apiVersion: batch/v1 kind: CronJob metadata: name: proxmox-cert namespace: default spec: jobTemplate: spec: template: spec: volumes: - secret: secretName: proxmox-gmem-ca name: cert containers: - command: - /bin/bash - -c - > curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}/start" curl -k -X POST https://${BASE_URL}/api2/json/nodes/proxmox/certificates/custom -H "Authorization: PVEAPIToken=${TOKEN_ID}=${TOKEN_SECRET}" -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "key=$(cat /data/tls.key)" --data-urlencode "restart=1" --data-urlencode "force=1" --data-urlencode "certificates=$(cat /data/tls.crt)" curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}/$?" envFrom: - configMapRef: name: proxmox-cert - secretRef: name: proxmox-cert image: git.gmem.ca/arch/kutils name: upload-certificate volumeMounts: - mountPath: /data name: cert restartPolicy: Never schedule: "0 0 1 * *" --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: proxmox-gmem-ca namespace: default spec: # Secret names are always required. secretName: proxmox-gmem-ca duration: 2160h # 90d renewBefore: 360h # 15d dnsNames: - proxmox.gmem.ca issuerRef: name: le-issuer # We can reference ClusterIssuers by changing the kind here. # The default value is Issuer (i.e. a locally namespaced Issuer) kind: ClusterIssuer # This is optional since cert-manager will default to this value however # if you are using an external issuer, change this to that issuer group. group: cert-manager.io --- apiVersion: v1 data: BASE_URL: proxmox.gmem.ca kind: ConfigMap metadata: name: proxmox-cert namespace: default --- apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultStaticSecret metadata: name: proxmox-cert namespace: default spec: destination: create: true name: proxmox-cert mount: kv path: default/proxmox-cert refreshAfter: 30s type: kv-v2 vaultAuthRef: vault