Merge branch 'drop-certs'

The `cert-exporter` is no longer needed.  All websites manage their own
certificates with _mod_md_ now, and all internal applications that use
the wildcard certificate fetch it directly from the Kubernetes Secret.

cert-manager/cert-exporter.config.yml

@@ -1,17 +0,0 @@
-git_repo: gitea@git.pyrocufflink.blue:dustin/certs.git
-certs:
-- name: pyrocufflink-cert
-  namespace: default
-  key: certificates/_.pyrocufflink.net.key
-  cert: certificates/_.pyrocufflink.net.crt
-  bundle: certificates/_.pyrocufflink.net.pem
-- name: dustinandtabitha-cert
-  namespace: default
-  key: certificates/dustinandtabitha.com.key
-  cert: certificates/dustinandtabitha.com.crt
-  bundle: certificates/dustinandtabitha.com.pem
-- name: hlc-cert
-  namespace: default
-  key: certificates/hatchlearningcenter.org.key
-  cert: certificates/hatchlearningcenter.org.crt
-  bundle: certificates/hatchlearningcenter.org.pem

cert-manager/cert-exporter.yaml

@@ -1,78 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cert-exporter
-  namespace: cert-manager
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cert-exporter
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  resourceNames:
-  - pyrocufflink-cert
-  - dustinandtabitha-cert
-  - hlc-cert
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cert-exporter
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cert-exporter
-subjects:
-- kind: ServiceAccount
-  name: cert-exporter
-  namespace: cert-manager
-
----
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: cert-exporter
-  namespace: cert-manager
-spec:
-  timeZone: America/Chicago
-  schedule: '27 9,20 * * *'
-  jobTemplate: &jobtemplate
-    spec:
-      template:
-        spec:
-          containers:
-          - image: git.pyrocufflink.net/containerimages/cert-exporter
-            name: cert-exporter
-            volumeMounts:
-            - mountPath: /etc/cert-exporter/config.yml
-              name: config
-              subPath: config.yml
-              readOnly: true
-            - mountPath: /home/cert-exporter/.ssh/id_ed25519
-              name: sshkeys
-              subPath: cert-exporter.pem
-              readOnly: true
-            - mountPath: /etc/ssh/ssh_known_hosts
-              name: sshkeys
-              subPath: ssh_known_hosts
-              readOnly: true
-          securityContext:
-            fsGroup: 1000
-          serviceAccount: cert-exporter
-          volumes:
-          - name: config
-            configMap:
-              name: cert-exporter
-          - name: sshkeys
-            secret:
-              secretName: cert-exporter-sshkey
-              defaultMode: 00440
-          restartPolicy: Never

cert-manager/certificates.yaml

@@ -16,51 +16,3 @@ spec:
   privateKey:
     algorithm: ECDSA
     rotationPolicy: Always
-
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: dustinandtabitha-cert
-spec:
-  secretName: dustinandtabitha-cert
-  dnsNames:
-  - dustinandtabitha.com
-  - '*.dustinandtabitha.com'
-  - dustinandtabitha.xyz
-  - '*.dustinandtabitha.xyz'
-  issuerRef:
-    group: cert-manager.io
-    kind: ClusterIssuer
-    name: zerossl
-  privateKey:
-    algorithm: ECDSA
-    rotationPolicy: Always
-
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: hlc-cert
-spec:
-  secretName: hlc-cert
-  dnsNames:
-  - hatchlearningcenter.org
-  - '*.hatchlearningcenter.org'
-  - hatchlearningcenter.com
-  - '*.hatchlearningcenter.com'
-  - hlckc.org
-  - '*.hlckc.org'
-  - hlckc.com
-  - '*.hlckc.com'
-  - hlcks.org
-  - '*.hlcks.org'
-  - hlcks.com
-  - '*.hlcks.com'
-  issuerRef:
-    group: cert-manager.io
-    kind: ClusterIssuer
-    name: zerossl
-  privateKey:
-    algorithm: ECDSA
-    rotationPolicy: Always

cert-manager/jenkins.yaml

@@ -11,8 +11,6 @@ rules:
   - get
   resourceNames:
   - pyrocufflink-cert
-  - dustinandtabitha-cert
-  - hlc-cert
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1

cert-manager/kustomization.yaml

@@ -5,19 +5,10 @@ resources:
 - https://github.com/cert-manager/cert-manager/releases/download/v1.16.4/cert-manager.yaml
 - cluster-issuer.yaml
 - certificates.yaml
-- cert-exporter.yaml
 - dch-ca-issuer.yaml
 - secrets.yaml
 - jenkins.yaml
 
-configMapGenerator:
-- name: cert-exporter
-  namespace: cert-manager
-  files:
-  - config.yml=cert-exporter.config.yml
-  options:
-    disableNameSuffixHash: True
-
 secretGenerator:
 - name: zerossl-eab
   namespace: cert-manager
@@ -26,12 +17,6 @@ secretGenerator:
   options:
     disableNameSuffixHash: true
 
-- name: cert-exporter-sshkey
-  namespace: cert-manager
-  files:
-  - cert-exporter.pem
-  - ssh_known_hosts
-
 - name: cloudflare
   namespace: cert-manager
   files: