Mercurial > code > home > repos > pomerium
changeset 32:1d3d12b7cf6d
move pom cert into make_global.py to share some vars
| author | drewp@bigasterisk.com |
|---|---|
| date | Wed, 21 Jun 2023 22:57:20 -0700 |
| parents | a8c1e2f028f0 |
| children | 48b4ebc37636 |
| files | config/60-auth-cert.yaml make_global.py |
| diffstat | 2 files changed, 18 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/config/60-auth-cert.yaml Mon Jun 19 22:21:44 2023 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: pomerium-proxy-tls - namespace: pomerium -spec: - dnsNames: - - 'authenticate.bigasterisk.com' - issuerRef: - kind: ClusterIssuer - name: letsencrypt-prod - secretName: pomerium-proxy-tls \ No newline at end of file
--- a/make_global.py Mon Jun 19 22:21:44 2023 -0700 +++ b/make_global.py Wed Jun 21 22:57:20 2023 -0700 @@ -59,6 +59,24 @@ # } # }, } +def pomCert(): + return { + "apiVersion": "cert-manager.io/v1", + "kind": "Certificate", + "metadata": { + "name": POM_CERT_NAME, + "namespace": "pomerium" + }, + "spec": { + "dnsNames": [ + AUTH_HOST + ], + "issuerRef": { + "kind": "ClusterIssuer", + "name": "letsencrypt-dns-prod" + }, + "secretName": "pomerium-proxy-tls" + } } # Old note: pom won't start up if this cert doesn't exist, so you have to run once