add mziesel-ca using cert-manager

.gitignore

@@ -0,0 +1 @@
+*nocommit

argocd-applications/base/cert-manager.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-app-cert-manager
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: default
+    server: https://kubernetes.default.svc
+  source:
+    path: cert-manager
+    repoURL: https://git.mziesel.nl/mans/argocd-test
+    targetRevision: HEAD
+  sources: []
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

argocd-applications/kustomization.yaml

@@ -8,3 +8,4 @@ resources:
 - ./base/metallb-application.yaml
 - ./base/traefik-application.yaml
 - ./base/ip-mziesel-nl-application.yaml
+- ./base/cert-manager.yaml

cert-manager/base/cert-manager-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager

cert-manager/base/mziesel-ca.yaml

@@ -0,0 +1,30 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: mziesel-root-ca-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mziesel-ca
+spec:
+  isCA: true
+  commonName: mziesel-ca
+  secretName: mziesel-root-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: mziesel-root-ca-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: mziesel-ca-issuer
+spec:
+  ca:
+    secretName: mziesel-root-secret

cert-manager/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: cert-manager
+
+resources:
+- ./base/cert-manager-namespace.yaml
+- https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.yaml
+- ./base/mziesel-ca.yaml