2022-11-12 18:34:17 +00:00
|
|
|
apiVersion: cert-manager.io/v1
|
|
|
|
kind: ClusterIssuer
|
|
|
|
metadata:
|
|
|
|
name: letsencrypt
|
|
|
|
spec:
|
|
|
|
acme:
|
|
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
|
|
email: postmaster@netflux.io
|
|
|
|
privateKeySecretRef:
|
|
|
|
name: prod-letsencrypt
|
|
|
|
solvers:
|
2023-03-21 01:37:42 +00:00
|
|
|
# HTTP solver disabled for wildcard support.
|
|
|
|
# TODO: consider reenabling
|
|
|
|
# - http01:
|
|
|
|
# ingress:
|
|
|
|
# class: prod-nginx
|
2022-11-12 18:34:17 +00:00
|
|
|
- dns01:
|
|
|
|
route53:
|
|
|
|
region: eu-west-1
|
|
|
|
hostedZoneID: Z1OSEC2E6M9VER
|
|
|
|
accessKeyID: AKIARZPRT6YGHAENBEEX
|
|
|
|
secretAccessKeySecretRef:
|
|
|
|
# Using name reference transformers to manage this didn't work,
|
|
|
|
# possibly because ClusterIssuer is a cluster-scoped resource.
|
|
|
|
#
|
|
|
|
# For now, this secret should be provisioned manually in the
|
|
|
|
# cert-manager namespace:
|
|
|
|
name: prod-aws-credentials
|
|
|
|
key: secret
|