From 386b8e33de1a5ceae337a7c7a43f8da6e0819818 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 15 Aug 2021 21:16:28 +0200
Subject: [PATCH] feat(cert-manager): Add cluster-wide default letsencrypt
 issuer

This patch adds a ClusterIssuer for simple use-cases that are happy with
HTTP-challenge based issuing of certificates.
---
 clusters/okd4/cert-manager/clusterIssuer.yaml | 65 +++++++++++++++++++
 clusters/okd4/cert-manager/kustomization.yaml |  4 ++
 2 files changed, 69 insertions(+)
 create mode 100644 clusters/okd4/cert-manager/clusterIssuer.yaml
 create mode 100644 clusters/okd4/cert-manager/kustomization.yaml

diff --git a/clusters/okd4/cert-manager/clusterIssuer.yaml b/clusters/okd4/cert-manager/clusterIssuer.yaml
new file mode 100644
index 000000000..a464026fd
--- /dev/null
+++ b/clusters/okd4/cert-manager/clusterIssuer.yaml
@@ -0,0 +1,65 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+    name: letsencrypt
+spec:
+    acme:
+        email: ENC[AES256_GCM,data:eBPw+BiEJO67uRLlQf5i9J+phH+TbKiA8BNLfnA2zJ6thR3OeYYLc0p+SB5T9AQ=,iv:TyUprJrFiZJq9gOSN5H631JJIPeJLR4qvcgBXndLblk=,tag:AnXtN2+PggJy5CSSsjgD5A==,type:str]
+        preferredChain: ""
+        privateKeySecretRef:
+            name: letsencrypt
+        server: https://acme-v02.api.letsencrypt.org/directory
+        solvers:
+            - selector: {}
+              http01: {}
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2021-08-15T19:14:33Z"
+    mac: ENC[AES256_GCM,data:n+mQct/HXr7TX8s+jAUoXv0OsIFFRFYUUbBXgJnpd8uLFFMgzzkG204ZVUR73pfICZnNEce9rge/kU9LjrGd3uHkWNdm7TxTeyv/eI4kEQwOurBK358rpRv7n57UNLQIUTAHG8fo4A1A7ZN3R1OD91b0pKWkp7vMck091EDrz/0=,iv:YUEl5Yao4zlNS3CzukiD79MUwoNeHnyVMd1F5UJdaxo=,tag:ovsCbyEZ+BoeoXn5630Wfw==,type:str]
+    pgp:
+        - created_at: "2021-08-13T23:58:48Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA1u//sli4/n1AQ/+I794GEYejSDFz4sVZAnBbN1bTpzT1dg4jbEbEtfDg65f
+            9Yqm8F9FENsIucN1XAkQWA0+UDLAHYV4pFOVi/4+LTX0HyOvVgUTSWspuF6JSMum
+            UkfDNLZA4eC0eGqBeF6AaO2qEOxsyrzJz6YtOydevZgegEFnqpk/MdfmvZ29++D9
+            LLgpPIxaRCTVH2wgFc8LOVqTwic7xtlRkT1DDbTI7yoN+KFUALNtFNjZBrIezuaK
+            NoykPInUeBt9VaY6icvb3O+fwdphWh2ws+T/jmVszfaFJFWZDRsG9OTXVAhKPjeU
+            nUmhAUaOr7nWsbYabn38Nxbx+LhrlStyvpTFbwFxcj/gQip4X4q9QOUu/n67E/R5
+            m5XQSWB53vjbZKvpYyxTocUJskneTtS20xuj97/tTS+LjdaBD8E1X2Pr7ztrny5R
+            vQ/PTpA/JProfI8No/HcFnYnXz8ZiRSbnD9ShMevK3CbedmMVRTNIY5y74i/EfV6
+            cAQ1sd4sJ31DXl6YHSuhLl9c3IyN6h+cbaHDjdo0NOcWCXgfcVEu+6l/4TKv5Iqt
+            k61CfQ0OhzRHOWJXcE5IXA4S6hyeLXlzVGWEQm/N1oFuX1/NrSrRI/W/ayFVJTOn
+            cVdqcTVS44I8jPutzWbozy1arFAbQppE2Vyr56yhs/jQpsRBMSkO1zKd/0dzxUnS
+            XAHF7kB8GlQanEFJeXBkzi9ro7UhxkB3ZbtR13sO2/bF/ufiLyASD8FMlZq/0cOh
+            72MIpxYrz84ISBpRPFxAIvAl9FoNbs4XafMKXfAIQH952tOLPZ42xcBZnelq
+            =GaBa
+            -----END PGP MESSAGE-----
+          fp: 9D02A9AD73EF7F3D5F657AC2B392F6EB325E8C50
+        - created_at: "2021-08-13T23:58:48Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA7kpg2bgzVHcARAAZ9I+G7NhI9TYTfIb4MC/r5chkylncqxQgItsooJaGGLw
+            DQOKDs9O8v9IHjGpLK8xv2Oae3VgL/IimkJJ8RmMvlFw8zG5h+9cOt5jwSUw9SE+
+            Vu2kS+sjYy91kOAQR8kufi3gvZnotR0M0fZMaQyW2cUI3p/BVcXUDhPCUjlvE6Y8
+            4tBdCBTP/v5e6AncOijsskMzm0BkIUMYDOcYACOmTuRB7f7Vte3duNPKV3MI3fjZ
+            UUFB3NYNiyP6GsodSjpZ0sXQ+LC2ePsrhpFryRRm1V2PRHhCwJeIvgbGqQTafOml
+            cL61MdvZcZhi4ys2ap4sEWD9lNOorh/3NCJoIv6rCoVtWGqyceliCJUK/7JkqaMB
+            ICh6z5l/6J9eVkoLFVaF+/E7DBWA2Tt3BBGU5+kA07OO3ew5bzk9AMw8hY2fK/DC
+            nxmqf3WsWBulUv0/quOsP7zjjWlr9mnV1Vf98KpLLhtV+9V9Rw10t+EN5JbrhPwT
+            dQYymhgy+E8RA/vxNX+fBeWuqpo9sFPBuBw3ogNVJUw0dXWXusQ1kKMPUCTdVIHS
+            F0X0rRLIzFN/IvmIIlASdekW1DdrAhCbxtStVtn/xvDOF9TRE2/8BZvs9E5Dnu1b
+            oFyBJH0O5DVjI7gRnbI1ntQtDwhvhUcJ0JUZtdiotU7lyMIs+GZaVAhD5qvTNoTS
+            5gEMzmTQCeHUOoKwPndd87s5I8zjqLw6YyQq9D546hglnq4EGg2Fo9grgJN7sdpf
+            efSfct+ElolKYJ4Lfgg4isnkaw8s5HfT0zLXn7mJ5LpyleKNfAdLAA==
+            =CWrw
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?)$
+    version: 3.7.1
diff --git a/clusters/okd4/cert-manager/kustomization.yaml b/clusters/okd4/cert-manager/kustomization.yaml
new file mode 100644
index 000000000..22e43b0eb
--- /dev/null
+++ b/clusters/okd4/cert-manager/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- clusterIssuer.yaml
-- 
GitLab