Changeset - 90438c76732f
[Not reviewed]
default
0 5 0
drewp@bigasterisk.com - 22 months ago 2023-03-13 21:01:15
drewp@bigasterisk.com
fix some clusterissuer types
5 files changed with 5 insertions and 5 deletions:
0 comments (0 inline, 0 general)
30-cert-manager/51-pomerium-production-issuer.yaml
Show inline comments
 
apiVersion: cert-manager.io/v1
 
kind: Issuer
 
kind: ClusterIssuer
 
metadata:
 
  name: letsencrypt-prod
 
  namespace: pomerium
 
spec:
 
  acme:
 
    # The ACME server URL
 
    server: https://acme-v02.api.letsencrypt.org/directory
 
    # Email address used for ACME registration
 
    email: drewp@bigasterisk.com
 
    # Name of a secret used to store the ACME account private key
 
    privateKeySecretRef:
 
      name: letsencrypt-prod
 
    # Enable the HTTP-01 challenge provider
 
    solvers:
 
      - http01:
 
          ingress:
 
            class: pomerium
30-cert-manager/51-pomerium-staging-issuer.yaml
Show inline comments
 
apiVersion: cert-manager.io/v1
 
kind: Issuer
 
kind: ClusterIssuer
 
metadata:
 
  name: letsencrypt-staging
 
  namespace: pomerium
 
spec:
 
  acme:
 
    # The ACME server URL
 
    server: https://acme-staging-v02.api.letsencrypt.org/directory
 
    # Email address used for ACME registration
 
    email: drewp@bigasterisk.com
 
    # Name of a secret used to store the ACME account private key
 
    privateKeySecretRef:
 
      name: letsencrypt-staging
 
    # Enable the HTTP-01 challenge provider
 
    solvers:
 
      - http01:
 
          ingress:
 
            class: pomerium
30-cert-manager/60-auth-cert.yaml
Show inline comments
 
apiVersion: cert-manager.io/v1
 
kind: Certificate
 
metadata:
 
  name: pomerium-proxy-tls
 
  namespace: pomerium
 
spec:
 
  dnsNames:
 
  - 'authenticate.bigasterisk.com'
 
  issuerRef:
 
    kind: Issuer
 
    kind: ClusterIssuer
 
    name: letsencrypt-prod
 
  secretName: pomerium-proxy-tls
 
\ No newline at end of file
ingress-default.yaml
Show inline comments
 
apiVersion: networking.k8s.io/v1
 
kind: Ingress
 
metadata:
 
  name: default
 
  annotations:
 
    cert-manager.io/issuer: letsencrypt-prod
 
    cert-manager.io/cluster-issuer: letsencrypt-prod
 
    ingress.pomerium.io/allow_public_unauthenticated_access: "true"
 
    ingress.pomerium.io/pass_identity_headers: "true"
 
    ingress.pomerium.io/preserve_host_header: "true"
 
spec:
 
  ingressClassName: pomerium
 
  rules:
 
    - host: "bigasterisk.com"
 
      http:
 
        paths:
 
          - { pathType: Prefix, path: /, backend: { service: { name: nginx, port: { number: 11444 } } } }
 
  tls:
 
    - hosts: [bigasterisk.com]
 
      secretName: bigasterisk.com-tls
ingress-static.yaml
Show inline comments
 
apiVersion: networking.k8s.io/v1
 
kind: Ingress
 
metadata:
 
  name: static
 
  annotations:
 
    cert-manager.io/issuer: letsencrypt-prod
 
    cert-manager.io/cluster-issuer: letsencrypt-prod
 
    ingress.pomerium.io/allow_public_unauthenticated_access: "true"
 
    ingress.pomerium.io/pass_identity_headers: "true"
 
    ingress.pomerium.io/preserve_host_header: "true"
 
spec:
 
  ingressClassName: pomerium
 
  rules:
 
    - host: "williamperttula.com"
 
      http:
 
        paths:
 
          - { pathType: Prefix, path: /, backend: { service: { name: nginx, port: { number: 11444 } } } }
 
  tls:
 
    - hosts: [williamperttula.com]
 
      secretName: williamperttula.com-tls
0 comments (0 inline, 0 general)