/certs/ks.yaml @@ -0,0 +1,28 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cert-manager-certificates + namespace: flux-system +spec: + timeout: 5m + interval: 10m + path: ./kubernetes/common/apps/cert-manager/certs/files + prune: true + sourceRef: + kind: GitRepository + name: home-cluster + decryption: + provider: sops + secretRef: + name: sops-gpg + dependsOn: + - name: cert-manager + namespace: flux-system + postBuild: + substitute: {} + substituteFrom: + - kind: ConfigMap + name: cluster-settings + - kind: Secret + name: cluster-secrets \ No newline at end of file diff --git a/kubernetes/common/apps/cert-manager/kustomization.yaml b/kubernetes/common/apps/cert-manager/kustomization.yaml index 7589521..d70fba6 100644 --- a/kubernetes/common/apps/cert-manager/kustomization.yaml +++ b/kubernetes/common/apps/cert-manager/kustomization.yaml @@ -2,9 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml -- ./cloudflare-cred.sops.yaml -- ./helm-repository.yaml -- ./helm-release.yaml -- ./letsencrypt-prod.yaml -- ./letsencrypt-stage.yaml -- ./wildcard-cert.yaml \ No newline at end of file +- ./app/ks.yaml +- ./certs/ks.yaml \ No newline at end of file