# HG changeset patch # User drewp@bigasterisk.com # Date 2023-06-22 05:59:12 # Node ID 48b4ebc376364e234055cf9d3c708bb7330d33af # Parent 1d3d12b7cf6df776172a838c30174325d44337b7 dns issuer, plus digitalocean workaround diff --git a/config/dns-issuers.yaml b/config/dns-issuers.yaml new file mode 100644 --- /dev/null +++ b/config/dns-issuers.yaml @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-staging + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-staging + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-dns-prod + namespace: pomerium +spec: + acme: + email: drewp@bigasterisk.com + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-dns-prod + solvers: + - dns01: + digitalocean: + tokenSecretRef: + name: digitalocean-dns + key: access-token \ No newline at end of file diff --git a/upstream/kustomization.yaml b/upstream/kustomization.yaml --- a/upstream/kustomization.yaml +++ b/upstream/kustomization.yaml @@ -13,3 +13,16 @@ patchesStrategicMerge: # - op: add # path: /spec/template/spec/containers/0/args/- # value: "--debug" + + # fix for a digitalocean/dns issue https://github.com/cert-manager/cert-manager/issues/2485#issuecomment-1167314615 + - target: + kind: Deployment + name: cert-manager + namespace: cert-manager + patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers-only" + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53" \ No newline at end of file