From a42a07b66966ca5ce67d712ee25de9ea232fd68c Mon Sep 17 00:00:00 2001 From: Danijel Simeunovic Date: Sat, 7 Feb 2026 21:16:15 +0100 Subject: [PATCH] initial --- .gitignore | 18 ++++ argocd/_app-of-apps.yaml | 22 +++++ argocd/apps/application.yaml | 54 +++++++++++ argocd/apps/cert-manager-application.yaml | 90 +++++++++++++++++++ .../apps/cluster-resources-application.yaml | 38 ++++++++ argocd/apps/fluent-bit.yaml | 41 +++++++++ argocd/apps/grafana.yaml | 41 +++++++++ argocd/apps/kyverno.yaml | 35 ++++++++ argocd/apps/loki.yaml | 41 +++++++++ argocd/apps/prometheus.yaml | 41 +++++++++ argocd/apps/sealedsecrets.yaml | 38 ++++++++ argocd/apps/traefik-application.yaml | 65 ++++++++++++++ argocd/apps/trivy.yaml | 38 ++++++++ argocd/values/argocd-values.yaml | 23 +++++ argocd/values/grafana-values.yaml | 37 ++++++++ argocd/values/loki-values.yaml | 31 +++++++ argocd/values/prometheus-values.yaml | 41 +++++++++ bootstrap.sh | 43 +++++++++ cluster-resources/cert-manager-namespace.yaml | 9 ++ cluster-resources/kyverno-config.yaml | 68 ++++++++++++++ cluster-resources/letsencrypt-issuer.yaml | 35 ++++++++ 21 files changed, 849 insertions(+) create mode 100644 .gitignore create mode 100644 argocd/_app-of-apps.yaml create mode 100644 argocd/apps/application.yaml create mode 100644 argocd/apps/cert-manager-application.yaml create mode 100644 argocd/apps/cluster-resources-application.yaml create mode 100644 argocd/apps/fluent-bit.yaml create mode 100644 argocd/apps/grafana.yaml create mode 100644 argocd/apps/kyverno.yaml create mode 100644 argocd/apps/loki.yaml create mode 100644 argocd/apps/prometheus.yaml create mode 100644 argocd/apps/sealedsecrets.yaml create mode 100644 argocd/apps/traefik-application.yaml create mode 100644 argocd/apps/trivy.yaml create mode 100644 argocd/values/argocd-values.yaml create mode 100644 argocd/values/grafana-values.yaml create mode 100644 argocd/values/loki-values.yaml create mode 100644 argocd/values/prometheus-values.yaml create mode 100644 bootstrap.sh create mode 100644 cluster-resources/cert-manager-namespace.yaml create mode 100644 cluster-resources/kyverno-config.yaml create mode 100644 cluster-resources/letsencrypt-issuer.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c10a0fd --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +# User-specific files +*.user +*.lock +*.userosscache + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +.github/ +private/ +.helm/ +temp/ +*.orig +CLAUDE.md +.claude/ +devbox.d/ +devbox.lock +.devbox/ \ No newline at end of file diff --git a/argocd/_app-of-apps.yaml b/argocd/_app-of-apps.yaml new file mode 100644 index 0000000..402bbd8 --- /dev/null +++ b/argocd/_app-of-apps.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: musicman-app-of-apps + namespace: argocd + labels: + scope: music-man +spec: + project: default + source: + repoURL: https://github.com/snothub/scaling-parakeet.git + targetRevision: HEAD + path: argocd + destination: + server: https://kubernetes.default.svc + namespace: music-man + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/argocd/apps/application.yaml b/argocd/apps/application.yaml new file mode 100644 index 0000000..e10f5e4 --- /dev/null +++ b/argocd/apps/application.yaml @@ -0,0 +1,54 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: music-man + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: https://github.com/snothub/scaling-parakeet.git + targetRevision: HEAD + path: helm-chart + + helm: + valueFiles: + - values.yaml + values: | + app: + image: + tag: v3.4.11 # Updated automatically by GitHub Actions on release + + parameters: + - name: secrets.databasePassword + value: "change-me-in-production" + + destination: + server: https://kubernetes.default.svc + namespace: music-man + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + - Validate=true + - ServerSideApply=false + - Replace=false + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + ignoreDifferences: + - group: apps + kind: Deployment + jsonPointers: + - /spec/replicas diff --git a/argocd/apps/cert-manager-application.yaml b/argocd/apps/cert-manager-application.yaml new file mode 100644 index 0000000..d1b116b --- /dev/null +++ b/argocd/apps/cert-manager-application.yaml @@ -0,0 +1,90 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: "v1.14.0" + + helm: + values: | + # Install CustomResourceDefinitions + installCRDs: true + + # Global configuration + global: + leaderElection: + namespace: cert-manager + + # Webhook configuration + webhook: + enabled: true + replicaCount: 1 + timeoutSeconds: 10 + # Disable Istio sidecar injection for webhook to avoid mTLS issues + podAnnotations: + sidecar.istio.io/inject: "false" + + # CA Injector + caInjector: + enabled: true + replicaCount: 1 + # Disable Istio sidecar injection for CA injector + podAnnotations: + sidecar.istio.io/inject: "false" + + # Disable Istio sidecar for main controller pods + podAnnotations: + sidecar.istio.io/inject: "false" + + # Security context + podSecurityPolicy: + enabled: false + + # Resources + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi + + # Service account + serviceAccount: + create: true + name: cert-manager + + # Enable debug logging if needed (set to false for production) + logLevel: 2 + + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + + # Patch namespace to disable Istio injection + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + - Validate=true + - ServerSideApply=false + - Replace=false + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/cluster-resources-application.yaml b/argocd/apps/cluster-resources-application.yaml new file mode 100644 index 0000000..c1281a6 --- /dev/null +++ b/argocd/apps/cluster-resources-application.yaml @@ -0,0 +1,38 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cluster-resources + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: https://github.com/snothub/scaling-parakeet.git + targetRevision: HEAD + path: cluster-resources + + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + - Validate=true + - ServerSideApply=false + - Replace=false + - ApplyOutOfSyncOnly=false + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/fluent-bit.yaml b/argocd/apps/fluent-bit.yaml new file mode 100644 index 0000000..b1fd57a --- /dev/null +++ b/argocd/apps/fluent-bit.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: fluent-bit + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://fluent.github.io/helm-charts + chart: fluent-bit + targetRevision: 0.47.10 + helm: + releaseName: fluent-bit + valueFiles: + - $values/argocd/values/fluent-bit-values.yaml + + - repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git + targetRevision: main + ref: values + + destination: + server: https://kubernetes.default.svc + namespace: monitoring + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/grafana.yaml b/argocd/apps/grafana.yaml new file mode 100644 index 0000000..f68ebc3 --- /dev/null +++ b/argocd/apps/grafana.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: grafana + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://grafana.github.io/helm-charts + chart: grafana + targetRevision: latest + helm: + releaseName: grafana + valueFiles: + - $values/argocd/values/grafana-values.yaml + + - repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git + targetRevision: main + ref: values + + destination: + server: https://kubernetes.default.svc + namespace: monitoring + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/kyverno.yaml b/argocd/apps/kyverno.yaml new file mode 100644 index 0000000..3509f00 --- /dev/null +++ b/argocd/apps/kyverno.yaml @@ -0,0 +1,35 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kyverno + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + chart: kyverno + repoURL: https://kyverno.github.io/kyverno/ + targetRevision: v1.13.0 # Update to latest stable version + helm: + releaseName: kyverno + + destination: + server: https://kubernetes.default.svc + namespace: kyverno + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/loki.yaml b/argocd/apps/loki.yaml new file mode 100644 index 0000000..7d5799e --- /dev/null +++ b/argocd/apps/loki.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: loki + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://grafana.github.io/helm-charts + chart: loki + targetRevision: latest + helm: + releaseName: loki + valueFiles: + - $values/argocd/values/loki-values.yaml + + - repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git + targetRevision: main + ref: values + + destination: + server: https://kubernetes.default.svc + namespace: monitoring + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/prometheus.yaml b/argocd/apps/prometheus.yaml new file mode 100644 index 0000000..805988f --- /dev/null +++ b/argocd/apps/prometheus.yaml @@ -0,0 +1,41 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prometheus + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + sources: + - repoURL: https://prometheus-community.github.io/helm-charts + chart: prometheus + targetRevision: latest + helm: + releaseName: prometheus + valueFiles: + - $values/argocd/values/prometheus-values.yaml + + - repoURL: https://github.com/YOUR_ORG/YOUR_GITOPS_REPO.git + targetRevision: main + ref: values + + destination: + server: https://kubernetes.default.svc + namespace: monitoring + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/sealedsecrets.yaml b/argocd/apps/sealedsecrets.yaml new file mode 100644 index 0000000..bffbf37 --- /dev/null +++ b/argocd/apps/sealedsecrets.yaml @@ -0,0 +1,38 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: sealed-secrets + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + chart: sealed-secrets + repoURL: https://bitnami-labs.github.io/sealed-secrets + targetRevision: 2.16.2 # Update to latest stable version + helm: + releaseName: sealed-secrets + parameters: + - name: fullnameOverride + value: sealed-secrets-controller + + destination: + server: https://kubernetes.default.svc + namespace: kube-system + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=false # kube-system already exists + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/traefik-application.yaml b/argocd/apps/traefik-application.yaml new file mode 100644 index 0000000..6c32a15 --- /dev/null +++ b/argocd/apps/traefik-application.yaml @@ -0,0 +1,65 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: traefik + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: https://traefik.github.io/charts + chart: traefik + targetRevision: "28.0.0" + + helm: + values: | + deployment: + replicas: 2 + + service: + type: LoadBalancer + annotations: + service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping + + ingressClass: + enabled: true + isDefaultClass: true + + # Configure entry points + entryPoints: + web: + address: :80 + http: + redirections: + entrypoint: + to: websecure + scheme: https + websecure: + address: :443 + http: + tls: {} + + destination: + server: https://kubernetes.default.svc + namespace: traefik-system + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + - Validate=true + - ServerSideApply=false + - Replace=false + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/apps/trivy.yaml b/argocd/apps/trivy.yaml new file mode 100644 index 0000000..b7ff8f5 --- /dev/null +++ b/argocd/apps/trivy.yaml @@ -0,0 +1,38 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: trivy + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + chart: trivy-operator + repoURL: https://aquasecurity.github.io/helm-charts + targetRevision: v0.0.7 # Update to latest stable version + helm: + releaseName: trivy-operator + parameters: + - name: trivy.ignoreUnfixed + value: "true" + + destination: + server: https://kubernetes.default.svc + namespace: kube-system + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=false # kube-system already exists + - ServerSideApply=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m diff --git a/argocd/values/argocd-values.yaml b/argocd/values/argocd-values.yaml new file mode 100644 index 0000000..43174bc --- /dev/null +++ b/argocd/values/argocd-values.yaml @@ -0,0 +1,23 @@ +global: + domain: argocd.127.0.0.1.nip.io +configs: + secret: + createSecret: true + cm: + application.resourceTrackingMethod: annotation + timeout.reconciliation: 60s + admin.enabled: "false" + # Add Git configuration for Azure authentication + repositories: | + - type: git + url: https://github.com/snothub + name: github-repo + params: + "server.insecure": true +server: + ingress: + enabled: true + ingressClassName: nginx + extraArgs: + - --insecure + - --disable-auth diff --git a/argocd/values/grafana-values.yaml b/argocd/values/grafana-values.yaml new file mode 100644 index 0000000..74452e7 --- /dev/null +++ b/argocd/values/grafana-values.yaml @@ -0,0 +1,37 @@ +ingress: + enabled: true + +adminUser: admin +adminPassword: "forte" + +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + url: http://prometheus-server.monitoring.svc.cluster.local + access: proxy + isDefault: true + - name: Loki + type: loki + url: http://loki-gateway.monitoring.svc.cluster.local + access: proxy +dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: 'default' + orgId: 1 + folder: '' + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/default +dashboards: + default: + kubernetes: + gnetId: 15758 + revision: 1 + datasource: Prometheus diff --git a/argocd/values/loki-values.yaml b/argocd/values/loki-values.yaml new file mode 100644 index 0000000..8345786 --- /dev/null +++ b/argocd/values/loki-values.yaml @@ -0,0 +1,31 @@ +deploymentMode: SingleBinary +loki: + auth_enabled: false + commonConfig: + replication_factor: 1 + storage: + type: 'filesystem' + schemaConfig: + configs: + - from: "2024-01-01" + store: tsdb + index: + prefix: loki_index_ + period: 24h + object_store: filesystem # we're storing on filesystem so there's no real persistence here. + schema: v13 + limits_config: + reject_old_samples: true + reject_old_samples_max_age: 168h + ingestion_rate_mb: 10 + ingestion_burst_size_mb: 20 +chunksCache: + enabled: false +singleBinary: + replicas: 1 +read: + replicas: 0 +backend: + replicas: 0 +write: + replicas: 0 \ No newline at end of file diff --git a/argocd/values/prometheus-values.yaml b/argocd/values/prometheus-values.yaml new file mode 100644 index 0000000..687f1e6 --- /dev/null +++ b/argocd/values/prometheus-values.yaml @@ -0,0 +1,41 @@ +server: + ingress: + enabled: false + service: + servicePort: 80 + + # Add your custom scrape configurations here + extraScrapeConfigs: | + - job_name: kubernetes-nodes-cadvisor + scrape_interval: 10s + scrape_timeout: 10s + scheme: https # remove if you want to scrape metrics on insecure port + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + # Only for Kubernetes ^1.7.3. + # See: https://github.com/prometheus/prometheus/issues/2916 + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor + metric_relabel_configs: + - action: replace + source_labels: [id] + regex: '^/machine\.slice/machine-rkt\\x2d([^\\]+)\\.+/([^/]+)\.service$' + target_label: rkt_container_name + replacement: '${2}-${1}' + - action: replace + source_labels: [id] + regex: '^/system\.slice/(.+)\.service$' + target_label: systemd_service_name + replacement: '${1}' +alertmanager: + enabled: false diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100644 index 0000000..4d7840d --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,43 @@ +#!/bin/zsh +# in case of $'\r': command not found error, run command below first +# sed -i 's/\r$//' ./bootstrap.sh + +echo "running $0..." +nsmon=monitoring +nsistio=istio-system +promport=80 +helminit=0 + +############################################################ +# Bootstrap # +############################################################ +Bootstrap() +{ + ArgoCd +} + + +############################################################ +# Github # +############################################################ +Github() +{ + echo "Installing secret..." + kubectl apply -f github.yaml +} + +############################################################ +# ArgoCd # +############################################################ +ArgoCd() +{ + # install argocd + echo "Installing ArgoCD..." + helm upgrade --install argocd argo-cd \ + --repo https://argoproj.github.io/argo-helm \ + --namespace argocd --create-namespace \ + --values argocd-values.yaml \ + --timeout 60s --atomic +} + +Bootstrap diff --git a/cluster-resources/cert-manager-namespace.yaml b/cluster-resources/cert-manager-namespace.yaml new file mode 100644 index 0000000..b1fe112 --- /dev/null +++ b/cluster-resources/cert-manager-namespace.yaml @@ -0,0 +1,9 @@ +--- +# Disable Istio sidecar injection for cert-manager namespace +# This is required for cert-manager to function properly with Istio +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager + labels: + istio-injection: disabled diff --git a/cluster-resources/kyverno-config.yaml b/cluster-resources/kyverno-config.yaml new file mode 100644 index 0000000..61447d4 --- /dev/null +++ b/cluster-resources/kyverno-config.yaml @@ -0,0 +1,68 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kyverno:secrets:view + labels: + rbac.kyverno.io/aggregate-to-admission-controller: "true" + rbac.kyverno.io/aggregate-to-reports-controller: "true" + rbac.kyverno.io/aggregate-to-background-controller: "true" +rules: +- apiGroups: + - '' + resources: + - secrets + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kyverno:secrets:manage + labels: + rbac.kyverno.io/aggregate-to-background-controller: "true" +rules: +- apiGroups: + - '' + resources: + - secrets + - namespaces + verbs: + - create + - update + - delete +--- +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: sync-secret-with-multi-clone +spec: + rules: + - name: sync-secrets + match: + any: + - resources: + kinds: + - Namespace + exclude: + any: + - resources: + namespaces: + - kube-system + - istio-system + - default + - kube-public + - kyverno + generate: + generateExisting: true + namespace: "{{request.object.metadata.name}}" + synchronize: true + cloneList: + namespace: secrets + kinds: + - v1/Secret + selector: + matchLabels: + allowedToBeCloned: "true" diff --git a/cluster-resources/letsencrypt-issuer.yaml b/cluster-resources/letsencrypt-issuer.yaml new file mode 100644 index 0000000..c62ca32 --- /dev/null +++ b/cluster-resources/letsencrypt-issuer.yaml @@ -0,0 +1,35 @@ +--- +# Staging ClusterIssuer for testing (higher rate limits, not browser-trusted) +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + # Let's Encrypt staging server + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: danijels@gmail.com + privateKeySecretRef: + name: letsencrypt-staging-key + solvers: + - http01: + ingress: + class: traefik + +--- +# Production ClusterIssuer for browser-trusted certificates +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + # Let's Encrypt production server + server: https://acme-v02.api.letsencrypt.org/directory + email: danijels@gmail.com + privateKeySecretRef: + name: letsencrypt-prod-key + solvers: + - http01: + ingress: + class: traefik