From fc39e5d927f556f16d7daf70978bd100071247a7 Mon Sep 17 00:00:00 2001 From: Rob Watson Date: Thu, 5 May 2022 17:42:34 +0200 Subject: [PATCH] Add cert-manager resources --- README.md | 22 ++++++++++++++++++++++ cert-manager/issuer-production.yml | 14 ++++++++++++++ cert-manager/issuer-staging.yml | 14 ++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 README.md create mode 100644 cert-manager/issuer-production.yml create mode 100644 cert-manager/issuer-staging.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..89ed02e --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# Netflux on Kubernetes + +## Installation + +### cert-manager + +cert-manager should only be installed in production. It cannot be installed as a subchart. + +See: https://cert-manager.io/docs/installation/helm/ + +``` +helm repo add jetstack https://charts.jetstack.io +helm repo up +helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.8.0 --set installCRDs=true + +# create issuers +kubectl apply -f cert-manager/issuer-staging.yml +kubectl apply -f cert-manager/issuer-production.yml +``` + +This should be sufficient for cert-manager to issue certificates automatically when the +`tls.enabled` value is set to `true`. diff --git a/cert-manager/issuer-production.yml b/cert-manager/issuer-production.yml new file mode 100644 index 0000000..9d810d1 --- /dev/null +++ b/cert-manager/issuer-production.yml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: postmaster@netflux.io + privateKeySecretRef: + name: letsencrypt-production + solvers: + - http01: + ingress: + class: nginx diff --git a/cert-manager/issuer-staging.yml b/cert-manager/issuer-staging.yml new file mode 100644 index 0000000..2c55951 --- /dev/null +++ b/cert-manager/issuer-staging.yml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: postmaster@netflux.io + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + class: nginx