Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
{{ if .Values.certmanager.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .Values.cluster.name }}-certmanager
labels:
cluster: {{ .Values.cluster.name | quote }}
app: certmanager
namespace: {{ .Values.cluster.namespace | default "argocd" | quote }}
annotations:
{{- toYaml .Values.notifications | nindent 4 }}
spec:
project: {{ .Values.cluster.name }}
destination:
server: {{ .Values.cluster.url }}
namespace: certmanager
syncPolicy:
{{- if .Values.sync }}
automated:
prune: true
selfHeal: true
allowEmpty: false
{{- end }}
syncOptions:
- CreateNamespace=true
managedNamespaceMetadata:
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/warn: privileged
source:
repoURL: https://charts.jetstack.io
chart: certmanager
targetRevision: {{ .Values.certmanager.version | quote }}
helm:
version: v3
releaseName: certmanager
values: |
ingressShim:
defaultIssuerKind: ClusterIssuer
defaultIssuerName: letsencrypt-prod
installCRDs: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ .Values.cluster.name }}-certmanager-issuer
labels:
cluster: {{ .Values.cluster.name | quote }}
app: certmanager-issuer
namespace: {{ .Values.cluster.namespace | default "argocd" | quote }}
annotations:
{{- toYaml .Values.notifications | nindent 4 }}
spec:
project: {{ .Values.cluster.name }}
destination:
server: {{ .Values.cluster.url }}
namespace: certmanager
syncPolicy:
{{- if .Values.sync }}
automated:
prune: true
selfHeal: true
allowEmpty: false
{{- end }}
source:
repoURL: https://bedag.github.io/helm-charts/
chart: raw
targetRevision: {{ .Values.raw.version | quote }}
helm:
version: v3
releaseName: raw
values: |
resources:
- apiVersion: certmanager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: {{ .Values.certmanager.email }}
privateKeySecretRef:
name: letsencrypt-prod-account
solvers:
- http01:
ingress:
ingressClassName: {{ .Values.certmanager.class | default .Values.ingresscontroller.class }}
class: {{ .Values.certmanager.class | default .Values.ingresscontroller.class }}
- apiVersion: certmanager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: {{ .Values.certmanager.email }}
privateKeySecretRef:
name: letsencrypt-staging-account
solvers:
- http01:
ingress:
ingressClassName: {{ .Values.certmanager.class | default .Values.ingresscontroller.class }}
class: {{ .Values.certmanager.class | default .Values.ingresscontroller.class }}
{{- end }}