add cert-manager

2024-02-08 13:21:35 -08:00 · 2024-02-08 13:21:35 -08:00 · ccd455a83b
parent 9b0ce69488
commit ccd455a83b
5 changed files with 58 additions and 2 deletions
--- a/.woodpecker/.deploy.yaml
+++ b/.woodpecker/.deploy.yaml
@ -27,9 +27,22 @@ steps:
    image: *kube
    commands:
      - *config
-      - helm repo add woodpecker https://woodpecker-ci.org/
+      - helm repo add woodpecker https://woodpecker-ci.org
+      - helm repo update
      - helm upgrade --install woodpecker woodpecker/woodpecker --version 1.1.1 --values woodpecker/values.yaml --namespace ci --atomic
    when:
      - path: 'woodpecker/values.yaml'
      - path: '.woodpecker/.deploy.yaml'
    secrets: [KUBEAUTH]
+
+  - name: cert-manager
+    image: *kube
+    commands:
+      - *config
+      - helm repo add jetstack https://charts.jetstack.io
+      - helm repo update
+      - helm upgrade --install cert-manager jetstack/cert-manager --version v1.14.2 --values cert-manager/values.yaml --namespace cert-manager --atomic
+    when:
+      - path: 'cert-manager/values.yaml'
+      - path: '.woodpecker/.deploy.yaml'
+    secrets: [KUBEAUTH]
--- a/cert-manager/letsencrypt-prod.yaml
+++ b/cert-manager/letsencrypt-prod.yaml
@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    email: git@garbage.world
+    server: https://acme-v02.api.letsencrypt.org/directory
+    preferredChain: "ISRG Root X1"
+    privateKeySecretRef:
+      name: prod-issuer-account-key
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
--- a/cert-manager/letsencrypt-staging.yaml
+++ b/cert-manager/letsencrypt-staging.yaml
@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    email: git@garbage.world
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    preferredChain: "ISRG Root X1"
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: staging-issuer-account-key
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
--- a/cert-manager/values.yaml
+++ b/cert-manager/values.yaml
@ -0,0 +1,4 @@
+installCRDs: true
+
+prometheus:
+  enabled: false
--- a/renovate.json
+++ b/renovate.json
@ -14,11 +14,17 @@
    }
  ],
  "packageRules": [
+    {
+      "matchDatasources": ["helm"],
+      "matchManagers": ["custom.regex"],
+      "matchPackageNames": ["cert-manager"],
+      "registryUrls": ["https://charts.jetstack.io"]
+    },
    {
      "matchDatasources": ["helm"],
      "matchManagers": ["custom.regex"],
      "matchPackageNames": ["woodpecker"],
      "registryUrls": ["https://woodpecker-ci.org"]
-    },
+    }
  ]
 }