From 65a59d2d0c4fe212095803964307b0766f723581 Mon Sep 17 00:00:00 2001 From: baschno Date: Sun, 28 Dec 2025 16:19:08 +0100 Subject: [PATCH] WIP: cert manager --- ...cert-manager-cluster-issuer-gomplate.yaml} | 2 +- ... cert-manager-issuer-secret-gomplate.yaml} | 2 +- Traefik/justfile | 43 +++++++++++++++++++ ...lues.yaml => traefik-values-gomplate.yaml} | 2 +- env/env.local.gomplate | 3 ++ env/justfile | 30 +++++++++++++ 6 files changed, 79 insertions(+), 3 deletions(-) rename Traefik/{cert-manager-cluster-issuer.yaml => cert-manager-cluster-issuer-gomplate.yaml} (91%) rename Traefik/{cert-manager-issuer-secret.yaml => cert-manager-issuer-secret-gomplate.yaml} (70%) create mode 100644 Traefik/justfile rename Traefik/{traefik-values.yaml => traefik-values-gomplate.yaml} (75%) diff --git a/Traefik/cert-manager-cluster-issuer.yaml b/Traefik/cert-manager-cluster-issuer-gomplate.yaml similarity index 91% rename from Traefik/cert-manager-cluster-issuer.yaml rename to Traefik/cert-manager-cluster-issuer-gomplate.yaml index a6f2999..b071cec 100644 --- a/Traefik/cert-manager-cluster-issuer.yaml +++ b/Traefik/cert-manager-cluster-issuer-gomplate.yaml @@ -4,7 +4,7 @@ metadata: name: cloudflare-cluster-issuer spec: acme: - email: hello@schnorbus.net + email: {{ .Env.ACME_EMAIL }} server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: cloudflare-acme-key diff --git a/Traefik/cert-manager-issuer-secret.yaml b/Traefik/cert-manager-issuer-secret-gomplate.yaml similarity index 70% rename from Traefik/cert-manager-issuer-secret.yaml rename to Traefik/cert-manager-issuer-secret-gomplate.yaml index c3a4bf4..3e817e3 100644 --- a/Traefik/cert-manager-issuer-secret.yaml +++ b/Traefik/cert-manager-issuer-secret-gomplate.yaml @@ -5,4 +5,4 @@ metadata: namespace: cert-manager type: Opaque stringData: - api-token: DgU4SMUpQVAoS8IisGxnSQCUI7PbclhvegdqF9I1 \ No newline at end of file + api-token: {{ .Env.CLOUDFLARE_API_TOKEN }} \ No newline at end of file diff --git a/Traefik/justfile b/Traefik/justfile new file mode 100644 index 0000000..f488e60 --- /dev/null +++ b/Traefik/justfile @@ -0,0 +1,43 @@ +set fallback:=true + +export CERT_MANAGER_NAMESPACE := env("CERT_MANAGER_NAMESPACE", "cert-manager") +export TRAEFIK_NAMESPACE := env("TRAEFIK_NAMESPACE", "traefik") + +add-helm-repos: + helm repo add traefik https://helm.traefik.io/traefik --force-update + helm repo add jetstack https://charts.jetstack.io --force-update + helm repo update + +install: + #!/bin/bash + set -euo pipefail + just env::check + + just add-helm-repos + + helm upgrade traefik traefik/traefik \ + --install \ + --cleanup-on-fail \ + --namespace ${TRAEFIK_NAMESPACE} \ + --create-namespace \ + --values traefik-values.yaml + + helm upgrade cert-manager jetstack/cert-manager \ + --install \ + --cleanup-on-fail \ + --namespace ${CERT_MANAGER_NAMESPACE} \ + --create-namespace \ + --values cert-manager-values.yaml + +uninstall: + #!/bin/bash + set -euo pipefail + just env::check + + helm uninstall traefik --namespace ${TRAEFIK_NAMESPACE} || true + helm uninstall cert-manager --namespace ${CERT_MANAGER_NAMESPACE} || true + +setup-cluster-issuer: + #!/bin/bash + set -euo pipefail + just env::check \ No newline at end of file diff --git a/Traefik/traefik-values.yaml b/Traefik/traefik-values-gomplate.yaml similarity index 75% rename from Traefik/traefik-values.yaml rename to Traefik/traefik-values-gomplate.yaml index cec8334..b4e9d0d 100644 --- a/Traefik/traefik-values.yaml +++ b/Traefik/traefik-values-gomplate.yaml @@ -11,5 +11,5 @@ ingressRoute: dashboard: enabled: true entryPoints: [web, websecure] - matchRule: Host(`traefik-dashboard.k8s.schnrbs.work`) + matchRule: Host(`traefik-dashboard.{{ .Env.EXTERNAL_DOMAIN }}`) \ No newline at end of file diff --git a/env/env.local.gomplate b/env/env.local.gomplate index 35f6f31..2059580 100644 --- a/env/env.local.gomplate +++ b/env/env.local.gomplate @@ -4,3 +4,6 @@ K8S_MASTER_NODE_NAME={{ .Env.K8S_MASTER_NODE_NAME }} SERVER_IP={{ .Env.SERVER_IP }} AGENT_IP={{ .Env.AGENT_IP }} METALLB_ADDRESS_RANGE={{ .Env.METALLB_ADDRESS_RANGE }} +CLOUDFLARE_API_TOKEN={{ .Env.CLOUDFLARE_API_TOKEN}} +ACME_EMAIL={{ .Env.ACME_EMAIL}} +EXTERNAL_DOMAIN={{ .Env.EXTERNAL_DOMAIN }} diff --git a/env/justfile b/env/justfile index edeba0c..777d96a 100644 --- a/env/justfile +++ b/env/justfile @@ -90,6 +90,36 @@ setup: fi done + while [ -z "${CLOUDFLARE_API_TOKEN}" ]; do + if ! CLOUDFLARE_API_TOKEN=$( + gum input --prompt="Cloudflare API Token: " \ + --width=100 --placeholder="API Token" --password + ); then + echo "Setup cancelled." >&2 + exit 1 + fi + done + + while [ -z "${ACME_EMAIL}" ]; do + if ! ACME_EMAIL=$( + gum input --prompt="ACME Email for Cert-Manager: " \ + --width=100 --placeholder="Email" + ); then + echo "Setup cancelled." >&2 + exit 1 + fi + done + + while [ -z "${EXTERNAL_DOMAIN}" ]; do + if ! EXTERNAL_DOMAIN=$( + gum input --prompt="External Domain: " \ + --width=100 --placeholder="Domain" + ); then + echo "Setup cancelled." >&2 + exit 1 + fi + done + echo "Generating .env.local file..." rm -f ../.env.local gomplate -f env.local.gomplate -o ../.env.local