37 lines
1.2 KiB
Nix
37 lines
1.2 KiB
Nix
|
{ nixhelm, system, ... }: {
|
||
|
kubernetes = {
|
||
|
# TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
|
||
|
# See https://cert-manager.io/docs/installation/helm/
|
||
|
# Seems kubenix cannot import a list of resources, only individual resources.
|
||
|
# Might be good to create a PR for this.
|
||
|
imports = [
|
||
|
./cert-manager-manifests/certificaterequest.yaml
|
||
|
./cert-manager-manifests/certificate.yaml
|
||
|
./cert-manager-manifests/challenge.yaml
|
||
|
./cert-manager-manifests/clusterissuer.yaml
|
||
|
./cert-manager-manifests/issuer.yaml
|
||
|
./cert-manager-manifests/order.yaml
|
||
|
];
|
||
|
|
||
|
helm.releases = {
|
||
|
cert-manager = {
|
||
|
chart = nixhelm.chartsDerivations.${system}.jetstack.cert-manager;
|
||
|
includeCRDs = false;
|
||
|
namespace = "kube-system";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
resources.clusterIssuers.letsencrypt = {
|
||
|
spec.acme = {
|
||
|
server = "https://acme-v02.api.letsencrypt.org/directory";
|
||
|
email = "pim@kunis.nl";
|
||
|
privateKeySecretRef.name = "letsencrypt-private-key";
|
||
|
solvers = [{
|
||
|
selector = { };
|
||
|
http01.ingress.class = "traefik";
|
||
|
}];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|