Compare commits
3 Commits
c41804f3f3
...
e44e15c7cf
Author | SHA1 | Date |
---|---|---|
Rob Watson | e44e15c7cf | |
Rob Watson | 149dd3567b | |
Rob Watson | ac13069d4e |
|
@ -1,3 +1,5 @@
|
|||
# Legacy issuer that is not managed by Kustomize.
|
||||
# For new certificates, prefer prod/clusterissuer.yaml.
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
|
@ -9,6 +11,6 @@ spec:
|
|||
privateKeySecretRef:
|
||||
name: letsencrypt-production
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# Legacy issuer that is not managed by Kustomize.
|
||||
# For new certificates, add staging/clusterissuer.yaml.
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
email: postmaster@netflux.io
|
||||
privateKeySecretRef:
|
||||
name: prod-letsencrypt-staging
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: prod-nginx
|
||||
- dns01:
|
||||
route53:
|
||||
region: eu-west-1
|
||||
hostedZoneID: Z1OSEC2E6M9VER
|
||||
accessKeyID: AKIARZPRT6YGHAENBEEX
|
||||
secretAccessKeySecretRef:
|
||||
# Using name reference transformers to manage this didn't work,
|
||||
# probably because ClusterIssuer is a cluster-scoped resource.
|
||||
#
|
||||
# For now, this secret should be provisioned manually in the
|
||||
# cert-manager namespace:
|
||||
name: prod-aws-credentials
|
||||
key: secret
|
|
@ -0,0 +1,27 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: postmaster@netflux.io
|
||||
privateKeySecretRef:
|
||||
name: prod-letsencrypt
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: prod-nginx
|
||||
- dns01:
|
||||
route53:
|
||||
region: eu-west-1
|
||||
hostedZoneID: Z1OSEC2E6M9VER
|
||||
accessKeyID: AKIARZPRT6YGHAENBEEX
|
||||
secretAccessKeySecretRef:
|
||||
# Using name reference transformers to manage this didn't work,
|
||||
# possibly because ClusterIssuer is a cluster-scoped resource.
|
||||
#
|
||||
# For now, this secret should be provisioned manually in the
|
||||
# cert-manager namespace:
|
||||
name: prod-aws-credentials
|
||||
key: secret
|
|
@ -4,7 +4,8 @@ resources:
|
|||
- svc-db.yaml
|
||||
- svc-netflux.yaml
|
||||
- cm-ingress-nginx-tcp-services.yaml
|
||||
|
||||
- clusterissuer.yaml
|
||||
- clusterissuer-staging.yaml
|
||||
configMapGenerator:
|
||||
- name: prometheus-server
|
||||
behavior: merge
|
||||
|
|
Loading…
Reference in New Issue