Cert-manager deployed

.editorconfig

@@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = false

k8s/README.md

@@ -10,6 +10,7 @@ This folder holds all the services required for my private infrastructure. Follo
 
 ```yaml
 k create ns flux
+k create ns cert-manager
 k create ns infrapuzzle
 
 ```

k8s/busybox.yaml

@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    app: busybox
+  name: busybox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: busybox
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: busybox
+    spec:
+      containers:
+      - image: busybox
+        name: busybox
+        resources: {}
+        command:
+                - "sleep"
+                - "3600"
+        stdin: true
+        tty: true

k8s/cert-manager/cert-manager.yaml

@@ -5,12 +5,16 @@ metadata:
   namespace: flux
 spec:
   releaseName: cert-manager
-  targetNamespace: infrapuzzle
+  targetNamespace: cert-manager
   chart:
     repository: https://charts.jetstack.io
     version: v0.14.1
     name: cert-manager
   values:
-    global:
+    replicaCount: 1
-      rbac:
+    webhook:
-        create: true
+      replicaCount: 1
+    podLabels:
+      app: cert-manager
+    prometheus:
+      enabled: false

k8s/cert-manager/production-issuer.yaml

@@ -0,0 +1,19 @@
+   apiVersion: cert-manager.io/v1alpha2
+   kind: Issuer
+   metadata:
+     name: letsencrypt-prod
+     namespace: cert-manager
+   spec:
+     acme:
+       # The ACME server URL
+       server: https://acme-v02.api.letsencrypt.org/directory
+       # Email address used for ACME registration
+       email: moritz@moritzgraf.de
+       # Name of a secret used to store the ACME account private key
+       privateKeySecretRef:
+         name: letsencrypt-prod
+       # Enable the HTTP-01 challenge provider
+       solvers:
+       - http01:
+           ingress:
+             class: nginx

k8s/cert-manager/staging-issuer.yaml

@@ -0,0 +1,19 @@
+   apiVersion: cert-manager.io/v1alpha2
+   kind: Issuer
+   metadata:
+     name: letsencrypt-staging
+     namespace: cert-manager
+   spec:
+     acme:
+       # The ACME server URL
+       server: https://acme-staging-v02.api.letsencrypt.org/directory
+       # Email address used for ACME registration
+       email: moritz@moritzgraf.de
+       # Name of a secret used to store the ACME account private key
+       privateKeySecretRef:
+         name: letsencrypt-staging
+       # Enable the HTTP-01 challenge provider
+       solvers:
+       - http01:
+           ingress:
+             class:  nginx

k8s/default/deployment.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kuard
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: kuard
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: kuard
+    spec:
+      containers:
+      - image: gcr.io/kuar-demo/kuard-amd64:1
+        imagePullPolicy: Always
+        name: kuard
+        ports:
+        - containerPort: 8080

k8s/default/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: kuard
+  namespace: default
+  annotations:
+    kubernetes.io/ingress.class: "nginx"    
+    cert-manager.io/issuer: "letsencrypt-staging"
+
+spec:
+  tls:
+  - hosts:
+    - kuard.haumdaucher.de
+    secretName: kuard-haumdaucher
+  rules:
+  - host: kuard.haumdaucher.de
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: kuard
+          servicePort: 80

k8s/default/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kuard
+  namespace: default
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+  selector:
+    app: kuard