feat: CDKTF | migrate cert manager to cdktf
This commit is contained in:
@@ -1,52 +0,0 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: ca-issuer
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: selfsigned-ca
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
isCA: true
|
||||
commonName: "Shahab Dogar"
|
||||
secretName: root-secret
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
size: 256
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: cluster-issuer
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
ca:
|
||||
secretName: root-secret
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: cloudflare-issuer
|
||||
namespace: cert-manager
|
||||
spec:
|
||||
acme:
|
||||
email: shahab@dogar.dev
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: cloudflare-cluster-issuer-account-key
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-token
|
||||
key: credential
|
||||
133
cert-manager/index.ts
Normal file
133
cert-manager/index.ts
Normal file
@@ -0,0 +1,133 @@
|
||||
import * as fs from "fs";
|
||||
import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
|
||||
import { Release } from "@cdktf/provider-helm/lib/release";
|
||||
import { Construct } from "constructs";
|
||||
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
|
||||
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
||||
|
||||
type CertManagerOptions = {
|
||||
providers: {
|
||||
kubernetes: KubernetesProvider;
|
||||
helm: HelmProvider;
|
||||
};
|
||||
version: string;
|
||||
name: string;
|
||||
namespace: string;
|
||||
certManagerApiVersion: string;
|
||||
};
|
||||
|
||||
export class CertManager extends Construct {
|
||||
constructor(scope: Construct, id: string, options: CertManagerOptions) {
|
||||
super(scope, id);
|
||||
|
||||
const { helm, kubernetes } = options.providers;
|
||||
const { certManagerApiVersion } = options;
|
||||
|
||||
new Release(this, id, {
|
||||
provider: helm,
|
||||
name: options.name,
|
||||
namespace: options.namespace,
|
||||
version: options.version,
|
||||
repository: "https://charts.jetstack.io",
|
||||
chart: "cert-manager",
|
||||
createNamespace: true,
|
||||
values: [
|
||||
fs.readFileSync("helm/values/cert-manager.values.yaml", {
|
||||
encoding: "utf8",
|
||||
}),
|
||||
],
|
||||
});
|
||||
|
||||
// Self-signed ClusterIssuer for initial CA
|
||||
new Manifest(this, "ca-issuer", {
|
||||
provider: kubernetes,
|
||||
manifest: {
|
||||
apiVersion: certManagerApiVersion,
|
||||
kind: "ClusterIssuer",
|
||||
metadata: {
|
||||
name: "ca-issuer",
|
||||
},
|
||||
spec: {
|
||||
selfSigned: {},
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
// Self-signed CA Certificate
|
||||
new Manifest(this, "selfsigned-ca", {
|
||||
provider: kubernetes,
|
||||
manifest: {
|
||||
apiVersion: certManagerApiVersion,
|
||||
kind: "Certificate",
|
||||
metadata: {
|
||||
name: "selfsigned-ca",
|
||||
namespace: options.namespace,
|
||||
},
|
||||
spec: {
|
||||
isCA: true,
|
||||
commonName: "Shahab Dogar",
|
||||
secretName: "root-secret",
|
||||
privateKey: {
|
||||
algorithm: "ECDSA",
|
||||
size: 256,
|
||||
},
|
||||
issuerRef: {
|
||||
name: "ca-issuer",
|
||||
kind: "ClusterIssuer",
|
||||
group: "cert-manager.io",
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
// CA-based ClusterIssuer
|
||||
new Manifest(this, "cluster-issuer", {
|
||||
provider: kubernetes,
|
||||
manifest: {
|
||||
apiVersion: certManagerApiVersion,
|
||||
kind: "ClusterIssuer",
|
||||
metadata: {
|
||||
name: "cluster-issuer",
|
||||
},
|
||||
spec: {
|
||||
ca: {
|
||||
secretName: "root-secret",
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
// Cloudflare ACME ClusterIssuer
|
||||
new Manifest(this, "cloudflare-issuer", {
|
||||
provider: kubernetes,
|
||||
manifest: {
|
||||
apiVersion: certManagerApiVersion,
|
||||
kind: "ClusterIssuer",
|
||||
metadata: {
|
||||
name: "cloudflare-issuer",
|
||||
},
|
||||
spec: {
|
||||
acme: {
|
||||
email: "shahab@dogar.dev",
|
||||
server: "https://acme-v02.api.letsencrypt.org/directory",
|
||||
privateKeySecretRef: {
|
||||
name: "cloudflare-cluster-issuer-account-key",
|
||||
},
|
||||
solvers: [
|
||||
{
|
||||
dns01: {
|
||||
cloudflare: {
|
||||
apiTokenSecretRef: {
|
||||
name: "cloudflare-token",
|
||||
key: "credential",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -7,8 +7,6 @@ repositories:
|
||||
url: https://kubernetes.github.io/ingress-nginx
|
||||
- name: bitnami
|
||||
url: https://charts.bitnami.com/bitnami
|
||||
- name: jetstack
|
||||
url: https://charts.jetstack.io
|
||||
- name: prometheus-community
|
||||
url: https://prometheus-community.github.io/helm-charts
|
||||
---
|
||||
@@ -51,14 +49,6 @@ releases:
|
||||
values:
|
||||
- ./values/memcached.values.yaml
|
||||
|
||||
# Cert Manager
|
||||
- name: cert-manager
|
||||
namespace: cert-manager
|
||||
chart: jetstack/cert-manager
|
||||
version: 1.15.3
|
||||
values:
|
||||
- ./values/cert-manager.values.yaml
|
||||
|
||||
# Prometheus Operator
|
||||
- name: prometheus-operator
|
||||
namespace: prometheus-system
|
||||
|
||||
15
main.ts
15
main.ts
@@ -11,6 +11,7 @@ import { PostgresCluster } from "./postgres";
|
||||
import { Longhorn } from "./longhorn";
|
||||
import { AuthentikServer } from "./authentik";
|
||||
import { RedisCluster } from "./redis";
|
||||
import { CertManager } from "./cert-manager";
|
||||
|
||||
dotenv.config();
|
||||
|
||||
@@ -35,6 +36,8 @@ class Homelab extends TerraformStack {
|
||||
},
|
||||
});
|
||||
|
||||
const certManagerApiVersion = "cert-manager.io/v1";
|
||||
|
||||
new Longhorn(this, "longhorn", {
|
||||
namespace: "longhorn-system",
|
||||
name: "longhorn",
|
||||
@@ -45,7 +48,19 @@ class Homelab extends TerraformStack {
|
||||
},
|
||||
});
|
||||
|
||||
new CertManager(this, "cert-manager", {
|
||||
certManagerApiVersion,
|
||||
name: "cert-manager",
|
||||
namespace: "cert-manager",
|
||||
version: "1.15.3",
|
||||
providers: {
|
||||
kubernetes,
|
||||
helm,
|
||||
},
|
||||
});
|
||||
|
||||
new PostgresCluster(this, "postgres-cluster", {
|
||||
certManagerApiVersion,
|
||||
name: "postgres-cluster",
|
||||
namespace: "postgres-system",
|
||||
providers: {
|
||||
|
||||
@@ -15,6 +15,7 @@ type PostgresClusterOptions = {
|
||||
users: string[];
|
||||
primaryUser: string;
|
||||
initSecretName: string;
|
||||
certManagerApiVersion: string;
|
||||
};
|
||||
|
||||
export class PostgresCluster extends Construct {
|
||||
@@ -31,7 +32,7 @@ export class PostgresCluster extends Construct {
|
||||
namespace: options.namespace,
|
||||
});
|
||||
|
||||
const certManagerApiVersion = "cert-manager.io/v1";
|
||||
const { certManagerApiVersion } = options;
|
||||
|
||||
const certNames = {
|
||||
server: "postgres-server-cert",
|
||||
|
||||
Reference in New Issue
Block a user