kubernetes: added additional ingress controller for internal access

- added additional traefik ingress controller for accessing internal services via ingress.
2025-06-26 21:01:12 +03:00
parent 4fa8058a44
commit 2a294eb273
12 changed files with 72 additions and 45 deletions
--- a/kubernetes/cert-manager-config-helm-chart/Chart.yaml
+++ b/kubernetes/cert-manager-config-helm-chart/Chart.yaml
@ -0,0 +1,5 @@
+apiVersion: v2
+name: cert-manager
+description: A Helm chart for cert-manager
+version: 0.1.0
+appVersion: "v1.11.0"
--- a/kubernetes/cert-manager-config-helm-chart/templates/clusterIssuers.yaml
+++ b/kubernetes/cert-manager-config-helm-chart/templates/clusterIssuers.yaml
@ -0,0 +1,18 @@
+# filepath: /home/taqi/homeserver/k3s-infra/cert-manager/templates/clusterIssuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: {{ .Values.clusterIssuer.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  acme:
+    server: {{ .Values.clusterIssuer.server }}
+    privateKeySecretRef:
+      name: {{ .Values.clusterIssuer.privateKeySecretRef }}
+    solvers:
+    - dns01:
+        cloudflare:  # Use the DNS-01 challenge mechanism for Cloudflare
+          email: {{ .Values.clusterIssuer.email }}
+          apiTokenSecretRef:
+            name: {{ .Values.clusterIssuer.apiTokenSecretRef.name }}
+            key: {{ .Values.clusterIssuer.apiTokenSecretRef.key }}
--- a/kubernetes/cert-manager-config-helm-chart/templates/secret-cloudflare.yaml
+++ b/kubernetes/cert-manager-config-helm-chart/templates/secret-cloudflare.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.secret.name }}
+  namespace: {{ .Values.namespace }}
+type: Opaque
+stringData:
+  api-token: {{ .Values.secret.apiToken }}
--- a/kubernetes/cert-manager-config-helm-chart/templates/wildcardCert.yaml
+++ b/kubernetes/cert-manager-config-helm-chart/templates/wildcardCert.yaml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.wildcardCert.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  secretName: {{ .Values.wildcardCert.secretName }}
+  issuerRef:
+    name: {{ .Values.clusterIssuer.name }}
+    kind: ClusterIssuer
+  dnsNames:
+    {{- range .Values.wildcardCert.dnsNames }}
+    - "{{ . }}"
+    {{- end }}
--- a/kubernetes/cert-manager-config-helm-chart/values.yaml
+++ b/kubernetes/cert-manager-config-helm-chart/values.yaml
@ -0,0 +1,21 @@
+namespace: cert-manager
+
+clusterIssuer:
+  name: acme-issuer
+  server: https://acme-v02.api.letsencrypt.org/directory
+  privateKeySecretRef: example-issuer-account-key
+  email: EMAIL
+  apiTokenSecretRef:
+    name: cloudflare-api-token-secret
+    key: api-token
+
+wildcardCert:
+  name: wildcard-cert
+  secretName: wildcard-cert-secret
+  dnsNames:
+    - ".example.com"
+
+secret:
+  type: Opaque
+  name: cloudflare-api-token-secret
+  apiToken: cloudflareToken