feat(certs): migrate to network NS

joryirving · Nov 22, 2024 · 0c3ee66 · 0c3ee66
1 parent 5fe16a1
commit 0c3ee66
Show file tree

Hide file tree

Showing 18 changed files with 58 additions and 55 deletions.
diff --git a/kubernetes/main/apps/cert-manager/certificates/ks.yaml b/kubernetes/main/apps/cert-manager/certificates/ks.yaml
diff --git a/kubernetes/main/apps/cert-manager/kustomization.yaml b/kubernetes/main/apps/cert-manager/kustomization.yaml
@@ -7,4 +7,3 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./cert-manager/ks.yaml
-  - ./certificates/ks.yaml
diff --git a/...anager/certificates/app/certificates.yaml → ...work/nginx/certificates/certificates.yaml b/...anager/certificates/app/certificates.yaml → ...work/nginx/certificates/certificates.yaml
diff --git a/...nager/certificates/app/kustomization.yaml → ...ork/nginx/certificates/kustomization.yaml b/...nager/certificates/app/kustomization.yaml → ...ork/nginx/certificates/kustomization.yaml
diff --git a/...-manager/certificates/app/pushsecret.yaml → ...etwork/nginx/certificates/pushsecret.yaml b/...-manager/certificates/app/pushsecret.yaml → ...etwork/nginx/certificates/pushsecret.yaml
diff --git a/...ert-manager/certificates/app/staging.yaml → ...s/network/nginx/certificates/staging.yaml b/...ert-manager/certificates/app/staging.yaml → ...s/network/nginx/certificates/staging.yaml
diff --git a/kubernetes/main/apps/network/nginx/external/helmrelease.yaml b/kubernetes/main/apps/network/nginx/external/helmrelease.yaml
@@ -74,7 +74,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1

diff --git a/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml b/kubernetes/main/apps/network/nginx/internal/helmrelease.yaml
@@ -74,7 +74,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1

diff --git a/kubernetes/main/apps/network/nginx/ks.yaml b/kubernetes/main/apps/network/nginx/ks.yaml
@@ -2,6 +2,29 @@
 # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
+metadata:
+  name: &app nginx-certificates
+  namespace: flux-system
+spec:
+  targetNamespace: network
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cert-manager-issuers
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/network/nginx/certificates
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
 metadata:
   name: &app nginx-external
   namespace: flux-system
@@ -11,7 +34,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/main/apps/network/nginx/external
   prune: true
   sourceRef:
@@ -33,7 +57,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/main/apps/network/nginx/internal
   prune: true
   sourceRef:

diff --git a/kubernetes/utility/apps/cert-manager/certificates/ks.yaml b/kubernetes/utility/apps/cert-manager/certificates/ks.yaml
diff --git a/kubernetes/utility/apps/cert-manager/kustomization.yaml b/kubernetes/utility/apps/cert-manager/kustomization.yaml
@@ -7,4 +7,3 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./cert-manager/ks.yaml
-  - ./certificates/ks.yaml
diff --git a/...anager/certificates/app/certificates.yaml → ...work/nginx/certificates/certificates.yaml b/...anager/certificates/app/certificates.yaml → ...work/nginx/certificates/certificates.yaml
diff --git a/...nager/certificates/app/kustomization.yaml → ...ork/nginx/certificates/kustomization.yaml b/...nager/certificates/app/kustomization.yaml → ...ork/nginx/certificates/kustomization.yaml
diff --git a/...-manager/certificates/app/pushsecret.yaml → ...etwork/nginx/certificates/pushsecret.yaml b/...-manager/certificates/app/pushsecret.yaml → ...etwork/nginx/certificates/pushsecret.yaml
diff --git a/...ert-manager/certificates/app/staging.yaml → ...s/network/nginx/certificates/staging.yaml b/...ert-manager/certificates/app/staging.yaml → ...s/network/nginx/certificates/staging.yaml
diff --git a/kubernetes/utility/apps/network/nginx/external/helmrelease.yaml b/kubernetes/utility/apps/network/nginx/external/helmrelease.yaml
@@ -73,7 +73,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1

diff --git a/kubernetes/utility/apps/network/nginx/internal/helmrelease.yaml b/kubernetes/utility/apps/network/nginx/internal/helmrelease.yaml
@@ -74,7 +74,7 @@ spec:
           namespaceSelector:
             any: true
       extraArgs:
-        default-ssl-certificate: cert-manager/${SECRET_DOMAIN}-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN}-tls
       terminationGracePeriodSeconds: 120
       topologySpreadConstraints:
         - maxSkew: 1

diff --git a/kubernetes/utility/apps/network/nginx/ks.yaml b/kubernetes/utility/apps/network/nginx/ks.yaml
@@ -1,4 +1,26 @@
-
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app nginx-certificates
+  namespace: flux-system
+spec:
+  targetNamespace: network
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: cert-manager-issuers
+    - name: external-secrets-stores
+  path: ./kubernetes/utility/apps/network/nginx/certificates
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  timeout: 5m
 ---
 # yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
@@ -12,7 +34,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/utility/apps/network/nginx/external
   prune: true
   sourceRef:
@@ -34,7 +57,8 @@ spec:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
-    - name: certificates
+    - name: external-secrets-stores
+    - name: nginx-certificates
   path: ./kubernetes/utility/apps/network/nginx/internal
   prune: true
   sourceRef: