Update example resource types
This commit is contained in:
James Munnelly
parent
95cba8ab5f
commit
479559d73c
@ -1,33 +1,63 @@
|
|||||||
# Example ACME certificate using DNS
|
# certificate resource request for google.com using letsencrypt issuer
|
||||||
apiVersion: certmanager.k8s.io/v1alpha1
|
apiVersion: certmanager.k8s.io/v1alpha1
|
||||||
kind: Certificate
|
kind: Certificate
|
||||||
metadata:
|
metadata:
|
||||||
name: my-certificate
|
name: production-crt
|
||||||
spec:
|
spec:
|
||||||
|
secret: production-crt
|
||||||
|
issuer: letsencrypt-prod
|
||||||
domains:
|
domains:
|
||||||
- www.google.com
|
- www.google.com
|
||||||
acme:
|
acme:
|
||||||
challenge: dns-01
|
http-01:
|
||||||
url: https://...
|
# if the ingress resource already exists, we modify it to add our path
|
||||||
email: test@example.com
|
# instead of creating our own ingress resource (to support gce). if this
|
||||||
dns:
|
# is blank, a temporary ingress resource will be used
|
||||||
clouddns: {}
|
ingress: google-com
|
||||||
|
# only required when
|
||||||
|
ingressClass: nginx
|
||||||
status:
|
status:
|
||||||
state: Pending
|
state: Pending
|
||||||
---
|
---
|
||||||
# Example ACME certificate using Ingress
|
# letsencrypt issuer resource
|
||||||
apiVersion: certmanager.kubernetes.io/v1
|
apiVersion: certmanager.k8s.io/v1alpha1
|
||||||
|
kind: Issuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
url: https://letsencrypt-prod.org
|
||||||
|
email: james@jetstack.io
|
||||||
|
privateKey: james-letsencrypt-prod
|
||||||
|
status:
|
||||||
|
ready: true
|
||||||
|
---
|
||||||
|
# certificate resource request for google.com using letsencrypt issuer
|
||||||
|
apiVersion: certmanager.k8s.io/v1alpha1
|
||||||
kind: Certificate
|
kind: Certificate
|
||||||
metadata:
|
metadata:
|
||||||
name: my-certificate
|
name: vault-crt
|
||||||
spec:
|
spec:
|
||||||
|
secret: vault-crt
|
||||||
|
issuer: vault-prod
|
||||||
domains:
|
domains:
|
||||||
- www.google.com
|
- www.yahoo.com
|
||||||
acme:
|
vault:
|
||||||
challenge: http-01
|
role: serving
|
||||||
url: https://...
|
|
||||||
email: test@example.com
|
|
||||||
ingressRef:
|
|
||||||
name: something
|
|
||||||
status:
|
status:
|
||||||
state: Pending
|
state: Pending
|
||||||
|
---
|
||||||
|
# vault issuer resource
|
||||||
|
apiVersion: certmanager.k8s.io/v1alpha1
|
||||||
|
kind: Issuer
|
||||||
|
metadata:
|
||||||
|
name: vault-prod
|
||||||
|
spec:
|
||||||
|
vault:
|
||||||
|
url: https://vault.service.svc.cluster.local
|
||||||
|
path: pki/prod-ca/
|
||||||
|
credentials:
|
||||||
|
token:
|
||||||
|
secretName: vault-token
|
||||||
|
status:
|
||||||
|
ready: true
|
||||||
|
|||||||
@ -9,3 +9,15 @@ spec:
|
|||||||
kind: Certificate
|
kind: Certificate
|
||||||
plural: certificates
|
plural: certificates
|
||||||
scope: Namespaced # Can also be cluster level using "Cluster"
|
scope: Namespaced # Can also be cluster level using "Cluster"
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: issuers.certmanager.k8s.io
|
||||||
|
spec:
|
||||||
|
group: certmanager.k8s.io
|
||||||
|
version: v1alpha1
|
||||||
|
names:
|
||||||
|
kind: Issuer
|
||||||
|
plural: issuers
|
||||||
|
scope: Namespaced # Can also be cluster level using "Cluster"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user