| giolekva | eea069c | 2021-07-19 18:13:08 +0400 | [diff] [blame] | 1 | apiVersion: cert-manager.io/v1 |
| 2 | kind: ClusterIssuer |
| 3 | metadata: |
| 4 | name: letsencrypt-prod |
| 5 | namespace: cert-manager |
| 6 | spec: |
| 7 | acme: |
| 8 | server: https://acme-v02.api.letsencrypt.org/directory |
| 9 | email: giolekva@gmail.com |
| 10 | privateKeySecretRef: |
| 11 | name: cluster-issuer-letsencrypt-prod-account-key |
| 12 | solvers: |
| 13 | - selector: {} |
| 14 | http01: |
| 15 | ingress: |
| 16 | class: nginx |
| 17 | --- |
| 18 | apiVersion: cert-manager.io/v1 |
| 19 | kind: ClusterIssuer |
| 20 | metadata: |
| 21 | name: letsencrypt-staging-dns |
| 22 | namespace: cert-manager |
| 23 | spec: |
| 24 | acme: |
| 25 | # server: https://acme-v02.api.letsencrypt.org/directory |
| 26 | server: https://acme-staging-v02.api.letsencrypt.org/directory |
| 27 | email: giolekva@gmail.com |
| 28 | privateKeySecretRef: |
| 29 | name: cluster-issuer-letsencrypt-staginig-dns-account-key |
| 30 | solvers: |
| 31 | - dns01: |
| 32 | webhook: |
| 33 | groupName: acme.bwolf.me |
| 34 | solverName: gandi |
| 35 | config: |
| 36 | apiKeySecretRef: |
| 37 | key: api-token |
| 38 | name: gandi-credentials |
| 39 | --- |
| 40 | apiVersion: cert-manager.io/v1 |
| 41 | kind: ClusterIssuer |
| 42 | metadata: |
| 43 | name: letsencrypt-prod-dns |
| 44 | namespace: cert-manager |
| 45 | spec: |
| 46 | acme: |
| 47 | server: https://acme-v02.api.letsencrypt.org/directory |
| 48 | email: giolekva@gmail.com |
| 49 | privateKeySecretRef: |
| 50 | name: cluster-issuer-letsencrypt-prod-dns-account-key |
| 51 | solvers: |
| 52 | - dns01: |
| 53 | webhook: |
| 54 | groupName: acme.bwolf.me |
| 55 | solverName: gandi |
| 56 | config: |
| 57 | apiKeySecretRef: |
| 58 | key: api-token |
| 59 | name: gandi-credentials |
| 60 | --- |
| giolekva | eb3b6a8 | 2021-07-31 17:49:24 +0400 | [diff] [blame] | 61 | # TODO(giolekva): move to ingerss-nginx-private namespace |
| 62 | apiVersion: cert-manager.io/v1 |
| 63 | kind: ClusterIssuer |
| 64 | metadata: |
| 65 | name: selfsigned |
| 66 | namespace: cert-manager |
| 67 | spec: |
| 68 | selfSigned: {} |
| 69 | --- |
| 70 | apiVersion: cert-manager.io/v1 |
| 71 | kind: Certificate |
| 72 | metadata: |
| 73 | name: selfsigned-ca-root |
| 74 | namespace: cert-manager |
| 75 | spec: |
| 76 | isCA: true |
| 77 | commonName: selfsigned-ca-root |
| 78 | secretName: selfsigned-ca-root |
| 79 | privateKey: |
| 80 | algorithm: ECDSA |
| 81 | size: 256 |
| 82 | issuerRef: |
| 83 | name: selfsigned |
| 84 | kind: ClusterIssuer |
| 85 | group: cert-manager.io |
| 86 | --- |
| 87 | apiVersion: cert-manager.io/v1 |
| 88 | kind: ClusterIssuer |
| 89 | metadata: |
| 90 | name: selfsigned-ca |
| 91 | namespace: cert-manager |
| 92 | spec: |
| 93 | ca: |
| 94 | secretName: selfsigned-ca-root |
| 95 | --- |
| giolekva | eea069c | 2021-07-19 18:13:08 +0400 | [diff] [blame] | 96 | apiVersion: cert-manager.io/v1 |
| 97 | kind: Certificate |
| 98 | metadata: |
| 99 | name: wildcard-lekva.me |
| 100 | namespace: ingress-nginx |
| 101 | spec: |
| 102 | dnsNames: |
| 103 | - '*.lekva.me' |
| 104 | issuerRef: |
| 105 | name: letsencrypt-prod-dns |
| 106 | kind: ClusterIssuer |
| 107 | secretName: cert-wildcard.lekva.me |