From e48917613d237d36c1cc0ae053750e24ee203d8d Mon Sep 17 00:00:00 2001
From: Mans Ziesel <mans@mziesel.com>
Date: Sun, 13 Oct 2024 19:00:11 +0200
Subject: [PATCH] add mziesel-ca using cert-manager

---
 .gitignore                                    |  1 +
 argocd-applications/base/cert-manager.yaml    | 20 +++++++++++++
 argocd-applications/kustomization.yaml        |  1 +
 cert-manager/base/cert-manager-namespace.yaml |  4 +++
 cert-manager/base/mziesel-ca.yaml             | 30 +++++++++++++++++++
 cert-manager/kustomization.yaml               |  9 ++++++
 6 files changed, 65 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 argocd-applications/base/cert-manager.yaml
 create mode 100644 cert-manager/base/cert-manager-namespace.yaml
 create mode 100644 cert-manager/base/mziesel-ca.yaml
 create mode 100644 cert-manager/kustomization.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..aa41179
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*nocommit
diff --git a/argocd-applications/base/cert-manager.yaml b/argocd-applications/base/cert-manager.yaml
new file mode 100644
index 0000000..782ecfb
--- /dev/null
+++ b/argocd-applications/base/cert-manager.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-app-cert-manager
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: default
+    server: https://kubernetes.default.svc
+  source:
+    path: cert-manager
+    repoURL: https://git.mziesel.nl/mans/argocd-test
+    targetRevision: HEAD
+  sources: []
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/argocd-applications/kustomization.yaml b/argocd-applications/kustomization.yaml
index d48f8f9..aaaee64 100644
--- a/argocd-applications/kustomization.yaml
+++ b/argocd-applications/kustomization.yaml
@@ -8,3 +8,4 @@ resources:
 - ./base/metallb-application.yaml
 - ./base/traefik-application.yaml
 - ./base/ip-mziesel-nl-application.yaml
+- ./base/cert-manager.yaml
diff --git a/cert-manager/base/cert-manager-namespace.yaml b/cert-manager/base/cert-manager-namespace.yaml
new file mode 100644
index 0000000..c90416f
--- /dev/null
+++ b/cert-manager/base/cert-manager-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
diff --git a/cert-manager/base/mziesel-ca.yaml b/cert-manager/base/mziesel-ca.yaml
new file mode 100644
index 0000000..41d6c84
--- /dev/null
+++ b/cert-manager/base/mziesel-ca.yaml
@@ -0,0 +1,30 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: mziesel-root-ca-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mziesel-ca
+spec:
+  isCA: true
+  commonName: mziesel-ca
+  secretName: mziesel-root-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: mziesel-root-ca-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: mziesel-ca-issuer
+spec:
+  ca:
+    secretName: mziesel-root-secret
diff --git a/cert-manager/kustomization.yaml b/cert-manager/kustomization.yaml
new file mode 100644
index 0000000..fad19f1
--- /dev/null
+++ b/cert-manager/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: cert-manager
+
+resources:
+- ./base/cert-manager-namespace.yaml
+- https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.yaml
+- ./base/mziesel-ca.yaml