64 lines
1.4 KiB
YAML
64 lines
1.4 KiB
YAML
# certificate resource request for google.com using letsencrypt issuer
|
|
apiVersion: certmanager.k8s.io/v1alpha1
|
|
kind: Certificate
|
|
metadata:
|
|
name: production-crt
|
|
spec:
|
|
secret: production-crt
|
|
issuer: letsencrypt-prod
|
|
domains:
|
|
- www.google.com
|
|
acme:
|
|
http-01:
|
|
# if the ingress resource already exists, we modify it to add our path
|
|
# instead of creating our own ingress resource (to support gce). if this
|
|
# is blank, a temporary ingress resource will be used
|
|
ingress: google-com
|
|
# only required when
|
|
ingressClass: nginx
|
|
status:
|
|
state: Pending
|
|
---
|
|
# letsencrypt issuer resource
|
|
apiVersion: certmanager.k8s.io/v1alpha1
|
|
kind: Issuer
|
|
metadata:
|
|
name: letsencrypt-prod
|
|
spec:
|
|
acme:
|
|
url: https://letsencrypt-prod.org
|
|
email: james@jetstack.io
|
|
privateKey: james-letsencrypt-prod
|
|
status:
|
|
ready: true
|
|
---
|
|
# certificate resource request for google.com using letsencrypt issuer
|
|
apiVersion: certmanager.k8s.io/v1alpha1
|
|
kind: Certificate
|
|
metadata:
|
|
name: vault-crt
|
|
spec:
|
|
secret: vault-crt
|
|
issuer: vault-prod
|
|
domains:
|
|
- www.yahoo.com
|
|
vault:
|
|
role: serving
|
|
status:
|
|
state: Pending
|
|
---
|
|
# vault issuer resource
|
|
apiVersion: certmanager.k8s.io/v1alpha1
|
|
kind: Issuer
|
|
metadata:
|
|
name: vault-prod
|
|
spec:
|
|
vault:
|
|
url: https://vault.service.svc.cluster.local
|
|
path: pki/prod-ca/
|
|
credentials:
|
|
token:
|
|
secretName: vault-token
|
|
status:
|
|
ready: true
|