Add cert-manager resources

2022-05-05 17:42:34 +02:00 · 2022-05-05 17:42:34 +02:00 · fc39e5d927
parent 5c1d401110
commit fc39e5d927
3 changed files with 50 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,22 @@
+# Netflux on Kubernetes
+
+## Installation
+
+### cert-manager
+
+cert-manager should only be installed in production. It cannot be installed as a subchart.
+
+See: https://cert-manager.io/docs/installation/helm/
+
+```
+helm repo add jetstack https://charts.jetstack.io
+helm repo up
+helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.8.0 --set installCRDs=true
+
+# create issuers
+kubectl apply -f cert-manager/issuer-staging.yml
+kubectl apply -f cert-manager/issuer-production.yml
+```
+
+This should be sufficient for cert-manager to issue certificates automatically when the
+`tls.enabled` value is set to `true`.
--- a/cert-manager/issuer-production.yml
+++ b/cert-manager/issuer-production.yml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: postmaster@netflux.io
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+      - http01:
+          ingress:
+            class: nginx
--- a/cert-manager/issuer-staging.yml
+++ b/cert-manager/issuer-staging.yml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: postmaster@netflux.io
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+      - http01:
+          ingress:
+            class: nginx