shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: CDKTF | migrate cert manager to cdktf

Browse Source
This commit is contained in:
Shahab Dogar
2025-07-15 09:45:47 +05:00
parent 5475a25b94
commit bb02f48d9a
5 changed files with 150 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
cert-manager/cert-manager.yaml
View File

@@ -1,52 +0,0 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
namespace: cert-manager
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: selfsigned-ca
namespace: cert-manager
spec:
isCA: true
commonName: "Shahab Dogar"
secretName: root-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: ca-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cluster-issuer
namespace: cert-manager
spec:
ca:
secretName: root-secret
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cloudflare-issuer
namespace: cert-manager
spec:
acme:
email: shahab@dogar.dev
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cloudflare-cluster-issuer-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-token
key: credential

133
cert-manager/index.ts Normal file
View File

@@ -0,0 +1,133 @@
import * as fs from "fs";
import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
import { Release } from "@cdktf/provider-helm/lib/release";
import { Construct } from "constructs";
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
type CertManagerOptions = {
providers: {
kubernetes: KubernetesProvider;
helm: HelmProvider;
};
version: string;
name: string;
namespace: string;
certManagerApiVersion: string;
};
export class CertManager extends Construct {
constructor(scope: Construct, id: string, options: CertManagerOptions) {
super(scope, id);
const { helm, kubernetes } = options.providers;
const { certManagerApiVersion } = options;
new Release(this, id, {
provider: helm,
name: options.name,
namespace: options.namespace,
version: options.version,
repository: "https://charts.jetstack.io",
chart: "cert-manager",
createNamespace: true,
values: [
fs.readFileSync("helm/values/cert-manager.values.yaml", {
encoding: "utf8",
}),
],
});
// Self-signed ClusterIssuer for initial CA
new Manifest(this, "ca-issuer", {
provider: kubernetes,
manifest: {
apiVersion: certManagerApiVersion,
kind: "ClusterIssuer",
metadata: {
name: "ca-issuer",
},
spec: {
selfSigned: {},
},
},
});
// Self-signed CA Certificate
new Manifest(this, "selfsigned-ca", {
provider: kubernetes,
manifest: {
apiVersion: certManagerApiVersion,
kind: "Certificate",
metadata: {
name: "selfsigned-ca",
namespace: options.namespace,
},
spec: {
isCA: true,
commonName: "Shahab Dogar",
secretName: "root-secret",
privateKey: {
algorithm: "ECDSA",
size: 256,
},
issuerRef: {
name: "ca-issuer",
kind: "ClusterIssuer",
group: "cert-manager.io",
},
},
},
});
// CA-based ClusterIssuer
new Manifest(this, "cluster-issuer", {
provider: kubernetes,
manifest: {
apiVersion: certManagerApiVersion,
kind: "ClusterIssuer",
metadata: {
name: "cluster-issuer",
},
spec: {
ca: {
secretName: "root-secret",
},
},
},
});
// Cloudflare ACME ClusterIssuer
new Manifest(this, "cloudflare-issuer", {
provider: kubernetes,
manifest: {
apiVersion: certManagerApiVersion,
kind: "ClusterIssuer",
metadata: {
name: "cloudflare-issuer",
},
spec: {
acme: {
email: "shahab@dogar.dev",
server: "https://acme-v02.api.letsencrypt.org/directory",
privateKeySecretRef: {
name: "cloudflare-cluster-issuer-account-key",
},
solvers: [
{
dns01: {
cloudflare: {
apiTokenSecretRef: {
name: "cloudflare-token",
key: "credential",
},
},
},
},
],
},
},
},
});
}
}