Update k8s manifests

2026-03-10 13:09:03 +08:00 · 2026-03-10 13:09:03 +08:00 · 03df49793f
commit 03df49793f
parent 5d97f34957
5 changed files with 58 additions and 3 deletions
--- a/k8s/flux/gotk-sync.yaml
+++ b/k8s/flux/gotk-sync.yaml
@ -6,7 +6,7 @@ metadata:
  namespace: flux-system
 spec:
  interval: 5m
-  url: https://gitea.n0ball.tw/admin/infra.git
+  url: http://192.168.51.203/admin/infra.git
  ref:
    branch: main
  secretRef:
@ -31,6 +31,25 @@ spec:
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
+metadata:
+  name: infrastructure-config
+  namespace: flux-system
+spec:
+  interval: 5m
+  path: ./k8s/infrastructure-config
+  prune: true
+  dependsOn:
+    - name: infrastructure
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
 metadata:
  name: pg-init
  namespace: flux-system
@ -59,6 +78,7 @@ spec:
  prune: true
  dependsOn:
    - name: infrastructure
+    - name: infrastructure-config
    - name: pg-init
  sourceRef:
    kind: GitRepository
--- a/k8s/infrastructure-config/cert-manager/clusterissuer.yaml
+++ b/k8s/infrastructure-config/cert-manager/clusterissuer.yaml
@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: n0ball-tw-issuer
+spec:
+  acme:
+    server: https://acme-v2.api.letsencrypt.org/directory
+    email: admin@n0ball.tw
+    privateKeySecretRef:
+      name: letsencrypt-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token
+        selector:
+          dnsZones:
+            - "n0ball.tw"
--- a/k8s/infrastructure-config/cert-manager/wildcard-cert.yaml
+++ b/k8s/infrastructure-config/cert-manager/wildcard-cert.yaml
@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: n0ball-tw-wildcard
+  namespace: kube-system
+spec:
+  secretName: n0ball-tw-tls
+  issuerRef:
+    name: n0ball-tw-issuer
+    kind: ClusterIssuer
+  dnsNames:
+    - "*.n0ball.tw"
+    - "n0ball.tw"
--- a/k8s/infrastructure-config/kustomization.yaml
+++ b/k8s/infrastructure-config/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cert-manager/clusterissuer.yaml
+  - cert-manager/wildcard-cert.yaml
--- a/k8s/infrastructure/kustomization.yaml
+++ b/k8s/infrastructure/kustomization.yaml
@ -4,8 +4,6 @@ resources:
  - helmrepositories.yaml
  - longhorn/helmrelease.yaml
  - cert-manager/helmrelease.yaml
-  - cert-manager/clusterissuer.yaml
-  - cert-manager/wildcard-cert.yaml
  - observability
  - openldap/helmrelease.yaml
  - keycloak/helmrelease.yaml