Add updatemonitor chart

updatecli · Jul 13, 2023 · 753f5b9 · 753f5b9
1 parent e0d0302
commit 753f5b9
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 4 deletions.
diff --git a/.sops.yaml b/.sops.yaml
@@ -2,8 +2,8 @@ creation_rules:
     # By default allow following keys to encrypt/decrypt secrets
     # Specific path can be configured as explained here https://github.com/mozilla/sops#using-sops-yaml-conf-to-select-kms-pgp-for-new-files
     # !  The first regex that matches is selected
-    - path_regex: secrets.yaml
-      key_groups:
+    # - path_regex: secrets.d
+    - key_groups:
         - pgp:
             # - '56D8342434B84E2D1CCF53D96E9A025D52210D3D' # Olblak
             - '149E8DB97FE134C2703A149AA902D944C78793B7' # Olblak

diff --git a/helmfile.d/cert-manager.yaml b/helmfile.d/cert-manager.yaml
@@ -0,0 +1,19 @@
+repositories:
+  - name: cert-manager
+    url: https://charts.jetstack.io
+helmDefaults:
+  createNamespace: true
+  timeout: 180
+  atomic: true
+  verify: false
+  wait: true
+releases:
+  - name: cert-manager
+    namespace: cert-manager
+    version: v1.12.2
+    chart: cert-manager/cert-manager
+    disableValidationOnInstall: true
+    wait: true
+    waitForJobs: true
+    values:
+      - installCRDs: true
diff --git a/helmfile.yaml → helmfile.d/updatemonitor.yaml b/helmfile.yaml → helmfile.d/updatemonitor.yaml
@@ -10,8 +10,8 @@ releases:
     chart: updatecli/updatemonitor
     version: 0.2.0
     values:
-      - values.yaml
+      - ../values.d/updatemonitor.yaml
     secrets:
-      - secrets.yaml
+      - ../secrets.d/updatemonitor.yaml
     wait: true
 
diff --git a/k8s.d/cluster-issuers.yaml b/k8s.d/cluster-issuers.yaml
@@ -0,0 +1,22 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+  namespace: cert-manager
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: [email protected]
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    # An empty 'selector' means that this solver matches all domains
+    - selector: {}
+      http01:
+        ingress:
+          class: traefik
+
diff --git a/secrets.yaml → secrets.d/updatemonitor.yaml b/secrets.yaml → secrets.d/updatemonitor.yaml
diff --git a/values.yaml → values.d/updatemonitor.yaml b/values.yaml → values.d/updatemonitor.yaml
@@ -1,7 +1,20 @@
+#mongodb:
+#  image:
+#    # Due to https://github.com/bitnami/charts/issues/10255
+#    # We need to use mongodb 4 on norvos
+#    tag: 4.4.15
+
 ingress:
   enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
   hosts:
     - host: updatemonitor.updatecli.io
+  tls:
+    - secretName: updatemonitor-tls
+      hosts:
+        - updatemonitor.updatecli.io
+
 config:
   server:
     readonly: true