update

apps/templates/cert-manager.yaml

@@ -9,12 +9,8 @@ spec:
     server: {{ .Values.spec.destination.server }}
   project: default
   source:
-    chart: cert-manager
+    path: cert-manager
-    repoURL: https://charts.jetstack.io
+    repoURL: {{ .Values.spec.source.repoURL }}
-    targetRevision: 1.*.*
+    targetRevision: {{ .Values.spec.source.targetRevision }}
-    helm:
-      valuesObject:
-        crds:
-          enabled: true
   syncPolicy:
     automated: {}

apps/templates/cluster-config.yaml

@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cluster-config
+  namespace: argocd
+spec:
+  destination:
+    namespace: default
+    server: {{ .Values.spec.destination.server }}
+  project: default
+  source:
+    path: cluster-config
+    repoURL: {{ .Values.spec.source.repoURL }}
+    targetRevision: {{ .Values.spec.source.targetRevision }}
+  syncPolicy:
+    automated: {}

argocd/kustomization.yaml

@@ -8,3 +8,7 @@ configMapGenerator:
   behavior: merge
   files:
   - ssh_known_hosts
+- name: argocd-cm
+  behavior: merge
+  literals:
+  - kustomize.buildOptions=--enable-helm

cert-manager/cloudflare.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token-secret
+type: Opaque
+stringData:
+  api-token: 2HvBOy8LzwnvssuL4jZxOVlMtHoLP981FJRY2cQF

cert-manager/clusterissuer.yaml

@@ -0,0 +1,21 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: leon.liuyang.d@gmail.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token-secret
+              key: api-token

cert-manager/kustomization.yaml

@@ -0,0 +1,12 @@
+resources:
+  - cloudflare.yaml
+  - clusterissuer.yaml
+
+helmCharts:
+  - name: cert-manager
+    repo: https://charts.jetstack.io
+    releaseName: cert-manager
+    namespace: cert-manager
+    valuesInline:
+      crds:
+        enabled: true

cluster-config/dockerconfig.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJnaGNyLmlvIjp7InVzZXJuYW1lIjoibGVvbmxpdXkiLCJwYXNzd29yZCI6ImdocF9GU0swVDhxRE1mYmZ0eFJhZ1VaVU1DWWZ0eFlLM2IxckcwTHAiLCJlbWFpbCI6Imxlb24ubGl1eWFuZy5kQGdtYWlsLmNvbSIsImF1dGgiOiJiR1Z2Ym14cGRYazZaMmh3WDBaVFN6QlVPSEZFVFdaaVpuUjRVbUZuVlZwVlRVTlpablI0V1VzellqRnlSekJNY0E9PSJ9fX0=
+kind: Secret
+metadata:
+  name: ghcr-auth
+type: kubernetes.io/dockerconfigjson