From 04ade0e68734f5a3c27b6962c81e0d7abe29bc76 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 13 Oct 2017 11:52:34 +0100 Subject: [PATCH] Update documentation examples --- README.md | 8 +++++--- docs/api-types/issuer/README.md | 3 ++- docs/api-types/issuer/spec.md | 14 ++++++++------ docs/examples/acme-cert.yaml | 3 ++- docs/examples/acme-issuer.yaml | 24 +++++++++++++++++++++--- docs/examples/ca-cert.yaml | 6 +++++- docs/examples/ca-issuer.yaml | 3 +-- 7 files changed, 44 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index fefbeb3f8..e9582c73a 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,8 @@ spec: # Email address used for ACME registration email: "" # Name of a secret used to store the ACME account private key - privateKey: letsencrypt-staging + privateKeySecretRef: + name: letsencrypt-staging # ACME dns-01 provider configurations dns-01: # Here we define a list of DNS-01 providers that can solve DNS challenges @@ -85,7 +86,7 @@ spec: - name: prod-dns clouddns: # A secretKeyRef to a the google cloud json service account - serviceAccount: + serviceAccountSecretRef: name: clouddns-service-account key: service-account.json # The project in which to update the DNS zone @@ -127,7 +128,8 @@ spec: # The name of the Kubernetes secret resource to store the signed TLS keypair secretName: example-com # The Issuer to use for this certificate - issuer: letsencrypt-staging + issuerRef: + name: letsencrypt-staging # A list of domains to include on the TLS certificate domains: - example.com diff --git a/docs/api-types/issuer/README.md b/docs/api-types/issuer/README.md index d6f5943f8..046442311 100644 --- a/docs/api-types/issuer/README.md +++ b/docs/api-types/issuer/README.md @@ -17,7 +17,8 @@ spec: # Email address used for ACME registration email: user@example.com # Name of a secret used to store the ACME account private key - privateKey: letsncrypt-prod + privateKeySecretRef: + name: letsncrypt-prod ``` This is the simplest of ACME issuers - it specifies no DNS-01 challenge diff --git a/docs/api-types/issuer/spec.md b/docs/api-types/issuer/spec.md index 3b9ea2bcf..0e59ac332 100644 --- a/docs/api-types/issuer/spec.md +++ b/docs/api-types/issuer/spec.md @@ -21,7 +21,8 @@ spec: server: https://acme-v01.api.letsencrypt.org/directory email: user@example.com # Name of a secret used to store the ACME account private key - privateKey: letsncrypt-prod + privateKeySecretRef: + name: letsncrypt-prod ``` ## ACME configuration @@ -57,7 +58,8 @@ spec: acme: email: user@example.com server: https://acme-staging.api.letsencrypt.org/directory - privateKey: example-issuer-account-key + privateKeySecretRef: + name: example-issuer-account-key ``` ### ACME issuer DNS provider configuration @@ -80,7 +82,7 @@ spec: providers: - name: prod-clouddns clouddns: - serviceAccount: + serviceAccountSecretRef: name: prod-clouddns-svc-acct-secret key: service-account.json ``` @@ -99,7 +101,7 @@ a listing of them all, with an example block of configuration: ```yaml clouddns: - serviceAccount: + serviceAccountSecretRef: name: prod-clouddns-svc-acct-secret key: service-account.json ``` @@ -110,7 +112,7 @@ clouddns: route53: accessKeyID: AKIAIOSFODNN7EXAMPLE region: eu-west-1 - secretAccessKey: + secretAccessKeySecretRef: name: prod-route53-credentials-secret key: secret-access-key ``` @@ -120,7 +122,7 @@ route53: ```yaml cloudflare: email: my-cloudflare-acc@example.com - secretAccessKey: + apiKeySecretRef: name: cloudflare-api-key-secret key: api-key ``` diff --git a/docs/examples/acme-cert.yaml b/docs/examples/acme-cert.yaml index fb1c204f1..a3af64d7a 100644 --- a/docs/examples/acme-cert.yaml +++ b/docs/examples/acme-cert.yaml @@ -6,7 +6,8 @@ metadata: name: cm-http-nginx-k8s-group spec: secretName: cm-http-nginx-k8s-group - issuer: letsencrypt-staging + issuerRef: + name: letsencrypt-staging domains: - cm-http-nginx.k8s.group - cm-http-nginx2.k8s.group diff --git a/docs/examples/acme-issuer.yaml b/docs/examples/acme-issuer.yaml index 5cf22723b..7d7bcdec5 100644 --- a/docs/examples/acme-issuer.yaml +++ b/docs/examples/acme-issuer.yaml @@ -2,13 +2,31 @@ apiVersion: certmanager.k8s.io/v1alpha1 kind: Issuer metadata: name: letsencrypt-prod - namespace: skeleton-review spec: acme: # The ACME server URL server: https://acme-v01.api.letsencrypt.org/directory # Email address used for ACME registration - email: james+workshops@jetstack.io + email: user@example.com # Name of a secret used to store the ACME account private key - privateKey: letsncrypt-prod + privateKeySecretRef: + name: letsncrypt-prod # ACME dns-01 provider configurations + dns-01: + # Here we define a list of DNS-01 providers that can solve DNS challenges + providers: + - name: prod-dns + clouddns: + # A secretKeyRef to a the google cloud json service account + serviceAccountSecretRef: + name: clouddns-service-account + key: service-account.json + # The project in which to update the DNS zone + project: gcloud-prod-project + - name: cf-dns + cloudflare: + email: user@example.com + # A secretKeyRef to a the google cloud json service account + apiKeySecretRef: + name: cloudflare-api-key + key: api-key.txt diff --git a/docs/examples/ca-cert.yaml b/docs/examples/ca-cert.yaml index 654e30be5..a6fd9c8a6 100644 --- a/docs/examples/ca-cert.yaml +++ b/docs/examples/ca-cert.yaml @@ -6,6 +6,10 @@ metadata: name: test-ca-crt spec: secretName: test-ca-crt - issuer: ca-issuer + issuerRef: + name: ca-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer domains: - cert-manager.k8s.io diff --git a/docs/examples/ca-issuer.yaml b/docs/examples/ca-issuer.yaml index a8f2ced4b..b384dbf17 100644 --- a/docs/examples/ca-issuer.yaml +++ b/docs/examples/ca-issuer.yaml @@ -4,5 +4,4 @@ metadata: name: ca-issuer spec: ca: - secretRef: - name: ca-key-pair + secretName: ca-key-pair