From 3d55786e361d0ec6ed7beddb9d48bb3f5c9b7ff3 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 8 Nov 2024 12:06:13 +0100 Subject: [PATCH] cert-manager update --- .../examples/certificate.yaml.example | 13 +++++ .../examples/clusterissuer.yaml.example | 17 ++++++ .../examples/example-certificate.yaml | 12 ---- .../examples/example-clusterissuer.yaml | 52 ------------------ .../certmanager/examples/example-issuer.yaml | 55 ------------------- .../examples/issuer-secret.yaml.example | 9 +++ .../certmanager/examples/issuer.yaml.example | 18 ++++++ kubernetes/certmanager/values.yaml | 7 +-- 8 files changed, 58 insertions(+), 125 deletions(-) create mode 100644 kubernetes/certmanager/examples/certificate.yaml.example create mode 100644 kubernetes/certmanager/examples/clusterissuer.yaml.example delete mode 100644 kubernetes/certmanager/examples/example-certificate.yaml delete mode 100644 kubernetes/certmanager/examples/example-clusterissuer.yaml delete mode 100644 kubernetes/certmanager/examples/example-issuer.yaml create mode 100644 kubernetes/certmanager/examples/issuer-secret.yaml.example create mode 100644 kubernetes/certmanager/examples/issuer.yaml.example diff --git a/kubernetes/certmanager/examples/certificate.yaml.example b/kubernetes/certmanager/examples/certificate.yaml.example new file mode 100644 index 0000000..faa1b3c --- /dev/null +++ b/kubernetes/certmanager/examples/certificate.yaml.example @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: your-certificate # <-- Replace with your certificate name + namespace: your-namespace # <-- Replace with your namespace +spec: + secretName: your-secret # <-- Replace with your secret name + issuerRef: + name: clusterissuer # <-- Replace with your issuer name + kind: ClusterIssuer + dnsNames: + - your-hostname # <-- Replace with your hostname diff --git a/kubernetes/certmanager/examples/clusterissuer.yaml.example b/kubernetes/certmanager/examples/clusterissuer.yaml.example new file mode 100644 index 0000000..29f1b2a --- /dev/null +++ b/kubernetes/certmanager/examples/clusterissuer.yaml.example @@ -0,0 +1,17 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: clusterissuer # <-- Replace with your clsuterissuer name +spec: + acme: + email: your-email@address # <-- Replace with your email address + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-clusterissuer-account-key # <-- Replace with your secret name + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret # <-- Replace with your secret name + key: api-token diff --git a/kubernetes/certmanager/examples/example-certificate.yaml b/kubernetes/certmanager/examples/example-certificate.yaml deleted file mode 100644 index f56d7d5..0000000 --- a/kubernetes/certmanager/examples/example-certificate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: your-certificate - namespace: your-namespace -spec: - secretName: your-secret - issuerRef: - name: ssl-issuer - kind: ClusterIssuer - dnsNames: - - your-hostname diff --git a/kubernetes/certmanager/examples/example-clusterissuer.yaml b/kubernetes/certmanager/examples/example-clusterissuer.yaml deleted file mode 100644 index 63db53c..0000000 --- a/kubernetes/certmanager/examples/example-clusterissuer.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: acme-issuer -spec: - # -- (Choice) Self-signed Issuer - # selfSigned: {} - # -- or -- - # -- (Choice) ACME Issuer - acme: - # Configure your email here... - # --- - # email: your-email@address - - # Configure your server here... - # --- - # Letsencrypt Production - # server: https://acme-v02.api.letsencrypt.org/directory - # - or - - # Letsencrypt Staging - # server: https://acme-staging-v02.api.letsencrypt.org/directory - - privateKeySecretRef: - name: example-issuer-account-key - solvers: - # Configure DNS or HTTP Challenge here... - # --- - # DNS Challenge: - # - dns01: - # Configure your DNS Provider here... - # --- - # cloudflare: - # email: your-email@address - # API Key: - # apiKeySecretRef: - # name: cloudflare-api-key-secret - # key: api-key - # - or - - # API Token: - # apiTokenSecretRef: - # name: cloudflare-api-token-secret - # key: api-token - # (Optional) Add DNS selectors - # --- - # selector: - # dnsZones: - # - 'your-domain' - - # HTTP Challenge: - # - http01: - # ingress: - # class: traefik diff --git a/kubernetes/certmanager/examples/example-issuer.yaml b/kubernetes/certmanager/examples/example-issuer.yaml deleted file mode 100644 index 403d104..0000000 --- a/kubernetes/certmanager/examples/example-issuer.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: acme-issuer - # (Optional) Metadata - # --- - # namespace: your-namespace -spec: - # -- (Choice) Self-signed Issuer - # selfSigned: {} - # -- or -- - # -- (Choice) ACME Issuer - acme: - # Configure your email here... - # --- - # email: your-email@address - - # Configure your server here... - # --- - # Letsencrypt Production - # server: https://acme-v02.api.letsencrypt.org/directory - # - or - - # Letsencrypt Staging - # server: https://acme-staging-v02.api.letsencrypt.org/directory - - privateKeySecretRef: - name: example-issuer-account-key - solvers: - # Configure DNS or HTTP Challenge here... - # --- - # DNS Challenge: - # - dns01: - # Configure your DNS Provider here... - # --- - # cloudflare: - # email: your-email@address - # API Key: - # apiKeySecretRef: - # name: cloudflare-api-key-secret - # key: api-key - # - or - - # API Token: - # apiTokenSecretRef: - # name: cloudflare-api-token-secret - # key: api-token - # (Optional) Add DNS selectors - # --- - # selector: - # dnsZones: - # - 'your-domain' - - # HTTP Challenge: - # - http01: - # ingress: - # class: traefik diff --git a/kubernetes/certmanager/examples/issuer-secret.yaml.example b/kubernetes/certmanager/examples/issuer-secret.yaml.example new file mode 100644 index 0000000..29a5ee4 --- /dev/null +++ b/kubernetes/certmanager/examples/issuer-secret.yaml.example @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-token-secret + namespace: cert-manager +type: Opaque +data: + api-token: your-api-token # <-- Replace with your Cloudflare API token diff --git a/kubernetes/certmanager/examples/issuer.yaml.example b/kubernetes/certmanager/examples/issuer.yaml.example new file mode 100644 index 0000000..e7129a4 --- /dev/null +++ b/kubernetes/certmanager/examples/issuer.yaml.example @@ -0,0 +1,18 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: issuer # <-- Replace with your issuer name + namespace: your-namespace # <-- Replace with your namespace +spec: + acme: + email: your-email@address # <-- Replace with your email address + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-issuer-account-key # <-- Replace with your secret name + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret # <-- Replace with your secret name + key: api-token diff --git a/kubernetes/certmanager/values.yaml b/kubernetes/certmanager/values.yaml index 991c9b9..750e019 100644 --- a/kubernetes/certmanager/values.yaml +++ b/kubernetes/certmanager/values.yaml @@ -1,5 +1,4 @@ -# Cert-Manager Helm Chart Values Template -# --- +--- image: repository: quay.io/jetstack/cert-manager-controller tag: v1.16.0 @@ -11,12 +10,8 @@ cainjector: image: repository: quay.io/jetstack/cert-manager-cainjector tag: v1.16.0 - -# Enable the CRD install job crds: enabled: true - -# Add DNS01 recursive nameserver configuration extraArgs: - --dns01-recursive-nameservers-only - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53