install tekton and external-secrets

soerenschneider · soerenschneider · commit f45e230fcaef · 2024-12-06T20:44:08.000+01:00
diff --git a/clusters/svc.dd.soeren.cloud/infra/cert-manager/clusterissuer.yaml b/clusters/svc.dd.soeren.cloud/infra/cert-manager/clusterissuer.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dns-prod
+  namespace: cert-manager
+spec:
+  acme:
+    email: letsencrypt@soerensoerensen.de
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-account-key-route53
+    solvers:
+      - selector:
+          dnsZones:
+            - "svc.dd.soeren.cloud"
+        dns01:
+          route53:
+            region: us-east-1
+            hostedZoneID: "Z04750743ET6H1ZBQ5JJT"
+            accessKeyIDSecretRef:
+              name: route53-credentials
+              key: access-key-id
+            secretAccessKeySecretRef:
+              name: route53-credentials
+              key: access-key-secret
diff --git a/clusters/svc.dd.soeren.cloud/infra/cert-manager/kustomization.yaml b/clusters/svc.dd.soeren.cloud/infra/cert-manager/kustomization.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../infra/cert-manager
+  - clusterissuer.yaml
+  - external-secret-cert-manager.yaml
+namespace: cert-manager
+patches:
+  - target:
+      kind: Deployment
+      name: cert-manager
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/args/-
+        value: "--dns01-recursive-nameservers-only"
+      - op: add
+        path: /spec/template/spec/containers/0/args/-
+        value: "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53"
diff --git a/clusters/svc.dd.soeren.cloud/infra/external-secrets/kustomization.yaml b/clusters/svc.dd.soeren.cloud/infra/external-secrets/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../infra/external-secrets
+  - vault.yaml
+components:
+  - ../../../../infra/external-secrets/components/resources
diff --git a/clusters/svc.dd.soeren.cloud/infra/external-secrets/vault.yaml b/clusters/svc.dd.soeren.cloud/infra/external-secrets/vault.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ClusterSecretStore"
+metadata:
+  name: "vault"
+  namespace: "external-secrets"
+spec:
+  provider:
+    vault:
+      server: "https://vault.ha.soeren.cloud"
+      path: "secret"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "svc.dd.soeren.cloud"
+          role: "external-secrets"
diff --git a/clusters/svc.dd.soeren.cloud/infra/tekton/kustomization.yaml b/clusters/svc.dd.soeren.cloud/infra/tekton/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../infra/tekton-operator
