netflux-kubernetes/deploy/prod/clusterissuer.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: postmaster@netflux.io
    privateKeySecretRef:
      name: prod-letsencrypt
    solvers:
    - http01:
        ingress:
          class: prod-nginx
    - dns01:
        route53:
          region: eu-west-1
          hostedZoneID: Z1OSEC2E6M9VER
          accessKeyID: AKIARZPRT6YGHAENBEEX
          secretAccessKeySecretRef:
            # Using name reference transformers to manage this didn't work,
            # possibly because ClusterIssuer is a cluster-scoped resource.
            #
            # For now, this secret should be provisioned manually in the
            # cert-manager namespace:
            name: prod-aws-credentials
            key: secret
Add Kustomize-managed ClusterIssuer 2022-11-12 18:34:17 +00:00			`apiVersion: cert-manager.io/v1`
			`kind: ClusterIssuer`
			`metadata:`
			`name: letsencrypt`
			`spec:`
			`acme:`
			`server: https://acme-v02.api.letsencrypt.org/directory`
			`email: postmaster@netflux.io`
			`privateKeySecretRef:`
			`name: prod-letsencrypt`
			`solvers:`
			`- http01:`
			`ingress:`
			`class: prod-nginx`
			`- dns01:`
			`route53:`
			`region: eu-west-1`
			`hostedZoneID: Z1OSEC2E6M9VER`
			`accessKeyID: AKIARZPRT6YGHAENBEEX`
			`secretAccessKeySecretRef:`
			`# Using name reference transformers to manage this didn't work,`
			`# possibly because ClusterIssuer is a cluster-scoped resource.`
			`#`
			`# For now, this secret should be provisioned manually in the`
			`# cert-manager namespace:`
			`name: prod-aws-credentials`
			`key: secret`