Add private Nginx for internal ingress + private root CA

commit: eb3b6a833d328692f2d4743844b6a144410c10d1 [log] [tgz]
author: giolekva <giolekva@gmail.com> Sat Jul 31 17:49:24 2021 +0400
committer: giolekva <giolekva@gmail.com> Sat Jul 31 17:49:24 2021 +0400
tree: 69ed5eb7cf947fe2693174df6254e1244586a98c
parent: 24f6405c20fece3df291cb036fdc7a6e2f5bc4ec [diff] [blame]
diff --git a/scripts/homelab/cluster-issuer.yaml b/scripts/homelab/cluster-issuer.yaml
index b408aef..9ea191b 100644
--- a/scripts/homelab/cluster-issuer.yaml
+++ b/scripts/homelab/cluster-issuer.yaml

@@ -58,6 +58,41 @@
               key: api-token
               name: gandi-credentials
 ---
+# TODO(giolekva): move to ingerss-nginx-private namespace
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned
+  namespace: cert-manager
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: selfsigned-ca-root
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: selfsigned-ca-root
+  secretName: selfsigned-ca-root
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-ca
+  namespace: cert-manager
+spec:
+  ca:
+    secretName: selfsigned-ca-root
+---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
commit	eb3b6a833d328692f2d4743844b6a144410c10d1	[log] [tgz]
author	giolekva <giolekva@gmail.com>	Sat Jul 31 17:49:24 2021 +0400
committer	giolekva <giolekva@gmail.com>	Sat Jul 31 17:49:24 2021 +0400
tree	69ed5eb7cf947fe2693174df6254e1244586a98c
parent	24f6405c20fece3df291cb036fdc7a6e2f5bc4ec [diff] [blame]