Add readme for cert-manager

Fixes #35 and cipher security for traefik

docker-compose/traefik/README.md

@@ -25,6 +25,11 @@ Replace the `/etc/traefik/certs/cert.pem` with your certificate file, and the `/
 
 # Best-Practices & Post-Installation
 
+
+## MinTLS Version
+TLS 1.0 and 1.1 are not longer secure! Consider disabling it in the Traefik Configuration.
+
+
 ```yaml
 providers:
   docker:

docker-compose/traefik/config/traefik.yml

@@ -63,6 +63,10 @@ entryPoints:
 #       defaultCertificate:
 #         certFile: /etc/traefik/certs/cert.pem
 #         keyFile: /etc/traefik/certs/cert-key.pem
+# (Optional) Disable TLS version 1.0 and 1.1
+#   options:
+#     default:
+#       minVersion: VersionTLS12
 
 providers:
   docker:

kubernetes/certmanager/README.md

@@ -11,9 +11,4 @@ Or
 install with helm
 --set installCRDs=true
 
-$ helm install \
-  cert-manager jetstack/cert-manager \
-  --namespace cert-manager \
-  --create-namespace \
-  --version v1.7.0 \
-  # --set installCRDs=true
+helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true

kubernetes/certmanager/templates/clusterissuer-acme.yml

@@ -0,0 +1,52 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: acme-issuer
+  # (Optional) Metadata
+  # ---
+  # namespace: your-namespace
+spec:
+  acme:
+    # Configure your email here...
+    # ---
+    # email: your-email@address
+
+    # Configure your server here...
+    # ---
+    # Letsencrypt Production
+    # server: https://acme-v02.api.letsencrypt.org/directory
+    # - or -
+    # Letsencrypt Staging
+    # server: https://acme-staging-v02.api.letsencrypt.org/directory
+
+    privateKeySecretRef:
+      name: example-issuer-account-key
+    solvers:
+    # Configure DNS or HTTP Challenge here...
+    # ---
+    # DNS Challenge:
+    - dns01:
+        # Configure your DNS Provider here...
+        # ---
+        # cloudflare:
+        #   email: your-email@address
+        # API Key:
+        #   apiKeySecretRef:
+        #     name: cloudflare-api-key-secret
+        #     key: api-key
+        # - or -
+        # API Token:
+        #   apiTokenSecretRef:
+        #     name: cloudflare-api-token-secret
+        #     key: api-token        
+      # (Optional) Add DNS selectors
+      # ---
+      # selector:
+      #   dnsNames:
+      #   - 'your-domain'
+      #   - '*.your-domain'
+
+    # HTTP Challenge:
+    # - http01:
+    #    ingress:
+    #      class: traefik

kubernetes/certmanager/templates/clusterissuer-selfsigned.yml

@@ -0,0 +1,9 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+  # (Optional) Metadata
+  # ---
+  # namespace: your-namespace
+spec:
+  selfSigned: {}