Add wildcard cert for internal

namespaces/cert-manager/chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: cert-manager
+  namespace: kube-system
+spec:
+  chart: cert-manager
+  repo: https://charts.jetstack.io
+  targetNamespace: cert-manager
+  createNamespace: true
+  valuesContent: |-
+    installCRDs: true
+    prometheus:
+      enabled: false

namespaces/cert-manager/cloudflare-token.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: certmanager-secrets
+  namespace: infisical
+  labels:
+    label-to-be-passed-to-managed-secret: homelab
+  annotations:
+    example.com/annotation-to-be-passed-to-managed-secret: "homelab"
+spec:
+  hostAPI: https://app.infisical.com/api
+  resyncInterval: 10
+  authentication:
+    # Universal Auth
+    universalAuth:
+      secretsScope:
+        projectSlug: homelab-n-f-yj
+        envSlug: prod
+        secretsPath: "/cert-manager" # Root is "/"
+        recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
+      credentialsRef:
+        secretName: universal-auth-credentials
+        secretNamespace: infisical
+  managedSecretReference:
+    secretName: certmanager-secrets
+    secretNamespace: cert-manager
+    creationPolicy: "Orphan" ## Owner | Orphan

namespaces/cert-manager/cluster-issuer.yaml

@@ -0,0 +1,22 @@
+# ClusterIssuer for Let's Encrypt
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: jonathan@leechpepin.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-prod-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: certmanager-secrets
+              key: CLOUDFLARE_API_TOKEN
+        selector:
+          dnsZones:
+            - "leechpepin.com"
+            - "consultjlp.com"
+            - "jlptech.consulting"

namespaces/cert-manager/consultjlpdotcom-cert.yaml

@@ -0,0 +1,15 @@
+# Wildcard Certificate
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-leechpepin
+  namespace: homelab
+spec:
+  secretName: wildcard-leechpepin-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: "*.consultjlp.com"
+  dnsNames:
+    - "*.consultjlp.com"
+    - "consultjlp.com"

namespaces/cert-manager/jlptechdotconsulting-cert.yaml

@@ -0,0 +1,15 @@
+# Wildcard Certificate
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-leechpepin
+  namespace: homelab
+spec:
+  secretName: wildcard-leechpepin-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: "*.jlptech.consulting"
+  dnsNames:
+    - "*.jlptech.consulting"
+    - "jlptech.consulting"

namespaces/cert-manager/leechpepindotcom-cert.yaml

@@ -0,0 +1,15 @@
+# Wildcard Certificate
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-leechpepin
+  namespace: homelab
+spec:
+  secretName: wildcard-leechpepin-tls
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: "*.leechpepin.com"
+  dnsNames:
+    - "*.leechpepin.com"
+    - "leechpepin.com"

namespaces/cert-manager/namespace.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    homelab-access: "true"
+  name: cert-manager

namespaces/homelab/gateway.yaml

@@ -29,7 +29,7 @@ spec:
         mode: Terminate
         certificateRefs:
           - kind: Secret
-            name: infisical-self-signed-cert
+            name: wildcard-leechpepin-tls
     - allowedRoutes:
         namespaces:
           from: Selector