Various fixes and some tidying up (#472)

* Fix * Deploy from branch * Add certificate * Tweaks * Stop it from ignoring things * Remove patch * Fix a typo * Try patches again * Cert-manager tweaks
Jonnobrow · Aug 12, 2024 · 850ecac · 850ecac
1 parent 3e67fe7
commit 850ecac
Show file tree

Hide file tree

Showing 10 changed files with 54 additions and 36 deletions.
diff --git a/.taskfiles/flux.yml b/.taskfiles/flux.yml
@@ -1,34 +1,12 @@
 ---
 version: "3"
 
-env:
-  GITHUB_USER: jonnobrow
-
 tasks:
   sync:
     desc: Sync flux-system with the Git Repository
+    vars:
+      cluster: '{{.cluster| default "coffee-shop-2"}}'
     cmds:
-      - flux reconcile source git flux-system
+      - flux reconcile source git -n flux-system {{.cluster}}
       - flux get kustomizations --watch
     silent: true
-
-  generatekey:
-    desc: Generates a git secret for flux
-    cmds:
-      - |
-        flux create secret git coffee-shop-auth \
-          --url=ssh://[email protected]/jonnobrow/coffee-shop \
-          --ssh-key-algorithm=ecdsa \
-          --ssh-ecdsa-curve=p521
-
-  bootstrap:
-    desc: Bootstrap cluster with flux
-    cmds:
-      - |
-        flux bootstrap github \
-          --owner=$GITHUB_USER \
-          --repository=coffee-shop \
-          --branch=main \
-          --path=./cluster/base \
-          --personal
-    silent: true
diff --git a/kubernetes/coffee-shop-2/apps/cert-manager/app/cloudflare-api-token-secret.secret.sops.yaml b/kubernetes/coffee-shop-2/apps/cert-manager/app/cloudflare-api-token-secret.secret.sops.yaml
@@ -6,7 +6,6 @@ kind: Secret
 metadata:
     creationTimestamp: null
     name: cloudflare-api-token-secret
-    namespace: cert-manager
 sops:
     kms: []
     gcp_kms: []

diff --git a/kubernetes/coffee-shop-2/apps/cert-manager/app/helmrelease.yaml b/kubernetes/coffee-shop-2/apps/cert-manager/app/helmrelease.yaml
@@ -23,8 +23,5 @@ spec:
   values:
     crds:
       enabled: true
-    extraArgs:
-    - --dns01-recursive-nameservers=1.1.1.1:53
-    - --dns01-recursive-nameservers-only
     dns01RecursiveNameserversOnly: true
-    dns01RecursiveNameservers: "1.1.1.1,1.0.0.1"
+    dns01RecursiveNameservers: "https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query"
diff --git a/kubernetes/coffee-shop-2/apps/cert-manager/app/kustomization.yaml b/kubernetes/coffee-shop-2/apps/cert-manager/app/kustomization.yaml
@@ -3,6 +3,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./helmrepository.yaml
-  - ./helmrelease.yaml
-  - ./cloudflare-api-token-secret.secret.sops.yaml
+  - helmrepository.yaml
+  - helmrelease.yaml
+  - cloudflare-api-token-secret.secret.sops.yaml
diff --git a/kubernetes/coffee-shop-2/apps/cert-manager/certificates/wildcard.yaml b/kubernetes/coffee-shop-2/apps/cert-manager/certificates/wildcard.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: "${SECRET_DOMAIN/./-}"
+  namespace: cert-manager
+spec:
+  secretName: "${SECRET_DOMAIN/./-}-tls"
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: "${SECRET_DOMAIN}"
+  dnsNames:
+  - "${SECRET_DOMAIN}"
+  - "*.${SECRET_DOMAIN}"
diff --git a/kubernetes/coffee-shop-2/apps/cert-manager/ks.yaml b/kubernetes/coffee-shop-2/apps/cert-manager/ks.yaml
@@ -1,8 +1,9 @@
+---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: app
-  namespace: cert-manager
+  namespace: flux-system
 spec:
   interval: 1h
   targetNamespace: cert-manager
@@ -12,12 +13,13 @@ spec:
     kind: GitRepository
     namespace: flux-system
     name: coffee-shop-2
+  wait: true
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
   name: issuers
-  namespace: cert-manager
+  namespace: flux-system
 spec:
   interval: 1h
   targetNamespace: cert-manager
@@ -29,3 +31,23 @@ spec:
     name: coffee-shop-2
   dependsOn:
     - name: app
+  wait: true
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: certificates
+  namespace: flux-system
+spec:
+  interval: 1h
+  targetNamespace: cert-manager
+  path: ./kubernetes/coffee-shop-2/apps/cert-manager/certificates
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: coffee-shop-2
+  dependsOn:
+    - name: app
+    - name: issuers
+  wait: true
diff --git a/kubernetes/coffee-shop-2/apps/cert-manager/kustomization.yaml b/kubernetes/coffee-shop-2/apps/cert-manager/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - ks.yaml
diff --git a/kubernetes/coffee-shop-2/apps/metallb/ks.yaml b/kubernetes/coffee-shop-2/apps/metallb/ks.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

diff --git a/kubernetes/coffee-shop-2/cluster/apps.yaml b/kubernetes/coffee-shop-2/cluster/apps.yaml
@@ -28,6 +28,7 @@ spec:
         kind: Kustomization
         metadata:
           name: not-used
+          namespace: not-used
         spec:
           decryption:
             provider: sops

diff --git a/kubernetes/coffee-shop-2/cluster/config/cluster.yaml b/kubernetes/coffee-shop-2/cluster/config/cluster.yaml
@@ -9,7 +9,7 @@ spec:
   interval: 30m
   url: ssh://[email protected]/Jonnobrow/coffee-shop.git
   ref:
-    branch: coffee-shop-2.0/main
+    branch: coffee-shop-2.0/initial-migration
   secretRef:
     name: github-deploy-key
   ignore: |