# cert-manager

- [cloudflare](#cloudflare)
- [api secrets](#api-secrets)
- [Cluster Issuer](#cluster-issuer)
  - [Staging](#staging)
    - [Deploy](#deploy)
    - [Describe](#describe)
  - [Production](#production)
    - [Deploy (Production)](#deploy-production)
    - [Describe (Production)](#describe-production)
- [helm chart](#helm-chart)

## cloudflare

## api secrets

[cloudflare-api-token.yaml](./cloudflare-api-token.yaml).

```bash
set -a
source ./.env
set +a
envsubst < ./cloudflare-api-token.yaml \
| kubectl apply -n kube-system -f -
```

## Cluster Issuer

### Staging

#### Deploy

[letsencrypt-clusterissuer-staging.yaml](./letsencrypt-clusterissuer-staging.yaml).

```bash
set -a
source ./.env
set +a
envsubst < ./letsencrypt-clusterissuer-staging.yaml \
| kubectl apply -n kube-system -f -
```

#### Describe

```bash
kubectl describe clusterissuer letsencrypt-staging
```

### Production

#### Deploy (Production)

[letsencrypt-clusterissuer-prod.yaml](./letsencrypt-clusterissuer-prod.yaml).

```bash
set -a
source ./.env
set +a
envsubst < ./letsencrypt-clusterissuer-prod.yaml \
| kubectl apply -n kube-system -f -
```

```bash
set -a
source ./.env
set +a
envsubst < ./letsencrypt-clusterissuer-staging.yaml \
| kubectl apply -n kube-system -f -
```

#### Describe (Production)

```bash
kubectl describe clusterissuer letsencrypt-prod
```

**Force cert refresh:**

``` bash
kubectl delete certificaterequest -l cert-manager.io/certificate-name=monitoring-limbosolutions-com-tls
kubectl delete order  -l cert-manager.io/certificate-name=monitoring-limbosolutions-com-tls
```

## helm chart

Using flux for reconciliation.

``` bash
  kubectl kustomize deploy/flux | kubectl apply -f -
```