vhaudiquet/homeprod
1
0
Fork 0
mirror of https://github.com/vhaudiquet/homeprod.git synced 2026-06-27 20:12:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

cert-manager: add cert-manager for automatic certificate renewal

Browse Source 
Add cert-manager with DNS-01 challenge support:
- Cloudflare (vhaudiquet.fr, buildpath.win)
This commit is contained in:
Valentin Haudiquet
2026-06-16 10:15:53 +02:00
parent 68d024de92
commit e9ab217466
9 changed files with 199 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
kubernetes/system/cert-manager/cloudflare-api-token-secret.yaml
+47
View File
@@ -0,0 +1,47 @@
# Cloudflare API Token for DNS-01 Challenges
#
# A Cloudflare API token with the following permissions:
# - Zone > DNS > Edit
# - Zone > Zone > Read
#
# Base64-encoded:
# echo -n "api-token" | base64
#
# This file will be SOPS-encrypted on pre-commit
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-token
namespace: cert-manager
labels:
app.kubernetes.io/name: cert-manager
app.kubernetes.io/component: cloudflare-api-token
type: Opaque
data:
api-token: ENC[AES256_GCM,data:Ty7PlsPTOUd1zjY5Z+YuKwQ9DbKuvZo8FPz4jdhQFbLGfSwkC8GkOE8LeqxxxdNCDm59luaoPmIVhmrog9SbZLjRw9Mfmh9E,iv:dSpHCC4E8JadygLfG3T3UObPic92fDLm1SDw/j9FxUA=,tag:9KoD5LNqR1WfXbv2upGwiw==,type:str]
sops:
lastmodified: "2026-06-16T08:15:23Z"
mac: ENC[AES256_GCM,data:psnVaPRr7viLZPtR9CW0G8QJuO5fWHzlPs+iyuWPUSR3mqNadL9tZ5Waz90dlWpXrQnxXpna+mjTwKRYdIDiITEBMLE3dqMvDjPU4h74RhSO/HxgpU6GFQnm0V+yVh9qTnY6JAXM0lLelVvXLTi5mjQr6k/4+uoVUvQ8CvDOAnw=,iv:eJCaQGtzD67KRuMqWvNEWj+WN3YkyN6YEbWhrLM6Pv8=,tag:jrRSXYod7s5g/QoI3/i/xA==,type:str]
pgp:
- created_at: "2026-06-16T08:15:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA7uy4qQr71wiAQ/+JlRMdXmo44Z0GBjsd4mfls2AHs9Jrcan674/rKx17Ixk
ucKBC+2GA9aLp3bGKB/7bExEgW9Wn0Ufa7Qf7KTjhr37Foz8FI4Nldq0v/GTQHTh
W/M/F+OtkBJDrcqN4cWIIfOTgkkTcgcChYaJYIpRinRzcTMCMC0EQQl6nZm3dFUw
6yPWEnbPRbEXVExq6tnU+zcGHazD9e03lUJiEWC1M7ot0sxpmzwrIFrIfJrfbQ9n
2fTlrYOKJk+M2XpiYojH8v6YCLKUTHCir1Nqfp2/xG/gT6zqfXODA2YRWxNQDMKr
39kinwny02F5tbTRxteni3rtgYEgkXUbvogYSbjNOYicEZ3PqmRuniF+L+6Bxxq2
3u5J3nhU1BncFjeWA1ZzyvfwenRRI+faO/nPRSuWe7Dt5c3+AodeFqIRAQNFZmor
WgiLTz6oOhvY9ieAp4nmcVRxl91luJzq1abtAvDLz4XN37uCqF0gwv1BAXCMW4NC
75IsfJU13Ctpccj5wQLuKMV2pQML1Q8MQluPr/dhqgAU3zFJVmGYtkvDemGEsMS/
xW6mgRPJXmClcoNhLYT9T0flSSrVRsAnGcMeoPhTePLxrrqZmEmZFNxo1+aSLnwJ
RP05RIZY//88R7MJidPkqqXekIQ9dmZb7M+43k9Re1nmi/CQs+ZxtnhGoz/DpZDS
XgGcVSS9GOEUcq7EOkxZZFHCR2VNGnpUyLPRtzsUJh0eAxOU3M5XLThFBk7yw8Co
ov0TDoVOo1cqCLkdiEOM2CNkXBTjlRdJg7pQMO1ytXzkoc1EFTTK6QMy7O0FL5U=
=xoE8
-----END PGP MESSAGE-----
fp: DC6910268E657FF70BA7EC289974494E76938DDC
encrypted_regex: ^(data|stringData|.*.key|.*.crt)$
version: 3.10.2