scripts/homelab/cluster-issuer.yaml - pcloud - Gitiles

 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: letsencrypt-prod
   namespace: cert-manager
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
     email: giolekva@gmail.com
     privateKeySecretRef:
       name: cluster-issuer-letsencrypt-prod-account-key
     solvers:
     - selector: {}
       http01:
         ingress:
           class: nginx
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: letsencrypt-staging-dns
   namespace: cert-manager
 spec:
   acme:
     # server: https://acme-v02.api.letsencrypt.org/directory
     server: https://acme-staging-v02.api.letsencrypt.org/directory
     email: giolekva@gmail.com
     privateKeySecretRef:
       name: cluster-issuer-letsencrypt-staginig-dns-account-key
     solvers:
     - dns01:
         webhook:
           groupName: acme.bwolf.me
           solverName: gandi
           config:
             apiKeySecretRef:
               key: api-token
               name: gandi-credentials
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: letsencrypt-prod-dns
   namespace: cert-manager
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
     email: giolekva@gmail.com
     privateKeySecretRef:
       name: cluster-issuer-letsencrypt-prod-dns-account-key
     solvers:
     - dns01:
         webhook:
           groupName: acme.bwolf.me
           solverName: gandi
           config:
             apiKeySecretRef:
               key: api-token
               name: gandi-credentials
 ---
 # TODO(giolekva): move to ingerss-nginx-private namespace
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: selfsigned
   namespace: cert-manager
 spec:
   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: selfsigned-ca-root
   namespace: cert-manager
 spec:
   isCA: true
   commonName: selfsigned-ca-root
   secretName: selfsigned-ca-root
   privateKey:
     algorithm: ECDSA
     size: 256
   issuerRef:
     name: selfsigned
     kind: ClusterIssuer
     group: cert-manager.io
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: selfsigned-ca
   namespace: cert-manager
 spec:
   ca:
     secretName: selfsigned-ca-root
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: wildcard-lekva.me
   namespace: ingress-nginx
 spec:
   dnsNames:
   - '*.lekva.me'
   issuerRef:
     name: letsencrypt-prod-dns
     kind: ClusterIssuer
   secretName: cert-wildcard.lekva.me
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	namespace: cert-manager
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: giolekva@gmail.com
	privateKeySecretRef:
	name: cluster-issuer-letsencrypt-prod-account-key
	solvers:
	- selector: {}
	http01:
	ingress:
	class: nginx
	---
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-staging-dns
	namespace: cert-manager
	spec:
	acme:
	# server: https://acme-v02.api.letsencrypt.org/directory
	server: https://acme-staging-v02.api.letsencrypt.org/directory
	email: giolekva@gmail.com
	privateKeySecretRef:
	name: cluster-issuer-letsencrypt-staginig-dns-account-key
	solvers:
	- dns01:
	webhook:
	groupName: acme.bwolf.me
	solverName: gandi
	config:
	apiKeySecretRef:
	key: api-token
	name: gandi-credentials
	---
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod-dns
	namespace: cert-manager
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: giolekva@gmail.com
	privateKeySecretRef:
	name: cluster-issuer-letsencrypt-prod-dns-account-key
	solvers:
	- dns01:
	webhook:
	groupName: acme.bwolf.me
	solverName: gandi
	config:
	apiKeySecretRef:
	key: api-token
	name: gandi-credentials
	---
	# TODO(giolekva): move to ingerss-nginx-private namespace
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: selfsigned
	namespace: cert-manager
	spec:
	selfSigned: {}
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: selfsigned-ca-root
	namespace: cert-manager
	spec:
	isCA: true
	commonName: selfsigned-ca-root
	secretName: selfsigned-ca-root
	privateKey:
	algorithm: ECDSA
	size: 256
	issuerRef:
	name: selfsigned
	kind: ClusterIssuer
	group: cert-manager.io
	---
	apiVersion: cert-manager.io/v1
	kind: ClusterIssuer
	metadata:
	name: selfsigned-ca
	namespace: cert-manager
	spec:
	ca:
	secretName: selfsigned-ca-root
	---
	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: wildcard-lekva.me
	namespace: ingress-nginx
	spec:
	dnsNames:
	- '*.lekva.me'
	issuerRef:
	name: letsencrypt-prod-dns
	kind: ClusterIssuer
	secretName: cert-wildcard.lekva.me