gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
home-server/clusters/noble/bootstrap/cert-manager
History
Nikholas Pcenicni 0f88a33216 Remove deprecated Argo CD application configurations for various components including cert-manager, Cilium, CSI snapshot controllers, kube-vip, and others. Update README.md to reflect the current state of leaf applications and clarify optional components. Adjust kustomization files to streamline resource management for bootstrap workloads.
2026-04-01 02:13:15 -04:00
..
clusterissuer-letsencrypt-prod.yaml
Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.
2026-03-28 17:02:50 -04:00
clusterissuer-letsencrypt-staging.yaml
Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.
2026-03-28 17:02:50 -04:00
kustomization.yaml
Remove deprecated Argo CD application configurations for various components including cert-manager, Cilium, CSI snapshot controllers, kube-vip, and others. Update README.md to reflect the current state of leaf applications and clarify optional components. Adjust kustomization files to streamline resource management for bootstrap workloads.
2026-04-01 02:13:15 -04:00
namespace.yaml
Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.
2026-03-28 17:02:50 -04:00
README.md
Refactor noble cluster configurations to transition from the deprecated apps structure to a streamlined bootstrap approach. Update paths in various YAML files and README documentation to reflect the new organization under clusters/noble/bootstrap. This change enhances clarity and consistency across the deployment process, ensuring that all components are correctly referenced and documented for user guidance.
2026-03-28 17:03:15 -04:00
values.yaml
Refactor noble cluster configurations to transition from the deprecated apps structure to a streamlined bootstrap approach. Update paths in various YAML files and README documentation to reflect the new organization under clusters/noble/bootstrap. This change enhances clarity and consistency across the deployment process, ensuring that all components are correctly referenced and documented for user guidance.
2026-03-28 17:03:15 -04:00

README.md

cert-manager — noble

Prerequisites: Traefik (ingress class traefik), DNS for *.apps.noble.lab.pcenicni.dev → Traefik LB for app traffic.

ACME (Lets Encrypt) uses DNS-01 via Cloudflare for zone pcenicni.dev. Create an API token with Zone → DNS → Edit and Zone → Zone → Read (or use the “Edit zone DNS” template), then:

Option A — Ansible: copy .env.sample to .env in the repo root, set CLOUDFLARE_DNS_API_TOKEN, run ansible/playbooks/noble.yml (or deploy.yml). The cert-manager role creates cloudflare-dns-api-token from .env after the chart installs.

Option B — kubectl:

kubectl -n cert-manager create secret generic cloudflare-dns-api-token \
  --from-literal=api-token='YOUR_CLOUDFLARE_API_TOKEN' \
  --dry-run=client -o yaml | kubectl apply -f -

Without this Secret, ClusterIssuer will not complete certificate orders.

  1. Create the namespace:

    kubectl apply -f clusters/noble/bootstrap/cert-manager/namespace.yaml

  2. Install the chart (CRDs included via values.yaml):

    helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade --install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v1.20.0 \
  -f clusters/noble/bootstrap/cert-manager/values.yaml \
  --wait

  3. Optionally edit spec.acme.email in both ClusterIssuer manifests (default certificates@noble.lab.pcenicni.dev) — Lets Encrypt uses this for expiry and account notices. Do not use example.com (ACME rejects it).

  4. Apply ClusterIssuers (staging then prod, or both):

    kubectl apply -k clusters/noble/bootstrap/cert-manager

  5. Confirm:

    kubectl get clusterissuer

Use cert-manager.io/cluster-issuer: letsencrypt-staging on Ingresses while testing; switch to letsencrypt-prod when ready.

HTTP-01 is not configured: if the hostname is proxied (orange cloud) in Cloudflare, Lets Encrypt may hit Cloudflares edge and get 404 for /.well-known/acme-challenge/. DNS-01 avoids that.

Reference in New Issue View Git Blame Copy Permalink