Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / e4f767b63071d41f5c0e04d671a2a37d39ab8f8f^! / . / scripts / homelab / installer / cluster-issuer.yaml
commite4f767b63071d41f5c0e04d671a2a37d39ab8f8f[log] [tgz]
authorgiolekva <giolekva@gmail.com>Wed Oct 06 16:44:20 2021 +0400
committergiolekva <giolekva@gmail.com>Wed Oct 06 16:44:20 2021 +0400
tree8e9d149c4a383e19ebe7e09022e0e9219c19f4f2
parent43b4b58f23c9dcce8bb292c4ce7eabe9e64cea2c [diff] [blame]
installer scripts

diff --git a/scripts/homelab/installer/cluster-issuer.yaml b/scripts/homelab/installer/cluster-issuer.yaml
new file mode 100644
index 0000000..9ea191b
--- /dev/null
+++ b/scripts/homelab/installer/cluster-issuer.yaml

@@ -0,0 +1,107 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: giolekva@gmail.com
+    privateKeySecretRef:
+      name: cluster-issuer-letsencrypt-prod-account-key
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: nginx
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging-dns
+  namespace: cert-manager
+spec:
+  acme:
+    # server: https://acme-v02.api.letsencrypt.org/directory
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: giolekva@gmail.com
+    privateKeySecretRef:
+      name: cluster-issuer-letsencrypt-staginig-dns-account-key
+    solvers:
+    - dns01:
+        webhook:
+          groupName: acme.bwolf.me
+          solverName: gandi
+          config:
+            apiKeySecretRef:
+              key: api-token
+              name: gandi-credentials
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod-dns
+  namespace: cert-manager
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: giolekva@gmail.com
+    privateKeySecretRef:
+      name: cluster-issuer-letsencrypt-prod-dns-account-key
+    solvers:
+    - dns01:
+        webhook:
+          groupName: acme.bwolf.me
+          solverName: gandi
+          config:
+            apiKeySecretRef:
+              key: api-token
+              name: gandi-credentials
+---
+# TODO(giolekva): move to ingerss-nginx-private namespace
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned
+  namespace: cert-manager
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: selfsigned-ca-root
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: selfsigned-ca-root
+  secretName: selfsigned-ca-root
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-ca
+  namespace: cert-manager
+spec:
+  ca:
+    secretName: selfsigned-ca-root
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-lekva.me
+  namespace: ingress-nginx
+spec:
+  dnsNames:
+  - '*.lekva.me'
+  issuerRef:
+    name: letsencrypt-prod-dns
+    kind: ClusterIssuer
+  secretName: cert-wildcard.lekva.me