From 908f4006711525d090aa261055dee0cb126678b8 Mon Sep 17 00:00:00 2001
From: Scrublord MacBad <Scrublord@Mac.Bad>
Date: Tue, 21 Apr 2026 15:14:32 +0200
Subject: [PATCH] =?UTF-8?q?feat:=20Cert-Manager=20infra=20und=20ClusterIss?=
 =?UTF-8?q?uer=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/base/infra/cert-manager-repo.yaml |  8 ++++++++
 apps/base/infra/cert-manager.yaml      | 22 ++++++++++++++++++++++
 apps/production/cert-issuer.yaml       | 14 ++++++++++++++
 apps/production/kustomization.yaml     |  5 ++++-
 4 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 apps/base/infra/cert-manager-repo.yaml
 create mode 100644 apps/base/infra/cert-manager.yaml
 create mode 100644 apps/production/cert-issuer.yaml

diff --git a/apps/base/infra/cert-manager-repo.yaml b/apps/base/infra/cert-manager-repo.yaml
new file mode 100644
index 0000000..ca1ed2a
--- /dev/null
+++ b/apps/base/infra/cert-manager-repo.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io
\ No newline at end of file
diff --git a/apps/base/infra/cert-manager.yaml b/apps/base/infra/cert-manager.yaml
new file mode 100644
index 0000000..9d0c18f
--- /dev/null
+++ b/apps/base/infra/cert-manager.yaml
@@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  releaseName: cert-manager
+  interval: 30m
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.14.0" # Oder aktuellste stabile Version
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  values:
+    installCRDs: true
\ No newline at end of file
diff --git a/apps/production/cert-issuer.yaml b/apps/production/cert-issuer.yaml
new file mode 100644
index 0000000..939978c
--- /dev/null
+++ b/apps/production/cert-issuer.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: gamemaster@axion1337.de
+    privateKeySecretRef:
+      name: letsencrypt-prod-account-key
+    solvers:
+    - http01:
+        ingress:
+          class: traefik # K3s nutzt standardmäßig Traefik
\ No newline at end of file
diff --git a/apps/production/kustomization.yaml b/apps/production/kustomization.yaml
index 61ffee2..7407ff1 100644
--- a/apps/production/kustomization.yaml
+++ b/apps/production/kustomization.yaml
@@ -2,4 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - namespace.yaml
-  - matrix-postgres-auth.yaml
\ No newline at end of file
+  - matrix-postgres-auth.yaml
+  - cert-issuer.yaml
+  - ../base/infra/cert-manager-repo.yaml
+  - ../base/infra/cert-manager.yaml
\ No newline at end of file