From 3186dcb16f1905a07baddb1d574b634fa6d87f0b Mon Sep 17 00:00:00 2001 From: Marco van Zijl Date: Sat, 8 Nov 2025 16:31:23 +0100 Subject: [PATCH] Add initial configuration files for cert-manager including Chart, application, and values --- apps/cert-manager/Chart.yaml | 7 +++ apps/cert-manager/application.yaml | 31 +++++++++++ apps/cert-manager/values.yaml | 87 ++++++++++++++++++++++++++++++ 3 files changed, 125 insertions(+) create mode 100644 apps/cert-manager/Chart.yaml create mode 100644 apps/cert-manager/application.yaml create mode 100644 apps/cert-manager/values.yaml diff --git a/apps/cert-manager/Chart.yaml b/apps/cert-manager/Chart.yaml new file mode 100644 index 0000000..6baf5e1 --- /dev/null +++ b/apps/cert-manager/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: cert-manager +version: 1.0.0 +dependencies: + - name: cert-manager + version: v1.19.1 + repository: oci://quay.io/jetstack/charts/cert-manager diff --git a/apps/cert-manager/application.yaml b/apps/cert-manager/application.yaml new file mode 100644 index 0000000..21387e7 --- /dev/null +++ b/apps/cert-manager/application.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://git.mvzijl.nl/marco/veda.git + targetRevision: applicationset-rewrite + path: apps/cert-manager + helm: + releaseName: cert-manager + valueFiles: + - values.yaml + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - PruneLast=true + - PrunePropagationPolicy=foreground + - ServerSideApply=true diff --git a/apps/cert-manager/values.yaml b/apps/cert-manager/values.yaml new file mode 100644 index 0000000..57678f3 --- /dev/null +++ b/apps/cert-manager/values.yaml @@ -0,0 +1,87 @@ +cert-manager: + + installCRDs: true + + global: + leaderElection: + namespace: cert-manager + + prometheus: + enabled: true + + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 128Mi + + webhook: + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 128Mi + + cainjector: + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 128Mi + +extraObjects: + - apiVersion: cert-manager.io/v1 + kind: ClusterIssuer + metadata: + name: selfsigned-issuer + spec: + selfSigned: {} + + # CA Certificate (acts as root CA) + - apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: selfsigned-ca + namespace: cert-manager + spec: + isCA: true + commonName: noxxos.nl + secretName: selfsigned-ca-secret + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: selfsigned-issuer + kind: ClusterIssuer + + # CA ClusterIssuer (uses the CA cert above) + - apiVersion: cert-manager.io/v1 + kind: ClusterIssuer + metadata: + name: ca-issuer + spec: + ca: + secretName: selfsigned-ca-secret + + # Wildcard certificate for *.noxxos.nl + - apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + name: wildcard-noxxos-nl + namespace: cert-manager + spec: + secretName: wildcard-noxxos-nl-tls + issuerRef: + name: ca-issuer + kind: ClusterIssuer + dnsNames: + - "*.noxxos.nl" + - "noxxos.nl" + duration: 2160h # 90 days + renewBefore: 360h # 15 days