simonkaiser
/
k8s-kaisers-info
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Pārlūkot izejas kodu

Https instead of dns challenge

Simon Kaiser 3 gadus atpakaļ
vecāks
f8729af5e1
revīzija
d3668e2ebb
2 mainītis faili ar 41 papildinājumiem un 76 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 41
    31
      gitops-kaisers-info/templates/cert-manager.yaml
  2. 0
    45
      gitops-kaisers-info/templates/letsencrypt.yaml

+ 41
- 31
gitops-kaisers-info/templates/cert-manager.yaml Parādīt failu 

@@ -21,38 +21,48 @@ spec:
21 21 
     helm:
22 22 
       releaseName: cert-manager
23 23 
 ---
24 
-apiVersion: argoproj.io/v1alpha1
25 
-kind: Application
24 
+apiVersion: cert-manager.io/v1
25 
+kind: ClusterIssuer
26 26 
 metadata:
27 
-  name: cert-manager-hetzner-webhook
28 
-  namespace: {{ .Values.spec.namespace }}
29 
-  finalizers:
30 
-  - resources-finalizer.argocd.argoproj.io
27 
+  name: letsencrypt-staging
28 
+  namespace: cert-manager
31 29 
 spec:
32 
-  destination:
33 
-    namespace: cert-manager
34 
-    name: {{ .Values.spec.destination.name }}
35 
-  project: {{ .Values.spec.project }}
36 
-  syncPolicy:
37 
-    automated:
38 
-      prune: true
39 
-      selfHeal: true
40 
-  source:
41 
-    chart: cert-manager-webhook-hetzner
42 
-    repoURL: https://deyaeddin.github.io/cert-manager-webhook-hetzner/chart/
43 
-    targetRevision: 0.2.1
44 
-    helm:
45 
-      releaseName: cert-manager-hetzner-webhook
46 
-      parameters:
47 
-      - name: "groupName"
48 
-        value: "acme.kaisers.info"
49 
-      - name: "certManager.namespace"
50 
-        value: {{ .Values.spec.namespace }}
30 
+  acme:
31 
+    email: "admin@kaisers.info" # replace this
32 
+    privateKeySecretRef:
33 
+      name: "staging-issuer-account-key"
34 
+    server: "https://acme-staging-v02.api.letsencrypt.org/directory"
35 
+    solvers:
36 
+      - http01:
37 
+          ingress:
38 
+            class: "traefik"
39 
+            ingressTemplate:
40 
+              metadata:
41 
+                annotations:
42 
+                  kubernetes.io/ingress.class: "traefik"
43 
+                  traefik.ingress.kubernetes.io/router.tls: "true"
44 
+                  traefik.ingress.kubernetes.io/frontend-entry-points: "https"
45 
+                  traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
51 46 
 ---
52 
-apiVersion: v1
53 
-kind: Secret
47 
+apiVersion: cert-manager.io/v1
48 
+kind: ClusterIssuer
54 49 
 metadata:
55 
-  name: hetzner-secret
56 
-type: Opaque
57 
-data:
58 
-  api-key: M21TS3N1bzAzTVNld1JQeW12aVFpSU5TbFhPc0lBOFU=
50 
+  name: letsencrypt-prod
51 
+  namespace: cert-manager
52 
+spec:
53 
+  acme:
54 
+    email: "admin@kaisers.info" # replace this
55 
+    privateKeySecretRef:
56 
+      name: "prod-issuer-account-key"
57 
+    server: "https://acme-v02.api.letsencrypt.org/directory"
58 
+    solvers:
59 
+      - http01:
60 
+          ingress:
61 
+            class: "traefik"
62 
+            ingressTemplate:
63 
+              metadata:
64 
+                annotations:
65 
+                  kubernetes.io/ingress.class: "traefik"
66 
+                  traefik.ingress.kubernetes.io/router.tls: "true"
67 
+                  traefik.ingress.kubernetes.io/frontend-entry-points: "https"
68 
+                  traefik.ingress.kubernetes.io/router.entrypoints: "websecure"

+ 0
- 45
gitops-kaisers-info/templates/letsencrypt.yaml Parādīt failu 

@@ -1,45 +0,0 @@
1 
-apiVersion: cert-manager.io/v1
2 
-kind: ClusterIssuer
3 
-metadata:
4 
-  name: letsencrypt-staging
5 
-  namespace: cert-manager
6 
-spec:
7 
-  acme:
8 
-    email: "admin@kaisers.info" # replace this
9 
-    privateKeySecretRef:
10 
-      name: "staging-issuer-account-key"
11 
-    server: "https://acme-staging-v02.api.letsencrypt.org/directory"
12 
-    solvers:
13 
-      - dns01:
14 
-          webhook:
15 
-            # This group needs to be configured when installing the helm package, otherwise the webhook won't have permission to create an ACME challenge for this API group.
16 
-            groupName: acme.kaisers.info
17 
-            solverName: hetzner
18 
-            config:
19 
-              secretName: hetzner-secret
20 
-              zoneName: kaisers.info # (Optional): When not provided the Zone will searched in Hetzner API by recursion on full domain name
21 
-              apiUrl: https://dns.hetzner.com/api/v1
22 
----
23 
-apiVersion: cert-manager.io/v1
24 
-kind: ClusterIssuer
25 
-metadata:
26 
-  name: letsencrypt-prod
27 
-  namespace: cert-manager
28 
-spec:
29 
-  acme:
30 
-    email: "admin@kaisers.info" # replace this
31 
-    privateKeySecretRef:
32 
-      name: "prod-issuer-account-key"
33 
-    server: "https://acme-v02.api.letsencrypt.org/directory"
34 
-    solvers:
35 
-      - http01:
36 
-          ingress:
37 
-            class: "traefik"
38 
-            ingressTemplate:
39 
-              metadata:
40 
-                annotations:
41 
-                  kubernetes.io/ingress.class: "traefik"
42 
-                  traefik.ingress.kubernetes.io/router.tls: "true"
43 
-                  traefik.ingress.kubernetes.io/frontend-entry-points: "https"
44 
-                  traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
45 
-                  #traefik.ingress.kubernetes.io/redirect-entry-point: "https"