Initial commit

2026-02-14 10:46:57 -05:00
commit 4426274448
30 changed files with 1149 additions and 0 deletions
--- a/infrastructure/cert-manager-issuer/issuer.yaml
+++ b/infrastructure/cert-manager-issuer/issuer.yaml
@@ -0,0 +1,22 @@
+# ClusterIssuer for Let's Encrypt using DNS-01 challenge.
+# This example uses Cloudflare as the DNS provider. If you use a different
+# provider, see: https://cert-manager.io/docs/configuration/acme/dns01/
+#
+# Replace <YOUR_EMAIL> with your email address for Let's Encrypt notifications.
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cert-issuer
+  namespace: infrastructure
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: <YOUR_EMAIL>
+    privateKeySecretRef:
+      name: letsencrypt-dns-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-credentials
+              key: api-token
--- a/infrastructure/cert-manager-issuer/secrets.yaml
+++ b/infrastructure/cert-manager-issuer/secrets.yaml
@@ -0,0 +1,13 @@
+# DNS provider API token for cert-manager DNS-01 challenge.
+# Replace <YOUR_DNS_API_TOKEN> with your Cloudflare API token
+# (or adjust for your DNS provider).
+#
+# Encrypt this file with: sops --encrypt --in-place secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-credentials
+  namespace: infrastructure
+type: Opaque
+stringData:
+  api-token: <YOUR_DNS_API_TOKEN>