weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
c82226c7d1
cert-manager/docs/examples/acme-issuer.yaml
mwieczorek cc89fe59aa Added Azure DNS support for DNS01 challange
2018-02-13 10:34:06 +01:00

66 lines
2.7 KiB
YAML
Raw Blame History

apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v01.api.letsencrypt.org/directory
# Email address used for ACME registration
email: user@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
http01: {}
# ACME dns-01 provider configurations
dns01:
# Here we define a list of DNS-01 providers that can solve DNS challenges
providers:
- name: prod-dns
clouddns:
# A secretKeyRef to a the google cloud json service account
serviceAccountSecretRef:
name: clouddns-service-account
key: service-account.json
# The project in which to update the DNS zone
project: gcloud-prod-project
- name: cf-dns
cloudflare:
# The cloudflare user account email
email: user@example.com
# A secretKeyRef to a cloudflare api key
apiKeySecretRef:
name: cloudflare-api-key
key: api-key.txt
- name: route53
route53:
# The Route53 access key ID
accessKeyID: AKIADKOU3GLWAQM8WQKJ
# A secretKeyRef to a the route53 secret access key
secretAccessKeySecretRef:
name: route53-config
key: secret-access-key
# The Route53 region
region: us-east-1
# This field is optional for overriding the Route53 hosted zone ID
# It is required to use it if the cert-manager cannot disambiguate between two different hosted zones for the same zone name
hostedZoneID: DIKER8JPL21PSA
- name: azuredns
azuredns:
# Service principal clientId (also called appId)
clientID: 8ff041f4-a14f-4753-80c2-101b35db5879
# A secretKeyRef to a service principal ClientSecret (password)
# ref: https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-kubernetes-service-principal
clientSecretSecretRef:
name: azuredns-config
key: client-secret
# Azure subscription Id
subscriptionID: 0933cdcc-0cd0-4fb3-9f26-dac4fdc2154b
# Azure AD tenant Id
tenantID: 9581f7ad-8f4f-4f07-92df-12c821981ce8
# ResourceGroup name where dns zone is provisioned
resourceGroupName: resource-group
# Name of the hosted zone, if ommited it will be computed from domain provided during certificate creation
# hosted zone name is always part of domain name from certificate request
hostedZoneName: k8s.group
Reference in New Issue View Git Blame Copy Permalink