# HG changeset patch # User drewp@bigasterisk.com # Date 2023-03-13 21:01:15 # Node ID 90438c76732ff2abf845a03b189b3d8c5b0d2e2d # Parent 6c42f94f0285ca910cab4f81e1715ef89aea468e fix some clusterissuer types diff --git a/30-cert-manager/51-pomerium-production-issuer.yaml b/30-cert-manager/51-pomerium-production-issuer.yaml --- a/30-cert-manager/51-pomerium-production-issuer.yaml +++ b/30-cert-manager/51-pomerium-production-issuer.yaml @@ -1,5 +1,5 @@ apiVersion: cert-manager.io/v1 -kind: Issuer +kind: ClusterIssuer metadata: name: letsencrypt-prod namespace: pomerium diff --git a/30-cert-manager/51-pomerium-staging-issuer.yaml b/30-cert-manager/51-pomerium-staging-issuer.yaml --- a/30-cert-manager/51-pomerium-staging-issuer.yaml +++ b/30-cert-manager/51-pomerium-staging-issuer.yaml @@ -1,5 +1,5 @@ apiVersion: cert-manager.io/v1 -kind: Issuer +kind: ClusterIssuer metadata: name: letsencrypt-staging namespace: pomerium diff --git a/30-cert-manager/60-auth-cert.yaml b/30-cert-manager/60-auth-cert.yaml --- a/30-cert-manager/60-auth-cert.yaml +++ b/30-cert-manager/60-auth-cert.yaml @@ -7,6 +7,6 @@ spec: dnsNames: - 'authenticate.bigasterisk.com' issuerRef: - kind: Issuer + kind: ClusterIssuer name: letsencrypt-prod secretName: pomerium-proxy-tls \ No newline at end of file diff --git a/ingress-default.yaml b/ingress-default.yaml --- a/ingress-default.yaml +++ b/ingress-default.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: default annotations: - cert-manager.io/issuer: letsencrypt-prod + cert-manager.io/cluster-issuer: letsencrypt-prod ingress.pomerium.io/allow_public_unauthenticated_access: "true" ingress.pomerium.io/pass_identity_headers: "true" ingress.pomerium.io/preserve_host_header: "true" diff --git a/ingress-static.yaml b/ingress-static.yaml --- a/ingress-static.yaml +++ b/ingress-static.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: static annotations: - cert-manager.io/issuer: letsencrypt-prod + cert-manager.io/cluster-issuer: letsencrypt-prod ingress.pomerium.io/allow_public_unauthenticated_access: "true" ingress.pomerium.io/pass_identity_headers: "true" ingress.pomerium.io/preserve_host_header: "true"