52 lines
1.9 KiB
YAML
52 lines
1.9 KiB
YAML
apiVersion: certmanager.k8s.io/v1alpha1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-prod
|
|
spec:
|
|
acme:
|
|
# The ACME server URL
|
|
server: https://acme-v01.api.letsencrypt.org/directory
|
|
# Email address used for ACME registration
|
|
email: user@example.com
|
|
# Name of a secret used to store the ACME account private key
|
|
privateKeySecretRef:
|
|
name: letsencrypt-prod
|
|
# Enable the HTTP-01 challenge provider
|
|
http01: {}
|
|
# ACME dns-01 provider configurations
|
|
dns01:
|
|
# Here we define a list of DNS-01 providers that can solve DNS challenges
|
|
providers:
|
|
- name: prod-dns
|
|
clouddns:
|
|
# A secretKeyRef to a the google cloud json service account
|
|
serviceAccountSecretRef:
|
|
name: clouddns-service-account
|
|
key: service-account.json
|
|
# The project in which to update the DNS zone
|
|
project: gcloud-prod-project
|
|
- name: cf-dns
|
|
cloudflare:
|
|
# The cloudflare user account email
|
|
email: user@example.com
|
|
# A secretKeyRef to a cloudflare api key
|
|
apiKeySecretRef:
|
|
name: cloudflare-api-key
|
|
key: api-key.txt
|
|
- name: route53
|
|
route53:
|
|
# Credentials may optionally be omitted to use ambient credentials if
|
|
# --cluster-issuer-ambient-credentials is not disabled and
|
|
# ambient credentials are available to cert-manager.
|
|
# The Route53 access key ID
|
|
accessKeyID: AKIADKOU3GLWAQM8WQKJ
|
|
# A secretKeyRef to a the route53 secret access key
|
|
secretAccessKeySecretRef:
|
|
name: route53-config
|
|
key: secret-access-key
|
|
# The Route53 region
|
|
region: us-east-1
|
|
# This field is optional for overriding the Route53 hosted zone ID
|
|
# It is required to use it if the cert-manager cannot disambiguate between two different hosted zones for the same zone name
|
|
hostedZoneID: DIKER8JPL21PSA
|