apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: name: cert-manager namespace: kube-system spec: repo: https://charts.jetstack.io chart: cert-manager targetNamespace: cert-manager createNamespace: true valuesContent: |- crds: enabled: true --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: cloudflare-creds namespace: cert-manager spec: target: name: cloudflare-api-key-secret deletionPolicy: Delete template: type: Opaque data: apiKey: |- {{ .apiKey }} data: - secretKey: apiKey sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 8ae1dcb1-1182-48a1-8733-ca1144ea754b property: fields[0].value --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: aws-creds namespace: cert-manager spec: target: name: aws-api-key-secret deletionPolicy: Delete template: type: Opaque data: accessKey: |- {{ .accessKey }} secretKey: |- {{ .secretKey }} data: - secretKey: accessKey sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 144f9aa9-d6bd-4272-bfc9-ce8ba6f4a515 property: fields[0].value - secretKey: secretKey sourceRef: storeRef: name: vaultwarden-login kind: ClusterSecretStore remoteRef: key: 144f9aa9-d6bd-4272-bfc9-ce8ba6f4a515 property: fields[1].value --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: k8s-master@hexor.cy privateKeySecretRef: name: tls-secret solvers: - dns01: cloudflare: email: ultradesu@hexor.ru apiKeySecretRef: name: cloudflare-api-key-secret key: apiKey selector: dnsZones: - "*.hexor.cy" - "*.hexor.ru" - "*.btwiusearch.net" - "hexor.ru" - "hexor.cy" - "btwiusearch.net" - dns01: route53: region: eu-north-1 accessKeyIDSecretRef: name: aws-api-key-secret key: accessKey secretAccessKeySecretRef: name: aws-api-key-secret key: secretKey selector: dnsZones: - "of.hexor.cy"