diff --git a/cert-manager/argocd.yaml b/cert-manager/argocd.yaml deleted file mode 100644 index 7b01bdd..0000000 --- a/cert-manager/argocd.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cert-manager - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: default - sources: - - repoURL: https://charts.jetstack.io - chart: cert-manager - targetRevision: v1.16.2 - helm: - valueFiles: - - $values/cert-manager/helm-values.yaml - - repoURL: https://github.com/K3S-HOME/platform.git - targetRevision: main - ref: values - - repoURL: https://github.com/K3S-HOME/platform.git - targetRevision: main - path: cert-manager - destination: - server: https://kubernetes.default.svc - namespace: cert-manager - syncPolicy: - automated: - prune: true - selfHeal: true - allowEmpty: false - syncOptions: - - CreateNamespace=true - - PrunePropagationPolicy=foreground - - PruneLast=true - retry: - limit: 5 - backoff: - duration: 5s - factor: 2 - maxDuration: 3m - managedNamespaceMetadata: - labels: - goldilocks.fairwinds.com/enabled: 'true' - revisionHistoryLimit: 10 diff --git a/cert-manager/helm-values.yaml b/cert-manager/helm-values.yaml deleted file mode 100644 index cf98a70..0000000 --- a/cert-manager/helm-values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Cert-Manager Helm Values -# Chart: https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager - -# Install CRDs with Helm -installCRDs: true - -replicaCount: 1 - -resources: - requests: - cpu: 23m - memory: 115Mi - limits: - memory: 115Mi - -webhook: - replicaCount: 1 - resources: - requests: - cpu: 23m - memory: 115Mi - limits: - memory: 115Mi - # Affinity - Soft Anti-Affinity to spread pods across nodes - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: cert-manager-webhook - topologyKey: kubernetes.io/hostname - -cainjector: - replicaCount: 1 - resources: - requests: - cpu: 23m - memory: 230Mi - limits: - memory: 230Mi - # Affinity - Soft Anti-Affinity to spread pods across nodes - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: cert-manager-cainjector - topologyKey: kubernetes.io/hostname - -# Affinity - Soft Anti-Affinity to spread pods across nodes -affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: cert-manager - topologyKey: kubernetes.io/hostname - -# Prometheus metrics -prometheus: - enabled: true - servicemonitor: - enabled: false - diff --git a/cert-manager/kustomization.yaml b/cert-manager/kustomization.yaml deleted file mode 100644 index f9347af..0000000 --- a/cert-manager/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- manifests/cluster-issuer.yaml diff --git a/cert-manager/manifests/cluster-issuer.yaml b/cert-manager/manifests/cluster-issuer.yaml deleted file mode 100644 index c2ab14c..0000000 --- a/cert-manager/manifests/cluster-issuer.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-prod -spec: - acme: - # Let's Encrypt Production 서버 - # 실제 운영 환경에서 사용 - # Rate limit: 50 certificates per registered domain per week - server: https://acme-v02.api.letsencrypt.org/directory - - # 인증서 만료 알림을 받을 이메일 주소 - email: bluemayne0213@icloud.com - - # ACME 계정의 private key를 저장할 Secret 이름 - privateKeySecretRef: - name: letsencrypt-prod - - # HTTP-01 challenge를 사용하여 도메인 소유권 검증 - # Traefik Ingress를 통해 /.well-known/acme-challenge/ 경로로 검증 - solvers: - - http01: - ingress: - class: traefik ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - # Let's Encrypt Staging 서버 - # 테스트용 - 브라우저에서 신뢰하지 않지만 rate limit 없음 - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: bluemayne0213@icloud.com - privateKeySecretRef: - name: letsencrypt-staging - solvers: - - http01: - ingress: - class: traefik diff --git a/kustomization.yaml b/kustomization.yaml index df53d9b..6fd5f4e 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,7 +6,6 @@ resources: - application.yaml # Core infrastructure - - cert-manager/argocd.yaml - traefik/argocd.yaml - argocd/argocd.yaml - argocd/image-updater.yaml