Mercurial > code > home > repos > pomerium
changeset 33:48b4ebc37636
dns issuer, plus digitalocean workaround
| author | drewp@bigasterisk.com |
|---|---|
| date | Wed, 21 Jun 2023 22:59:12 -0700 |
| parents | 1d3d12b7cf6d |
| children | b1f75b0584f3 |
| files | config/dns-issuers.yaml upstream/kustomization.yaml |
| diffstat | 2 files changed, 48 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/config/dns-issuers.yaml Wed Jun 21 22:59:12 2023 -0700 @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-staging + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-staging + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-prod + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-prod + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token \ No newline at end of file
--- a/upstream/kustomization.yaml Wed Jun 21 22:57:20 2023 -0700 +++ b/upstream/kustomization.yaml Wed Jun 21 22:59:12 2023 -0700 @@ -13,3 +13,16 @@ # - op: add # path: /spec/template/spec/containers/0/args/- # value: "--debug" + + # fix for a digitalocean/dns issue https://github.com/cert-manager/cert-manager/issues/2485#issuecomment-1167314615 + - target: + kind: Deployment + name: cert-manager + namespace: cert-manager + patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers-only" + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53" \ No newline at end of file