config: seankhliao/kluster @ v0.19.0
use with:
make create-clustermake decrypt // or create appropriate secret fileskubectl apply -k . // maybe repeat a few times if things failGKE, but cheaply, ok? 1 zonal E2 node
use kubectl's built in kustomize support
helm install --dry-run --debug name repo/chart > bundle.yamlkubectl apply -k .--prune --all especially with GKE managed resources(?)configMapGenerator and secretGenerator means config and secrets get their own files (and file types!)cert-manager is a royal pain to get running. DO NOT attempt to change anything from their default config
Lets Encrypt Cluster Issuer with Cloudflare DNS Challenge
Zone:Zone:Read, Zone:DNS:Edit on all zones(?) 1apiVersion: cert-manager.io/v1alpha2
2kind: ClusterIssuer
3metadata:
4 name: le-issuer
5spec:
6 acme:
7 email: admin@example.com
8 server: https://acme-v02.api.letsencrypt.org/directory
9 privateKeySecretRef:
10 name: le-issuer-account
11 solvers:
12 - dns01:
13 cloudflare:
14 email: admin@example.com
15 apiTokenSecretRef:
16 name: cloudflare
17 key: token
certificate resource:
1apiVersion: cert-manager.io/v1alpha2
2kind: Certificate
3metadata:
4 name: api.seankhliao.com
5spec:
6 secretName: api-seankhliao-com-tls
7 duration: 2160h
8 renewBefore: 360h
9 dnsNames:
10 - api.seankhliao.com
11 - "*.api.seankhliao.com"
12 issuerRef:
13 name: le-issuer
14 kind: ClusterIssuer