feat: reorganize cert-manager to avoid crds race condition

2024-09-07 00:20:27 -04:00 · 2024-09-07 00:20:27 -04:00 · 3a8639f80d
parent 9134f887a7
commit 3a8639f80d
11 changed files with 67 additions and 6 deletions
--- a/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml
+++ b/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml
--- a/kubernetes/common/apps/cert-manager/app/files/helm-repository.yaml
+++ b/kubernetes/common/apps/cert-manager/app/files/helm-repository.yaml
--- a/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml
+++ b/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./helm-repository.yaml
+- ./helm-release.yaml
--- a/kubernetes/common/apps/cert-manager/app/ks.yaml
+++ b/kubernetes/common/apps/cert-manager/app/ks.yaml
@ -0,0 +1,25 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/common/apps/cert-manager/app/files
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
--- a/kubernetes/common/apps/cert-manager/certs/files/cloudflare-cred.sops.yaml
+++ b/kubernetes/common/apps/cert-manager/certs/files/cloudflare-cred.sops.yaml
--- a/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml
+++ b/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml
@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./cloudflare-cred.sops.yaml
+- ./letsencrypt-prod.yaml
+- ./letsencrypt-stage.yaml
+- ./wildcard-cert.yaml
--- a/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-prod.yaml
+++ b/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-prod.yaml
--- a/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-stage.yaml
+++ b/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-stage.yaml
--- a/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml
+++ b/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml
--- a/kubernetes/common/apps/cert-manager/certs/ks.yaml
+++ b/kubernetes/common/apps/cert-manager/certs/ks.yaml
@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cert-manager-certificates
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/common/apps/cert-manager/certs/files
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: cert-manager
+      namespace: flux-system
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
--- a/kubernetes/common/apps/cert-manager/kustomization.yaml
+++ b/kubernetes/common/apps/cert-manager/kustomization.yaml
@ -2,9 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./namespace.yaml
- ./cloudflare-cred.sops.yaml
- ./helm-repository.yaml
- ./helm-release.yaml
- ./letsencrypt-prod.yaml
- ./letsencrypt-stage.yaml
- ./wildcard-cert.yaml
+- ./app/ks.yaml
+- ./certs/ks.yaml