infra/k8s/operators/cert-manager/letsencrypt.yaml

148 lines
4.9 KiB
YAML
Raw Permalink Normal View History

2024-06-16 07:40:02 +00:00
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: dns-admin@janky.solutions
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging-account-key
solvers:
- dns01:
webhook:
groupName: acme.zacharyseguin.ca
solverName: pdns
config:
# Base URL of the PowerDNS server.
host: https://dns.janky.solutions
# Reference to the Kubernetes secret containing the API key.
apiKeySecretRef:
name: pdns-api-key
key: key
###
### OPTIONAL
###
# API Key scheme https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml
# default: no scheme ""
# apiKeyScheme: ""
# Header name for API key
#
# This defaults to X-API-Key when unset but supports customizations
# e.g. Authorization
# apiKeyHeaderName: ""
# Server ID for the PowerDNS API.
# When unset, defaults to "localhost".
#
# This should generally be left unset, and used
# only if you have a proxy in front of the PowerDNS API
# that requires a different value.
# serverID: localhost
# Request headers when connecting to the PowerDNS API.
# The following headers are set by default, but can be overriden:
# X-API-Key
# Content-Type
# headers:
# Host: dns.janky.solutions
# CA bundle for TLS connections
# When unset, the default system certificate store is used.
# caBundle: BASE64_ENCODED_CA_BUNDLE
# TTL for DNS records
# (in seconds)
# ttl: 120
# Timeout for requests to the PDNS api server
# (in seconds)
# timeout: 30
# If the server is only allowed to edit certain zones; the
# default is an empty list, allowing everything.
# *IMPORTANT*: Remember the trailing dot to make the zone-name
# fully qualified.
# allowed-zones:
# - example.com.
# - example.org.
# - example.net.
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: dns-admin@janky.solutions
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-account-key
solvers:
- dns01:
webhook:
groupName: acme.zacharyseguin.ca
solverName: pdns
config:
# Base URL of the PowerDNS server.
host: https://dns.janky.solutions
# Reference to the Kubernetes secret containing the API key.
apiKeySecretRef:
name: pdns-api-key
key: key
###
### OPTIONAL
###
# API Key scheme https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml
# default: no scheme ""
# apiKeyScheme: ""
# Header name for API key
#
# This defaults to X-API-Key when unset but supports customizations
# e.g. Authorization
# apiKeyHeaderName: ""
# Server ID for the PowerDNS API.
# When unset, defaults to "localhost".
#
# This should generally be left unset, and used
# only if you have a proxy in front of the PowerDNS API
# that requires a different value.
# serverID: localhost
# Request headers when connecting to the PowerDNS API.
# The following headers are set by default, but can be overriden:
# X-API-Key
# Content-Type
# headers:
# Host: dns.janky.solutions
# CA bundle for TLS connections
# When unset, the default system certificate store is used.
# caBundle: BASE64_ENCODED_CA_BUNDLE
# TTL for DNS records
# (in seconds)
# ttl: 120
# Timeout for requests to the PDNS api server
# (in seconds)
# timeout: 30
# If the server is only allowed to edit certain zones; the
# default is an empty list, allowing everything.
# *IMPORTANT*: Remember the trailing dot to make the zone-name
# fully qualified.
# allowed-zones:
# - example.com.
# - example.org.
# - example.net.