diff --git a/config/dns-issuers.yaml b/config/dns-issuers.yaml new file mode 100644 --- /dev/null +++ b/config/dns-issuers.yaml @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-staging + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-staging + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-prod + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-prod + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token \ No newline at end of file diff --git a/upstream/kustomization.yaml b/upstream/kustomization.yaml --- a/upstream/kustomization.yaml +++ b/upstream/kustomization.yaml @@ -13,3 +13,16 @@ patchesStrategicMerge: # - op: add # path: /spec/template/spec/containers/0/args/- # value: "--debug" + + # fix for a digitalocean/dns issue https://github.com/cert-manager/cert-manager/issues/2485#issuecomment-1167314615 + - target: + kind: Deployment + name: cert-manager + namespace: cert-manager + patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers-only" + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53" \ No newline at end of file