netflux-kubernetes/deploy/prod/clusterissuer.yaml

30 lines
916 B
YAML

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: postmaster@netflux.io
privateKeySecretRef:
name: prod-letsencrypt
solvers:
# HTTP solver disabled for wildcard support.
# TODO: consider reenabling
# - http01:
# ingress:
# class: prod-nginx
- dns01:
route53:
region: eu-west-1
hostedZoneID: Z1OSEC2E6M9VER
accessKeyID: AKIARZPRT6YGHAENBEEX
secretAccessKeySecretRef:
# Using name reference transformers to manage this didn't work,
# possibly because ClusterIssuer is a cluster-scoped resource.
#
# For now, this secret should be provisioned manually in the
# cert-manager namespace:
name: prod-aws-credentials
key: secret