diff --git a/clusters/yc-k8s-test/infrastructure/kustomization.yaml b/clusters/yc-k8s-test/infrastructure/kustomization.yaml index 7bc5d3a..6072c04 100644 --- a/clusters/yc-k8s-test/infrastructure/kustomization.yaml +++ b/clusters/yc-k8s-test/infrastructure/kustomization.yaml @@ -44,4 +44,16 @@ patches: version: v1 kind: Certificate name: dashboard-tls - namespace: kubernetes-dashboard + namespace: kubernetes-dashboard + - path: ./patches/clusterissuer-letsencrypt.yaml + target: + group: cert-manager.io + version: v1 + kind: ClusterIssuer + name: letsencrypt-issuer + - path: ./patches/clusterissuer-letsencrypt-istio.yaml + target: + group: cert-manager.io + version: v1 + kind: ClusterIssuer + name: letsencrypt-issuer-istio diff --git a/clusters/yc-k8s-test/infrastructure/patches/clusterissuer-letsencrypt-istio.yaml b/clusters/yc-k8s-test/infrastructure/patches/clusterissuer-letsencrypt-istio.yaml new file mode 100644 index 0000000..c1bf6f6 --- /dev/null +++ b/clusters/yc-k8s-test/infrastructure/patches/clusterissuer-letsencrypt-istio.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-issuer-istio +spec: + acme: + email: "pavel@sarex.io" + privateKeySecretRef: + name: letsencrypt-secret-key + server: "https://acme-v02.api.letsencrypt.org/directory" + solvers: + - http01: + ingress: + class: istio diff --git a/clusters/yc-k8s-test/infrastructure/patches/clusterissuer-letsencrypt.yaml b/clusters/yc-k8s-test/infrastructure/patches/clusterissuer-letsencrypt.yaml new file mode 100644 index 0000000..60c3cdf --- /dev/null +++ b/clusters/yc-k8s-test/infrastructure/patches/clusterissuer-letsencrypt.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-issuer +spec: + acme: + email: "pavel@sarex.io" + privateKeySecretRef: + name: letsencrypt-secret-key + server: "https://acme-v02.api.letsencrypt.org/directory" + solvers: + - http01: + ingress: + class: nginx diff --git a/infrastructure/cert-manager/base/clusterissuer-letsencrypt-istio.yaml b/infrastructure/cert-manager/base/clusterissuer-letsencrypt-istio.yaml new file mode 100644 index 0000000..ab838fe --- /dev/null +++ b/infrastructure/cert-manager/base/clusterissuer-letsencrypt-istio.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-issuer-istio +spec: + acme: + email: "devnull@example.com" + privateKeySecretRef: + name: letsencrypt-secret-key + server: "https://acme-v02.api.letsencrypt.org/directory" + solvers: + - http01: + ingress: + class: istio diff --git a/infrastructure/cert-manager/base/clusterissuer-letsencrypt.yaml b/infrastructure/cert-manager/base/clusterissuer-letsencrypt.yaml new file mode 100644 index 0000000..d26ec71 --- /dev/null +++ b/infrastructure/cert-manager/base/clusterissuer-letsencrypt.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-issuer +spec: + acme: + email: "devnull@example.com" + privateKeySecretRef: + name: letsencrypt-secret-key + server: "https://acme-v02.api.letsencrypt.org/directory" + solvers: + - http01: + ingress: + class: nginx diff --git a/infrastructure/cert-manager/base/helmrelease.yaml b/infrastructure/cert-manager/base/helmrelease.yaml index 190beb7..bc48676 100644 --- a/infrastructure/cert-manager/base/helmrelease.yaml +++ b/infrastructure/cert-manager/base/helmrelease.yaml @@ -21,6 +21,9 @@ spec: remediation: retries: 3 values: + clusterIssuer: + letsencrypt_issuer: null + letsencrypt_issuer_istio: null crds: enabled: true extraPodMonitors: [] diff --git a/infrastructure/cert-manager/base/kustomization.yaml b/infrastructure/cert-manager/base/kustomization.yaml index 69a5e51..4e6bfce 100644 --- a/infrastructure/cert-manager/base/kustomization.yaml +++ b/infrastructure/cert-manager/base/kustomization.yaml @@ -3,4 +3,6 @@ kind: Kustomization namespace: cert-manager resources: - namespace.yaml - - helmrelease.yaml \ No newline at end of file + - helmrelease.yaml + - clusterissuer-letsencrypt.yaml + - clusterissuer-letsencrypt-istio.yaml