studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
efe574f48eadd86344c2ea24c637b233ca85ca09
sbbb/base/cert-manager/kustomization.yaml

25 lines
665 B
YAML
Raw Normal View History

feat(infra): production bootstrap — cert-manager, longhorn, monitoring Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo + Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning. Production overlay: add patches for postgres sizing, SeaweedFS volume, OpenSearch storage, LiveKit service, Pingora host ports, resource limits, and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
feat(devtools): deploy Penpot + MCP server, wildcard TLS via DNS-01 Penpot (designer.sunbeam.pt): - Frontend/backend/exporter deployments with OIDC-only auth via Hydra - VSO-managed DB, S3, and app secrets from OpenBao - PostgreSQL user/db in CNPG postInitSQL - Hydra Maester enabledNamespaces extended to devtools Penpot MCP server (mcp-designer.sunbeam.pt): - Pre-built Node.js image pushed to Gitea registry - Auth-gated via Pingora auth_request → Hydra /userinfo - WebSocket path for browser plugin connection Wildcard TLS: - Switched cert-manager from HTTP-01 (per-SAN) to DNS-01 via Scaleway webhook - Certificate collapsed to *.sunbeam.pt + sunbeam.pt - Added scaleway-certmanager-webhook Helm chart - VSO secret for Scaleway DNS API credentials in cert-manager namespace - Added cert-manager to OpenBao VSO auth role
2026-04-04 12:53:27 +01:00
- scaleway-dns-secret.yaml
feat(infra): production bootstrap — cert-manager, longhorn, monitoring Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo + Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning. Production overlay: add patches for postgres sizing, SeaweedFS volume, OpenSearch storage, LiveKit service, Pingora host ports, resource limits, and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
helmCharts:
# helm repo add jetstack https://charts.jetstack.io
- name: cert-manager
repo: https://charts.jetstack.io
version: "1.19.4"
releaseName: cert-manager
namespace: cert-manager
valuesFile: values.yaml
includeCRDs: true
feat(devtools): deploy Penpot + MCP server, wildcard TLS via DNS-01 Penpot (designer.sunbeam.pt): - Frontend/backend/exporter deployments with OIDC-only auth via Hydra - VSO-managed DB, S3, and app secrets from OpenBao - PostgreSQL user/db in CNPG postInitSQL - Hydra Maester enabledNamespaces extended to devtools Penpot MCP server (mcp-designer.sunbeam.pt): - Pre-built Node.js image pushed to Gitea registry - Auth-gated via Pingora auth_request → Hydra /userinfo - WebSocket path for browser plugin connection Wildcard TLS: - Switched cert-manager from HTTP-01 (per-SAN) to DNS-01 via Scaleway webhook - Certificate collapsed to *.sunbeam.pt + sunbeam.pt - Added scaleway-certmanager-webhook Helm chart - VSO secret for Scaleway DNS API credentials in cert-manager namespace - Added cert-manager to OpenBao VSO auth role
2026-04-04 12:53:27 +01:00
# helm repo add scaleway https://helm.scw.cloud/
# DNS-01 webhook for Scaleway DNS — enables wildcard certs.
- name: scaleway-certmanager-webhook
repo: https://helm.scw.cloud/
version: "0.4.1"
releaseName: scaleway-certmanager-webhook
namespace: cert-manager
Reference in New Issue Copy Permalink