Changeset - 48b4ebc37636
Parent rev.
Child rev.
[Not reviewed]
default
0 1 1
drewp@bigasterisk.com - 16 months ago 2023-06-22 05:59:12
drewp@bigasterisk.com
dns issuer, plus digitalocean workaround
2 files changed with 48 insertions and 0 deletions:
config/dns-issuers.yaml
35
upstream/kustomization.yaml
13
0 comments (0 inline, 0 general)
config/dns-issuers.yaml
Show inline comments
 
new file 100644
 
apiVersion: cert-manager.io/v1
 
kind: ClusterIssuer
 
metadata:
 
  name: letsencrypt-dns-staging
 
  namespace: pomerium
 
spec:
 
  acme:
 
    email: drewp@bigasterisk.com
 
    server: https://acme-staging-v02.api.letsencrypt.org/directory
 
    privateKeySecretRef:
 
      name: letsencrypt-dns-staging
 
    solvers:
 
    - dns01:
 
        digitalocean:
 
          tokenSecretRef:
 
            name: digitalocean-dns
 
            key: access-token
 
---
 
apiVersion: cert-manager.io/v1
 
kind: ClusterIssuer
 
metadata:
 
  name: letsencrypt-dns-prod
 
  namespace: pomerium
 
spec:
 
  acme:
 
    email: drewp@bigasterisk.com
 
    server: https://acme-v02.api.letsencrypt.org/directory
 
    privateKeySecretRef:
 
      name: letsencrypt-dns-prod
 
    solvers:
 
    - dns01:
 
        digitalocean:
 
          tokenSecretRef:
 
            name: digitalocean-dns
 
            key: access-token
 
\ No newline at end of file
upstream/kustomization.yaml
Show inline comments
 
bases:
 
  - pomerium-ingress-controller.yaml
 
  - cert-manager-v1.12.0.yaml
 
patchesStrategicMerge:
 
  - "patch.yaml"
 

			




	
	
	
		
 
# patches:

			




	
	
	
		
 
#   - target:

			




	
	
	
		
 
#       kind: Deployment

			




	
	
	
		
 
#       name: pomerium

			




	
	
	
		
 
#       namespace: pomerium

			




	
	
	
		
 
#     patch: |-

			




	
	
	
		
 
#       - op: add

			




	
	
	
		
 
#         path: /spec/template/spec/containers/0/args/-

			




	
	
	
		
 
#         value: "--debug"

			




	
	
	
		
 

			




	
	
	
		
 
  # fix for a digitalocean/dns issue https://github.com/cert-manager/cert-manager/issues/2485#issuecomment-1167314615

			




	
	
	
		
 
  - target:

			




	
	
	
		
 
      kind: Deployment

			




	
	
	
		
 
      name: cert-manager

			




	
	
	
		
 
      namespace: cert-manager

			




	
	
	
		
 
    patch: |-

			




	
	
	
		
 
      - op: add

			




	
	
	
		
 
        path: /spec/template/spec/containers/0/args/-

			




	
	
	
		
 
        value: "--dns01-recursive-nameservers-only"

			




	
	
	
		
 
      - op: add

			




	
	
	
		
 
        path: /spec/template/spec/containers/0/args/-

			




	
	
	
		
 
        value: "--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53"

			




	
	
		
 
\ No newline at end of file

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: kallithea-749ff669b6-v9g5f-76
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2021 by various authors & licensed under GPLv3.
            – Support