Installer: certificate issuer
diff --git a/charts/certificate-issuer/Chart.yaml b/charts/certificate-issuer/Chart.yaml
new file mode 100644
index 0000000..0d06818
--- /dev/null
+++ b/charts/certificate-issuer/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: certificate-issuer
+description: A Helm chart for PCloud public and private certificate issuer
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/certificate-issuer/templates/private.yaml b/charts/certificate-issuer/templates/private.yaml
new file mode 100644
index 0000000..1b5c06d
--- /dev/null
+++ b/charts/certificate-issuer/templates/private.yaml
@@ -0,0 +1,33 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: {{ .Values.private.name }}-bootstrap
+ namespace: {{ .Release.Namespace }}
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ .Values.private.name }}-ca-root
+ namespace: {{ .Release.Namespace }}
+spec:
+ isCA: true
+ commonName: {{ .Values.private.name }}-ca-root
+ secretName: {{ .Values.private.name }}-ca-root
+ privateKey:
+ algorithm: ECDSA
+ size: 256
+ issuerRef:
+ name: {{ .Values.private.name }}-bootstrap
+ kind: ClusterIssuer
+ group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: {{ .Values.private.name }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ ca:
+ secretName: {{ .Values.private.name }}-ca-root
diff --git a/charts/certificate-issuer/templates/public.yaml b/charts/certificate-issuer/templates/public.yaml
new file mode 100644
index 0000000..4dbf6f7
--- /dev/null
+++ b/charts/certificate-issuer/templates/public.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: {{ .Values.public.name }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ acme:
+ server: {{ .Values.public.server }}
+ email: {{ .Values.public.contactEmail }}
+ privateKeySecretRef:
+ name: cluster-issuer-{{ .Values.public.name }}-account-key
+ solvers:
+ - selector: {}
+ http01:
+ ingress:
+ class: {{ .Values.public.ingressClass }}
diff --git a/charts/certificate-issuer/values.yaml b/charts/certificate-issuer/values.yaml
new file mode 100644
index 0000000..4f40083
--- /dev/null
+++ b/charts/certificate-issuer/values.yaml
@@ -0,0 +1,8 @@
+public:
+ name: letsencrypt-prod
+ server: https://acme-v02.api.letsencrypt.org/directory
+ contactEmail: admin@example.com
+ ingressClass: ingress-nginx
+private:
+ name: selfsigned-private
+
diff --git a/helmfile/users/helmfile.yaml b/helmfile/users/helmfile.yaml
index 8953746..d15a67e 100644
--- a/helmfile/users/helmfile.yaml
+++ b/helmfile/users/helmfile.yaml
@@ -69,8 +69,22 @@
- 53: {{ .Values.id }}-app-pihole/pihole-dns-udp:53
tcp:
- 53: {{ .Values.id }}-app-pihole/pihole-dns-tcp:53
+- name: certificate-issuer
+ chart: ../../charts/certificate-issuer
+ namespace: {{ .Values.certManagerNamespace }} # {{ .Values.id }}-ingress-private
+ createNamespace: true
+ values:
+ - public:
+ name: {{ .Values.id }}-public
+ server: https://acme-v02.api.letsencrypt.org/directory
+ contactEmail: {{ .Values.contactEmail }}
+ ingressClass: ingress-nginx
+ - private:
+ name: {{ .Values.id }}-private
environments:
shveli:
values:
- id: shveli
+ - contactEmail: giolekva@gmail.com
+ - certManagerNamespace: cert-manager