From a7cf18563d2d16add4ed2efc498b36165a6996cd Mon Sep 17 00:00:00 2001
From: Ultradesu <ultradesu@hexor.cy>
Date: Sun, 6 Apr 2025 00:37:15 +0100
Subject: [PATCH] Added cert-manager

---
 .../external-secrets.yaml}                    | 51 -------------------
 k8s/core/cert-manager/issuer.yaml             | 39 ++++++++++++++
 k8s/core/cert-manager/kustomization.yaml      | 16 ++++++
 k8s/core/cert-manager/values.yaml             |  2 +
 k8s/state/core/cert-manager.yaml              | 21 ++++++++
 5 files changed, 78 insertions(+), 51 deletions(-)
 rename k8s/core/{cert-manager.yaml => cert-manager/external-secrets.yaml} (51%)
 create mode 100644 k8s/core/cert-manager/issuer.yaml
 create mode 100644 k8s/core/cert-manager/kustomization.yaml
 create mode 100644 k8s/core/cert-manager/values.yaml
 create mode 100644 k8s/state/core/cert-manager.yaml

diff --git a/k8s/core/cert-manager.yaml b/k8s/core/cert-manager/external-secrets.yaml
similarity index 51%
rename from k8s/core/cert-manager.yaml
rename to k8s/core/cert-manager/external-secrets.yaml
index d0e60d0..ee97c19 100644
--- a/k8s/core/cert-manager.yaml
+++ b/k8s/core/cert-manager/external-secrets.yaml
@@ -1,16 +1,3 @@
-apiVersion: helm.cattle.io/v1
-kind: HelmChart
-metadata:
-  name: cert-manager
-  namespace: kube-system
-spec:
-  repo: https://charts.jetstack.io
-  chart: cert-manager
-  targetNamespace: cert-manager
-  createNamespace: true
-  valuesContent: |-
-    crds:
-      enabled: true
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
@@ -69,41 +56,3 @@ spec:
       remoteRef:
         key: 144f9aa9-d6bd-4272-bfc9-ce8ba6f4a515
         property: fields[1].value
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: k8s-master@hexor.cy
-    privateKeySecretRef:
-      name: tls-secret
-    solvers:
-      - dns01:
-          cloudflare:
-            email: ultradesu@hexor.ru
-            apiKeySecretRef:
-              name: cloudflare-api-key-secret
-              key: apiKey
-        selector:
-          dnsZones:
-            - "*.hexor.cy"
-            - "*.hexor.ru"
-            - "*.btwiusearch.net"
-            - "hexor.ru"
-            - "hexor.cy"
-            - "btwiusearch.net"
-      - dns01:
-          route53:
-            region: eu-north-1
-            accessKeyIDSecretRef:
-              name: aws-api-key-secret
-              key: accessKey
-            secretAccessKeySecretRef:
-              name: aws-api-key-secret
-              key: secretKey
-        selector:
-          dnsZones:
-            - "of.hexor.cy"
diff --git a/k8s/core/cert-manager/issuer.yaml b/k8s/core/cert-manager/issuer.yaml
new file mode 100644
index 0000000..024b1ea
--- /dev/null
+++ b/k8s/core/cert-manager/issuer.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: k8s-master@hexor.cy
+    privateKeySecretRef:
+      name: tls-secret
+    solvers:
+      - dns01:
+          cloudflare:
+            email: ultradesu@hexor.ru
+            apiKeySecretRef:
+              name: cloudflare-api-key-secret
+              key: apiKey
+        selector:
+          dnsZones:
+            - "*.hexor.cy"
+            - "*.hexor.ru"
+            - "*.btwiusearch.net"
+            - "hexor.ru"
+            - "hexor.cy"
+            - "btwiusearch.net"
+      - dns01:
+          route53:
+            region: eu-north-1
+            accessKeyIDSecretRef:
+              name: aws-api-key-secret
+              key: accessKey
+            secretAccessKeySecretRef:
+              name: aws-api-key-secret
+              key: secretKey
+        selector:
+          dnsZones:
+            - "of.hexor.cy"
+
diff --git a/k8s/core/cert-manager/kustomization.yaml b/k8s/core/cert-manager/kustomization.yaml
new file mode 100644
index 0000000..892164f
--- /dev/null
+++ b/k8s/core/cert-manager/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - external-secrets.yaml
+  - issuer.yaml
+
+helmCharts:
+  - name: cert-manager
+    repo: https://charts.jetstack.io
+    version: 1.17.1
+    releaseName: cert-manager
+    namespace: cert-manager
+    valuesFile: values.yaml
+    includeCRDs: true
+
diff --git a/k8s/core/cert-manager/values.yaml b/k8s/core/cert-manager/values.yaml
new file mode 100644
index 0000000..c526c4b
--- /dev/null
+++ b/k8s/core/cert-manager/values.yaml
@@ -0,0 +1,2 @@
+crds:
+  enabled: true
diff --git a/k8s/state/core/cert-manager.yaml b/k8s/state/core/cert-manager.yaml
new file mode 100644
index 0000000..78ab4c4
--- /dev/null
+++ b/k8s/state/core/cert-manager.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argocd
+spec:
+  project: homelab
+  destination:
+    namespace: cert-manager
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/core/cert-manager
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
+