Add Kustomize-managed ClusterIssuer

Add AWS credentials
Tidy indentation
2022-11-14 06:55:46 +01:00 · 2022-11-11 20:47:41 +01:00 · 2022-11-11 19:24:22 +01:00
5 changed files with 63 additions and 4 deletions
--- a/cert-manager/issuer-production.yml
+++ b/cert-manager/issuer-production.yml
@ -1,3 +1,5 @@
 # Legacy issuer that is not managed by Kustomize.
 # For new certificates, prefer prod/clusterissuer.yaml.
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
@ -9,6 +11,6 @@ spec:
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
-      - http01:
+    - http01:
-          ingress:
+        ingress:
-            class: nginx
+          class: nginx
--- a/cert-manager/issuer-staging.yml
+++ b/cert-manager/issuer-staging.yml
@ -1,3 +1,5 @@
 # Legacy issuer that is not managed by Kustomize.
 # For new certificates, add staging/clusterissuer.yaml.
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
--- a/deploy/prod/clusterissuer-staging.yaml
+++ b/deploy/prod/clusterissuer-staging.yaml
@ -0,0 +1,27 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-staging
 spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: postmaster@netflux.io
    privateKeySecretRef:
      name: prod-letsencrypt-staging
    solvers:
    - http01:
        ingress:
          class: prod-nginx
    - dns01:
        route53:
          region: eu-west-1
          hostedZoneID: Z1OSEC2E6M9VER
          accessKeyID: AKIARZPRT6YGHAENBEEX
          secretAccessKeySecretRef:
            # Using name reference transformers to manage this didn't work,
            # probably because ClusterIssuer is a cluster-scoped resource.
            #
            # For now, this secret should be provisioned manually in the
            # cert-manager namespace:
            name: prod-aws-credentials
            key: secret
--- a/deploy/prod/clusterissuer.yaml
+++ b/deploy/prod/clusterissuer.yaml
@ -0,0 +1,27 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt
 spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: postmaster@netflux.io
    privateKeySecretRef:
      name: prod-letsencrypt
    solvers:
    - http01:
        ingress:
          class: prod-nginx
    - dns01:
        route53:
          region: eu-west-1
          hostedZoneID: Z1OSEC2E6M9VER
          accessKeyID: AKIARZPRT6YGHAENBEEX
          secretAccessKeySecretRef:
            # Using name reference transformers to manage this didn't work,
            # possibly because ClusterIssuer is a cluster-scoped resource.
            #
            # For now, this secret should be provisioned manually in the
            # cert-manager namespace:
            name: prod-aws-credentials
            key: secret
--- a/deploy/prod/kustomization.yaml
+++ b/deploy/prod/kustomization.yaml
@ -4,7 +4,8 @@ resources:
 - svc-db.yaml
 - svc-netflux.yaml
 - cm-ingress-nginx-tcp-services.yaml
-
+- clusterissuer.yaml
 - clusterissuer-staging.yaml
 configMapGenerator:
 - name: prometheus-server
  behavior: merge
Author	SHA1	Message	Date
Rob Watson	e44e15c7cf	Add Kustomize-managed ClusterIssuer	2022-11-14 06:55:46 +01:00
Rob Watson	149dd3567b	Add AWS credentials	2022-11-11 20:47:41 +01:00
Rob Watson	ac13069d4e	Tidy indentation	2022-11-11 19:24:22 +01:00