Compare commits

...

3 Commits

Author SHA1 Message Date
Rob Watson e44e15c7cf Add Kustomize-managed ClusterIssuer 2022-11-14 06:55:46 +01:00
Rob Watson 149dd3567b Add AWS credentials 2022-11-11 20:47:41 +01:00
Rob Watson ac13069d4e Tidy indentation 2022-11-11 19:24:22 +01:00
5 changed files with 63 additions and 4 deletions

View File

@ -1,3 +1,5 @@
# Legacy issuer that is not managed by Kustomize.
# For new certificates, prefer prod/clusterissuer.yaml.
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
@ -9,6 +11,6 @@ spec:
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx
- http01:
ingress:
class: nginx

View File

@ -1,3 +1,5 @@
# Legacy issuer that is not managed by Kustomize.
# For new certificates, add staging/clusterissuer.yaml.
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:

View File

@ -0,0 +1,27 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: postmaster@netflux.io
privateKeySecretRef:
name: prod-letsencrypt-staging
solvers:
- http01:
ingress:
class: prod-nginx
- dns01:
route53:
region: eu-west-1
hostedZoneID: Z1OSEC2E6M9VER
accessKeyID: AKIARZPRT6YGHAENBEEX
secretAccessKeySecretRef:
# Using name reference transformers to manage this didn't work,
# probably because ClusterIssuer is a cluster-scoped resource.
#
# For now, this secret should be provisioned manually in the
# cert-manager namespace:
name: prod-aws-credentials
key: secret

View File

@ -0,0 +1,27 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: postmaster@netflux.io
privateKeySecretRef:
name: prod-letsencrypt
solvers:
- http01:
ingress:
class: prod-nginx
- dns01:
route53:
region: eu-west-1
hostedZoneID: Z1OSEC2E6M9VER
accessKeyID: AKIARZPRT6YGHAENBEEX
secretAccessKeySecretRef:
# Using name reference transformers to manage this didn't work,
# possibly because ClusterIssuer is a cluster-scoped resource.
#
# For now, this secret should be provisioned manually in the
# cert-manager namespace:
name: prod-aws-credentials
key: secret

View File

@ -4,7 +4,8 @@ resources:
- svc-db.yaml
- svc-netflux.yaml
- cm-ingress-nginx-tcp-services.yaml
- clusterissuer.yaml
- clusterissuer-staging.yaml
configMapGenerator:
- name: prometheus-server
behavior: merge