From e2bbd852e1a5f75611434071848ea5773531e625 Mon Sep 17 00:00:00 2001 From: nold Date: Mon, 21 Nov 2022 21:32:38 +0100 Subject: [PATCH] fix(cert-manager): ACME solver set to DNS --- projects/core/project.yml | 27 +++++++++++++------------- projects/woodpecker/project.yml | 8 ++++++++ resources/manifests/clusterissuer.yaml | 26 +++++++++++++++---------- 3 files changed, 38 insertions(+), 23 deletions(-) diff --git a/projects/core/project.yml b/projects/core/project.yml index 822f9675..4e27b5b2 100644 --- a/projects/core/project.yml +++ b/projects/core/project.yml @@ -35,19 +35,6 @@ apps: targetRevision: 0.13.4 syncWave: '0' -- name: cert-manager - namespace: cert-manager - repoURL: https://charts.jetstack.io - chart: cert-manager - targetRevision: v1.10.0 - parameters: - - name: installCRDs - value: 'true' - secrets: - - name: cert-manager-vault-approle - keys: - - secretId - - name: ingress-internal namespace: ingress-internal repoURL: https://helm.traefik.io/traefik @@ -69,3 +56,17 @@ apps: - name: cloudflare-api keys: - CF_API_TOKEN + +- name: cert-manager + namespace: cert-manager + repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.10.0 + secrets: + - name: cert-manager-vault-approle + keys: + - secretId + - name: cloudflare-api + fromApp: external-dns + keys: + - CF_API_TOKEN diff --git a/projects/woodpecker/project.yml b/projects/woodpecker/project.yml index 8be32dc1..b172f960 100644 --- a/projects/woodpecker/project.yml +++ b/projects/woodpecker/project.yml @@ -3,6 +3,14 @@ config: repoURL: https://woodpecker-ci.org targetRevision: v0.15.5 + networkPolicy: + groups: + - internet + + labels: + environment: external + + apps: - name: woodpecker-server chart: woodpecker-server diff --git a/resources/manifests/clusterissuer.yaml b/resources/manifests/clusterissuer.yaml index 303d8942..ef99b373 100644 --- a/resources/manifests/clusterissuer.yaml +++ b/resources/manifests/clusterissuer.yaml @@ -16,13 +16,19 @@ spec: name: issuer-account-key # Add a single challenge solver, HTTP01 using nginx solvers: - - http01: - ingress: - class: ingress-external-traefik - ingressTemplate: - metadata: - labels: - environment: external - annotations: - traefik.ingress.kubernetes.io/frontend-entry-points: "web" - kubernetes.io/ingress.class: ingress-external + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api + key: CF_API_TOKEN + + #- http01: + # ingress: + # class: ingress-external-traefik + # ingressTemplate: + # metadata: + # labels: + # environment: external + # annotations: + # traefik.ingress.kubernetes.io/frontend-entry-points: "web" + # kubernetes.io/ingress.class: ingress-external