weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

http-01 -> http01, dns-01 -> dns01

Browse Source
This commit is contained in:
James Munnelly 2017-10-13 16:45:04 +01:00
parent c7a83606ce
commit 7060fb5019
6 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -78,9 +78,9 @@ spec:
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
http-01: {}
http01: {}
# ACME dns-01 provider configurations
dns-01:
dns01:
# Here we define a list of DNS-01 providers that can solve DNS challenges
providers:
# We define a provider named 'prod-dns', with configuration for the
@ -144,11 +144,11 @@ spec:
- domains:
- example.com
- www.example.com
http-01:
http01:
ingressClass: nginx
- domains:
- example2.com
dns-01:
dns01:
provider: prod-dns
```

5
docs/api-types/issuer/README.md
View File

@ -19,11 +19,14 @@ spec:
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsncrypt-prod
# Enable HTTP01 validations
http01: {}
```
This is the simplest of ACME issuers - it specifies no DNS-01 challenge
providers. HTTP-01 validation can be performed through using Ingress
resources without any additional configuration on the Issuer resource.
resources by enabling the HTTP-01 challenge mechanism (with the `http01: {}`
field).
## Namespacing

6
docs/api-types/issuer/spec.md
View File

@ -36,7 +36,7 @@ configuring credentials for a DNS provider.
In order to allow HTTP01 challenges to be solved, we must enable the HTTP01
challenge provider on our Issuer resource. This can be done through setting the
`http-01` field on the `issuer.spec.acme` stanza. Cert-manager will then create
`http01` field on the `issuer.spec.acme` stanza. Cert-manager will then create
and manage Ingress rules in the Kubernetes API server in order to solve HTTP-01
based challenges.
@ -51,7 +51,7 @@ spec:
server: https://acme-staging.api.letsencrypt.org/directory
privateKeySecretRef:
name: example-issuer-account-key
http-01: {}
http01: {}
```
### ACME issuer with no configured DNS providers
@ -93,7 +93,7 @@ spec:
server: https://acme-staging.api.letsencrypt.org/directory
privateKeySecretRef:
name: example-issuer-account-key
dns-01:
dns01:
providers:
- name: prod-clouddns
clouddns:

8
docs/examples/acme-cert.yaml
View File

@ -16,20 +16,20 @@ spec:
- cm-http-cloudflare.k8s.group
acme:
config:
- http-01:
- http01:
ingressClass: nginx
domains:
- cm-http-nginx.k8s.group
- cm-http-nginx2.k8s.group
- http-01:
- http01:
ingressName: my-gce-ingress
domains:
- cm-http-gce.k8s.group
- dns-01:
- dns01:
provider: clouddns
domains:
- cm-dns-clouddns.k8s.group
- dns-01:
- dns01:
provider: cloudflare
domains:
- cm-dns-cloudflare.k8s.group

4
docs/examples/acme-issuer.yaml
View File

@ -12,9 +12,9 @@ spec:
privateKeySecretRef:
name: letsncrypt-prod
# Enable the HTTP-01 challenge provider
http-01: {}
http01: {}
# ACME dns-01 provider configurations
dns-01:
dns01:
# Here we define a list of DNS-01 providers that can solve DNS challenges
providers:
- name: prod-dns

8
pkg/apis/certmanager/v1alpha1/types.go
View File

@ -94,9 +94,9 @@ type ACMEIssuer struct {
// user account.
PrivateKey SecretKeySelector `json:"privateKeySecretRef"`
// HTTP01 config
HTTP01 *ACMEIssuerHTTP01Config `json:"http-01"`
HTTP01 *ACMEIssuerHTTP01Config `json:"http01,omitempty"`
// DNS-01 config
DNS01 *ACMEIssuerDNS01Config `json:"dns-01"`
DNS01 *ACMEIssuerDNS01Config `json:"dns01,omitempty"`
}
type ACMEIssuerHTTP01Config struct {
@ -249,8 +249,8 @@ type ACMECertificateConfig struct {
type ACMECertificateDomainConfig struct {
Domains []string `json:"domains"`
HTTP01 *ACMECertificateHTTP01Config `json:"http-01,omitempty"`
DNS01 *ACMECertificateDNS01Config `json:"dns-01,omitempty"`
HTTP01 *ACMECertificateHTTP01Config `json:"http01,omitempty"`
DNS01 *ACMECertificateDNS01Config `json:"dns01,omitempty"`
}
type ACMECertificateHTTP01Config struct {