feat: Cert-Manager infra und ClusterIssuer hinzugefügt

2026-04-21 15:14:32 +02:00 · 2026-04-21 15:14:32 +02:00 · 908f400671
commit 908f400671
parent 0973a07dc0
4 changed files with 48 additions and 1 deletions
--- a/apps/base/infra/cert-manager-repo.yaml
+++ b/apps/base/infra/cert-manager-repo.yaml
@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io
--- a/apps/base/infra/cert-manager.yaml
+++ b/apps/base/infra/cert-manager.yaml
@ -0,0 +1,22 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  releaseName: cert-manager
+  interval: 30m
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.14.0" # Oder aktuellste stabile Version
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  values:
+    installCRDs: true
--- a/apps/production/cert-issuer.yaml
+++ b/apps/production/cert-issuer.yaml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: gamemaster@axion1337.de
+    privateKeySecretRef:
+      name: letsencrypt-prod-account-key
+    solvers:
+    - http01:
+        ingress:
+          class: traefik # K3s nutzt standardmäßig Traefik
--- a/apps/production/kustomization.yaml
+++ b/apps/production/kustomization.yaml
@ -3,3 +3,6 @@ kind: Kustomization
 resources:
  - namespace.yaml
  - matrix-postgres-auth.yaml
+  - cert-issuer.yaml
+  - ../base/infra/cert-manager-repo.yaml
+  - ../base/infra/cert-manager.yaml