diff --git a/00-OLD/certificate-wildcard-prd.yaml b/00-OLD/certificate-wildcard-prd.yaml deleted file mode 100644 index af7dfde..0000000 --- a/00-OLD/certificate-wildcard-prd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: wildcard-prd-tls - namespace: certificates-ops -spec: - secretName: wildcard-prd-tls - issuerRef: - name: letsencrypt-dns01-prod - kind: ClusterIssuer - dnsNames: - - "*.prd.gkdomaine.fr" - - "prd.gkdomaine.fr" - diff --git a/00-OLD/certificate-wildcard-rct.yaml b/00-OLD/certificate-wildcard-rct.yaml deleted file mode 100644 index e13b595..0000000 --- a/00-OLD/certificate-wildcard-rct.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: wildcard-rct-tls - namespace: certificates-ops -spec: - secretName: wildcard-rct-tls - issuerRef: - name: letsencrypt-dns01-prod - kind: ClusterIssuer - dnsNames: - - "*.rct.gkdomaine.fr" - - "rct.gkdomaine.fr" - diff --git a/00-OLD/longhorn/certificate-dev.yaml b/00-OLD/longhorn/certificate-dev.yaml deleted file mode 100644 index ca3c887..0000000 --- a/00-OLD/longhorn/certificate-dev.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: longhorn-dev-tls - namespace: certificates-ops -spec: - secretName: longhorn-dev-tls - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - dnsNames: - - longhorn.dev.gkdomaine.fr - diff --git a/00-OLD/rbac-cert-manager.yaml b/00-OLD/rbac-cert-manager.yaml deleted file mode 100644 index f3ed617..0000000 --- a/00-OLD/rbac-cert-manager.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# ClusterRole pour permettre à cert-manager d'utiliser le webhook OVH -# Le ServiceAccount cert-manager doit pouvoir créer des ressources "ovh" -# dans le groupe API acme.gkdomaine.fr -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cert-manager-webhook-ovh:cert-manager - labels: - app: cert-manager-webhook-ovh -rules: - - apiGroups: - - acme.gkdomaine.fr - resources: - - ovh - verbs: - - create - - get - - list - - watch - - update - - patch - - delete - # Permissions pour lire les secrets (nécessaire pour lire ovh-credentials) - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list ---- -# ClusterRoleBinding pour lier le ClusterRole au ServiceAccount cert-manager -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cert-manager-webhook-ovh:cert-manager - labels: - app: cert-manager-webhook-ovh -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-webhook-ovh:cert-manager -subjects: - # Le ServiceAccount cert-manager dans cert-manager-ops (selon l'erreur RBAC) - - kind: ServiceAccount - name: cert-manager - namespace: cert-manager-ops - diff --git a/00-OLD/rbac-webhook.yaml b/00-OLD/rbac-webhook.yaml deleted file mode 100644 index 6253313..0000000 --- a/00-OLD/rbac-webhook.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# ClusterRole pour permettre au webhook OVH de lire les secrets OVH -# Utilisation d'un ClusterRole pour éviter tout problème de permissions -# Le ServiceAccount du webhook doit pouvoir lire le secret ovh-credentials -# dans le namespace cert-manager-ops -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cert-manager-webhook-ovh:secrets - labels: - app: cert-manager-webhook-ovh -rules: - - apiGroups: - - "" - resources: - - secrets - # Pas de resourceNames avec ClusterRole, mais on limite au namespace via le ClusterRoleBinding - verbs: - - get - - list ---- -# ClusterRoleBinding pour lier le ClusterRole au ServiceAccount du webhook -# Le nom du ServiceAccount est défini par le chart officiel -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cert-manager-webhook-ovh:secrets - labels: - app: cert-manager-webhook-ovh -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-webhook-ovh:secrets -subjects: - # Le ServiceAccount du webhook (nom basé sur le release name du chart) - - kind: ServiceAccount - name: cert-manager-webhook-ovh-ops - namespace: cert-manager-ops - diff --git a/00-OLD/secret-ovh-credentials.yaml b/00-OLD/secret-ovh-credentials.yaml deleted file mode 100644 index b58fd49..0000000 --- a/00-OLD/secret-ovh-credentials.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: ovh-credentials - namespace: cert-manager-ops -type: Opaque -stringData: - # Utilisez stringData pour mettre les valeurs en CLAIR, - # K8s les encodera proprement en base64 pour vous. - application-key: "XXXXXXXXXXXXXXXXX" - application-secret: "XXXXXXXXXXXXXXXXX" - consumer-key: "XXXXXXXXXXXXXXXXX" \ No newline at end of file diff --git a/00-OLD/traefik/certificate-dev.yaml b/00-OLD/traefik/certificate-dev.yaml deleted file mode 100644 index 2b39c26..0000000 --- a/00-OLD/traefik/certificate-dev.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: traefik-dev-tls - namespace: certificates-ops -spec: - secretName: traefik-dev-tls - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - dnsNames: - - traefik.dev.gkdomaine.fr