Added route53 provider to Issuer example. Created ClusterIssuer example

2017-10-24 09:10:08 +02:00 · 2017-10-24 09:10:08 +02:00 · 7085fa25bf
commit 7085fa25bf
parent 5d3a3296ba
4 changed files with 68 additions and 4 deletions
--- a/docs/api-types/issuer/spec.md
+++ b/docs/api-types/issuer/spec.md
@ -127,6 +127,7 @@ clouddns:
 route53:
  accessKeyID: AKIAIOSFODNN7EXAMPLE
  region: eu-west-1
+  hostedZoneID: DIKER8JPL21PSA
  secretAccessKeySecretRef:
    name: prod-route53-credentials-secret
    key: secret-access-key
@ -146,5 +147,3 @@ cloudflare:

 CA Issuers issue certificates signed from a X509 signing keypair, stored in a
 secret in the Kubernetes API server.
-
-
--- a/docs/examples/acme-cert.yaml
+++ b/docs/examples/acme-cert.yaml
@ -12,8 +12,9 @@ spec:
  - cm-http-nginx.k8s.group
  - cm-http-nginx2.k8s.group
  - cm-http-gce.k8s.group
-  - cm-http-clouddns.k8s.group
-  - cm-http-cloudflare.k8s.group
+  - cm-dns-clouddns.k8s.group
+  - cm-dns-cloudflare.k8s.group
+  - cm-dns-route53.k8s.group
  acme:
    config:
    - http01:
@ -33,3 +34,7 @@ spec:
        provider: cloudflare
      domains:
      - cm-dns-cloudflare.k8s.group
+    - dns-01:
+        provider: route53
+      domains:
+      - cm-dns-route53.k8s.group
--- a/docs/examples/acme-issuer.yaml
+++ b/docs/examples/acme-issuer.yaml
@ -27,8 +27,21 @@ spec:
          project: gcloud-prod-project
      - name: cf-dns
        cloudflare:
+          # The cloudflare user account email
          email: user@example.com
          # A secretKeyRef to a cloudflare api key
          apiKeySecretRef:
            name: cloudflare-api-key
            key: api-key.txt
+      - name: route53
+        route53:
+          # The Route53 access key ID
+          accessKeyID: AKIADKOU3GLWAQM8WQKJ
+          # A secretKeyRef to a the route53 secret access key
+          secretAccessKeySecretRef:
+            name: route53-config
+            key: secret-access-key
+          # The Route53 hosted zone ID
+          hostedZoneID: DIKER8JPL21PSA
+          # The Route53 region
+          region: us-east-1
--- a/docs/examples/cluster-issuer.yaml
+++ b/docs/examples/cluster-issuer.yaml
@ -0,0 +1,47 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v01.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: user@example.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    http01: {}
+    # ACME dns-01 provider configurations
+    dns01:
+      # Here we define a list of DNS-01 providers that can solve DNS challenges
+      providers:
+      - name: prod-dns
+        clouddns:
+          # A secretKeyRef to a the google cloud json service account
+          serviceAccountSecretRef:
+            name: clouddns-service-account
+            key: service-account.json
+          # The project in which to update the DNS zone
+          project: gcloud-prod-project
+      - name: cf-dns
+        cloudflare:
+          # The cloudflare user account email
+          email: user@example.com
+          # A secretKeyRef to a cloudflare api key
+          apiKeySecretRef:
+            name: cloudflare-api-key
+            key: api-key.txt
+      - name: route53
+        route53:
+          # The Route53 access key ID
+          accessKeyID: AKIADKOU3GLWAQM8WQKJ
+          # A secretKeyRef to a the route53 secret access key
+          secretAccessKeySecretRef:
+            name: route53-config
+            key: secret-access-key
+          # The Route53 hosted zone ID
+          hostedZoneID: DIKER8JPL21PSA
+          # The Route53 region
+          region: us-east-1