added cert manager

2025-06-29 21:05:35 +02:00
parent 268a82fea2
commit 22369b4f02
7 changed files with 70 additions and 4 deletions
--- a/manifests/certmanager/issuer-secret.yaml
+++ b/manifests/certmanager/issuer-secret.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token-secret
+  namespace: cert-manager
+type: Opaque
+stringData:
+  api-token: <API TOKEN>
--- a/manifests/certmanager/issuer.yaml
+++ b/manifests/certmanager/issuer.yaml
@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-clusterissuer
+spec:
+  acme:
+    email: kevin@nixit.it
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-clusterissuer-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
--- a/manifests/certmanager/values.yaml
+++ b/manifests/certmanager/values.yaml
@ -0,0 +1,5 @@
+crds:
+  enabled: true
+extraArgs:
+  - --dns01-recursive-nameservers-only
+  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
--- a/manifests/longhorn/certificate.yaml
+++ b/manifests/longhorn/certificate.yaml
@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: longhorn-ssl-certificate
+  namespace: longhorn-system
+spec:
+  # Secret names are always required.
+  secretName: longhorn-ssl-certificate
+  issuerRef:
+    name: cloudflare-clusterissuer
+    kind: ClusterIssuer
+  dnsNames:
+    - longhorn.nixit.it
--- a/manifests/longhorn/longhorn-ingress.yaml
+++ b/manifests/longhorn/longhorn-ingress.yaml
@ -6,6 +6,10 @@ metadata:
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
+  tls:
+    - hosts:
+      - longhorn.nixit.it
+      secretName: longhorn-ssl-certificate
  rules:
    - host: longhorn.nixit.it
      http: