# HG changeset patch # User drewp@bigasterisk.com # Date 1687413440 25200 # Node ID 1d3d12b7cf6df776172a838c30174325d44337b7 # Parent a8c1e2f028f0b50ff18c8552d9d275e15a620910 move pom cert into make_global.py to share some vars diff -r a8c1e2f028f0 -r 1d3d12b7cf6d config/60-auth-cert.yaml --- a/config/60-auth-cert.yaml Mon Jun 19 22:21:44 2023 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: pomerium-proxy-tls - namespace: pomerium -spec: - dnsNames: - - 'authenticate.bigasterisk.com' - issuerRef: - kind: ClusterIssuer - name: letsencrypt-prod - secretName: pomerium-proxy-tls \ No newline at end of file diff -r a8c1e2f028f0 -r 1d3d12b7cf6d make_global.py --- a/make_global.py Mon Jun 19 22:21:44 2023 -0700 +++ b/make_global.py Wed Jun 21 22:57:20 2023 -0700 @@ -59,6 +59,24 @@ # } # }, } +def pomCert(): + return { + "apiVersion": "cert-manager.io/v1", + "kind": "Certificate", + "metadata": { + "name": POM_CERT_NAME, + "namespace": "pomerium" + }, + "spec": { + "dnsNames": [ + AUTH_HOST + ], + "issuerRef": { + "kind": "ClusterIssuer", + "name": "letsencrypt-dns-prod" + }, + "secretName": "pomerium-proxy-tls" + } } # Old note: pom won't start up if this cert doesn't exist, so you have to run once