Argo/apps/templates/cert-manager.yaml

95 lines
2.3 KiB
YAML
Raw Normal View History

2022-11-30 14:39:07 +01:00
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argo-cd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
project: default
source:
chart: cert-manager
helm:
values: |
prometheus:
enabled: false
2022-11-30 15:53:03 +01:00
extraArgs:
- --enable-certificate-owner-ref=true
2022-11-30 14:39:07 +01:00
repoURL: https://charts.jetstack.io
targetRevision: 1.10.1
syncPolicy:
automated:
prune: true
2022-11-30 14:48:33 +01:00
selfHeal: true
2022-11-30 14:53:05 +01:00
---
apiVersion: cert-manager.io/v1
2022-11-30 14:57:45 +01:00
kind: ClusterIssuer
2022-11-30 14:53:05 +01:00
metadata:
2022-11-30 14:54:45 +01:00
name: roxedus.com-cloudflare
2022-11-30 14:53:05 +01:00
namespace: cert-manager
spec:
acme:
2022-11-30 15:39:54 +01:00
server: https://acme-staging-v02.api.letsencrypt.org/directory
2022-11-30 14:53:05 +01:00
privateKeySecretRef:
name: cloudflare-issuer-account-key
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret
2022-11-30 15:02:11 +01:00
key: CLOUDFLARE_API_KEY
2022-11-30 15:08:33 +01:00
selector:
dnsNames:
- 'roxedus.com'
- '*.roxedus.com'
2022-11-30 22:41:56 +01:00
# ---
# apiVersion: cert-manager.io/v1
# kind: Certificate
# metadata:
# name: test-roxedus-com
# namespace: default
# spec:
# # Secret names are always required.
# secretName: example-com-tls
# commonName: test.roxedus.com
# dnsNames:
# - test.roxedus.com
# issuerRef:
# name: roxedus.com-cloudflare
# # We can reference ClusterIssuers by changing the kind here.
# # The default value is Issuer (i.e. a locally namespaced Issuer)
# kind: ClusterIssuer
2022-11-30 15:53:03 +01:00
---
2022-11-30 15:58:22 +01:00
apiVersion: networking.k8s.io/v1
2022-11-30 15:53:03 +01:00
kind: Ingress
metadata:
annotations:
2022-11-30 15:58:22 +01:00
# add an annotation indicating the issuer to use.
2022-11-30 22:34:01 +01:00
cert-manager.io/acme-challenge-type: dns01
2022-11-30 22:39:59 +01:00
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
2022-11-30 21:46:39 +01:00
name: myingress
2022-11-30 15:53:03 +01:00
namespace: default
spec:
rules:
2022-11-30 15:58:22 +01:00
- host: test.example.com
2022-11-30 15:53:03 +01:00
http:
paths:
2022-11-30 15:58:22 +01:00
- pathType: Prefix
path: /
backend:
service:
name: myservice
port:
number: 80
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
2022-11-30 15:53:03 +01:00
- hosts:
- test.roxedus.com
2022-11-30 22:35:31 +01:00
secretName: test-roxedus-com-cert # < cert-manager will store the created certificate in this secret.