From d8ff0cdce99c04cd7b26352dc8d25e5c3af5c131 Mon Sep 17 00:00:00 2001 From: Oleksandr Berezovskyi Date: Tue, 10 Feb 2026 13:15:02 +0200 Subject: [PATCH] feat(k8s/infrasturcutre): add cert-manager --- .../cert-manager/namespace.yaml | 5 +++++ .../infrastructure/cert-manager/release.yaml | 19 ++++++++++++++++ .../cert-manager/repository.yaml | 9 ++++++++ .../secret-cloudflare.sops.yaml | 22 +++++++++++++++++++ 4 files changed, 55 insertions(+) create mode 100644 kubernetes/dev/infrastructure/cert-manager/namespace.yaml create mode 100644 kubernetes/dev/infrastructure/cert-manager/release.yaml create mode 100644 kubernetes/dev/infrastructure/cert-manager/repository.yaml create mode 100644 kubernetes/dev/infrastructure/secret-cloudflare.sops.yaml diff --git a/kubernetes/dev/infrastructure/cert-manager/namespace.yaml b/kubernetes/dev/infrastructure/cert-manager/namespace.yaml new file mode 100644 index 0000000..6bc19f4 --- /dev/null +++ b/kubernetes/dev/infrastructure/cert-manager/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager diff --git a/kubernetes/dev/infrastructure/cert-manager/release.yaml b/kubernetes/dev/infrastructure/cert-manager/release.yaml new file mode 100644 index 0000000..20158ae --- /dev/null +++ b/kubernetes/dev/infrastructure/cert-manager/release.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager + namespace: cert-manager +spec: + chart: + spec: + chart: cert-manager + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: jetstack + namespace: flux-system + interval: 1m0s + values: + crds: + enabled: true diff --git a/kubernetes/dev/infrastructure/cert-manager/repository.yaml b/kubernetes/dev/infrastructure/cert-manager/repository.yaml new file mode 100644 index 0000000..282d5dd --- /dev/null +++ b/kubernetes/dev/infrastructure/cert-manager/repository.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: jetstack + namespace: flux-system +spec: + interval: 1m0s + url: https://charts.jetstack.io diff --git a/kubernetes/dev/infrastructure/secret-cloudflare.sops.yaml b/kubernetes/dev/infrastructure/secret-cloudflare.sops.yaml new file mode 100644 index 0000000..8e975ef --- /dev/null +++ b/kubernetes/dev/infrastructure/secret-cloudflare.sops.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-token + namespace: cert-manager +stringData: + api-token: ENC[AES256_GCM,data:q7pulR1T7uF0iZn9kSu7PMon3Nj5wsLDDrL+FLChuo65oiTkp3nOAQ==,iv:WncCihEL6jsuU6Yo6SUO0yxsudUw4NUk24SlUctVnZw=,tag:b7hh9nfVxt4pQ4Z0h8KT5A==,type:str] +sops: + age: + - recipient: age1zffnskvuezntkk703a0pyxsd5m8vx2hm33dr47wdfy8mn4fdw4sqgw0jgc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNm5BVXpUeXBsN2VLWDVk + em9ET3VVMUJaQVY2RzlZMEpaUFJBaGs4YWdzCjFrYm5DQ2VGeGJ0WHdnODk5VWJF + RnNleGhPT245c2dhckVnbTVwWFBjNWcKLS0tIEh5cnZiSTF5aWpham14MmliSXEy + VEo5L25DNDF0c0hjYUxTek43ckxVRkEKmo/PLZTn8YtcWjFzDlwpUn7Y+Jyde0Cl + z/mzEJDhjX2ozdLTQdZog8d0PVnzQ8DY47NumyIItYWyiDHDBfEm5g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-10T11:32:15Z" + mac: ENC[AES256_GCM,data:lgpjt+lAkz61ZubY4Gno//ZZmeigVCyMC8yt8+EdQHCCJhGjSnaWKpHuj6sa0df14nw2koTC8sPXP8Y2G+5ikJNBLGcJhl9ZR7cEG5tKjMUy367xamPKzRwDpv1U/OCEdpT4G6uDPWx5J3I8EfyYwC+NQpTgluJNjjnfX/ocGX0=,iv:bV0rECMs8wG10eCKxVU9WGVUDKc/XxS00YWvm4XTraw=,tag:uv1LpRXLJw882VfTBJ/a1Q==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.11.0