# HG changeset patch # User drewp@bigasterisk.com # Date 1687413552 25200 # Node ID 48b4ebc376364e234055cf9d3c708bb7330d33af # Parent 1d3d12b7cf6df776172a838c30174325d44337b7 dns issuer, plus digitalocean workaround diff -r 1d3d12b7cf6d -r 48b4ebc37636 config/dns-issuers.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/config/dns-issuers.yaml Wed Jun 21 22:59:12 2023 -0700 @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-staging + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-staging + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-prod + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-prod + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token \ No newline at end of file diff -r 1d3d12b7cf6d -r 48b4ebc37636 upstream/kustomization.yaml --- a/upstream/kustomization.yaml Wed Jun 21 22:57:20 2023 -0700 +++ b/upstream/kustomization.yaml Wed Jun 21 22:59:12 2023 -0700 @@ -13,3 +13,16 @@ # - op: add # path: /spec/template/spec/containers/0/args/- # value: "--debug" + + # fix for a digitalocean/dns issue https://github.com/cert-manager/cert-manager/issues/2485#issuecomment-1167314615 + - target: + kind: Deployment + name: cert-manager + namespace: cert-manager + patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers-only" + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53" \ No newline at end of file