git/homelab_gitops
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: add hetzner-webhook and clusterissuer

Browse source
This commit is contained in:
Patryk Hegenberg 2025-05-25 13:07:25 +02:00
parent e644b3e433
commit 6cacf38b2e
7 changed files with 133 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cert-manager-webhook-hetzner
namespace: cert-manager
spec:
interval: 15m
chart:
spec:
chart: cert-manager-webhook-hetzner
version: 1.3.3
sourceRef:
kind: HelmRepository
name: vadimkim-cert-manager-webhook-hetzner
namespace: flux-system
values:
groupName: patanix.de

8
infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: vadimkim-cert-manager-webhook-hetzner
namespace: flux-system
spec:
interval: 30m
url: https://vadimkim.github.io/cert-manager-webhook-hetzner

6
infrastructure/cert-manager-webhook-hetzner/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrepository.yaml
- helmrelease.yaml

1
infrastructure/cert-manager/kustomization.yaml
View file

@ -5,3 +5,4 @@ resources:
- helmrepository.yaml
- helmrelease.yaml
- configmap-values.yaml
- letsencrypt-clusterissuer.yaml

20
infrastructure/cert-manager/letsencrypt-clusterissuer.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-dns
spec:
acme:
email: patryk-hegenberg@outlook.de
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-dns-key
solvers:
- dns01:
webhook:
groupName: patanix.de
solverName: hetzner
config:
apiTokenSecretRef:
name: hetzner-dns-api-token
key: token

1
infrastructure/kustomization.yaml
View file

@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cert-manager/
- cert-manager-webhook-hetzner/
# - monitoring/

79
notes/cert-manager-webhook.md Normal file
View file

@ -0,0 +1,79 @@
# Schritt: cert-manager-webhook-hetzner (vadimkim) und ClusterIssuer
## 1. HelmRepository für Webhook anlegen
```bash
cat <<EOF > infrastructure/cert-manager-webhook-hetzner/helmrepository.yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: vadimkim-cert-manager-webhook-hetzner
namespace: flux-system
spec:
interval: 30m
url: https://vadimkim.github.io/cert-manager-webhook-hetzner
EOF
```
## 2. HelmRelease für Webhook anlegen
```bash
cat <<EOF > infrastructure/cert-manager-webhook-hetzner/helmrelease.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: cert-manager-webhook-hetzner
namespace: cert-manager
spec:
interval: 15m
chart:
spec:
chart: cert-manager-webhook-hetzner
version: 2.9.0
sourceRef:
kind: HelmRepository
name: vadimkim-cert-manager-webhook-hetzner
namespace: flux-system
values:
groupName: patanix.de
EOF
```
## 3. ClusterIssuer anlegen
```bash
cat <<EOF > infrastructure/cert-manager/letsencrypt-clusterissuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-dns
spec:
acme:
email: patryk-hegenberg@outlook.de
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-dns-key
solvers:
- dns01:
webhook:
groupName: patanix.de
solverName: hetzner
config:
apiTokenSecretRef:
name: hetzner-dns-api-token
key: token
EOF
```
## 4. Dateien ins Git-Repo legen und pushen
```bash
git add infrastructure/cert-manager-webhook-hetzner/*
git add infrastructure/cert-manager/letsencrypt-clusterissuer.yaml
git commit -m "Add vadimkim cert-manager-webhook-hetzner and ClusterIssuer for patanix.de"
git push origin main
```
## 5. Flux synchronisieren und prüfen
```bash
flux reconcile source git flux-system
flux get helmreleases -A
kubectl get pods -n cert-manager
kubectl get clusterissuer
```