feat: move cert-manager to common, add it to thin cluster

kubernetes/common/apps/cert-manager/letsencrypt-prod.yaml

@@ -10,9 +10,6 @@ spec:
     privateKeySecretRef:
       name: letsencrypt-production
     solvers:
-#      - http01:
-#          ingress:
-#            class: traefik
       - dns01:
           cloudflare:
             email: "${SECRET_MY_EMAIL}"

kubernetes/common/apps/cert-manager/letsencrypt-stage.yaml

@@ -10,9 +10,6 @@ spec:
     privateKeySecretRef:
       name: letsencrypt-staging
     solvers:
-#      - http01:
-#          ingress:
-#            class: traefik
       - dns01:
           cloudflare:
             email: "${SECRET_MY_EMAIL}"

kubernetes/common/apps/cert-manager/wildcard-cert.yaml

@@ -2,14 +2,10 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: wildcard-main-cert
-  namespace: traefik #cert-manager
+  namespace: traefik
 spec:
   secretName: wildcard-main-tls
 
-#  secretTemplate:
-#    annotations:
-#      replicator.v1.mittwald.de/replicate-to: "traefik"
-
   duration: 2160h # 90d
   renewBefore: 360h # 15d
 
@@ -19,7 +15,4 @@ spec:
 
   dnsNames:
     - "${SECRET_NEW_DOMAIN}"
-    - "*.${SECRET_NEW_DOMAIN}"
-#    - "*.k3s.${SECRET_NEW_DOMAIN}"
-#    - "*.database.${SECRET_NEW_DOMAIN}"
-#    - "*.s3.${SECRET_NEW_DOMAIN}"
+    - "*.${SECRET_NEW_DOMAIN}"

kubernetes/main/core/kustomization.yaml

@@ -3,7 +3,7 @@ kind: Kustomization
 resources:
 - ./kube-system
 - ./helm-repositories.yaml
-- ./cert-manager
+- ../../common/apps/cert-manager
 - ../../common/apps/metallb
 - ../../common/apps/traefik/ks.yaml
 # storage

kubernetes/thin/apps/kustomization.yaml

@@ -2,14 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./helm-repositories.yaml
-#- ../../common/apps/metallb
 - ./main-ip-pool.yaml
+- ../../common/apps/cert-manager
 - ../../common/apps/traefik/ks.yaml
 # storage
-#- ./longhorn
 #- ../../common/apps/openebs
 
-#- ./kube-replicator
-
 - ../../common/apps/nfd/ks.yaml
 - ../../common/apps/intel-gpu/ks.yaml