2022-11-30 14:39:07 +01:00
|
|
|
apiVersion: argoproj.io/v1alpha1
|
|
|
|
kind: Application
|
|
|
|
metadata:
|
|
|
|
name: cert-manager
|
|
|
|
namespace: argo-cd
|
|
|
|
finalizers:
|
|
|
|
- resources-finalizer.argocd.argoproj.io
|
|
|
|
spec:
|
|
|
|
destination:
|
|
|
|
server: https://kubernetes.default.svc
|
|
|
|
namespace: cert-manager
|
|
|
|
project: default
|
|
|
|
source:
|
|
|
|
chart: cert-manager
|
|
|
|
helm:
|
|
|
|
values: |
|
|
|
|
|
|
|
|
prometheus:
|
|
|
|
enabled: false
|
|
|
|
|
2022-11-30 15:53:03 +01:00
|
|
|
extraArgs:
|
|
|
|
- --enable-certificate-owner-ref=true
|
|
|
|
|
2022-11-30 14:39:07 +01:00
|
|
|
repoURL: https://charts.jetstack.io
|
|
|
|
targetRevision: 1.10.1
|
|
|
|
|
|
|
|
syncPolicy:
|
|
|
|
automated:
|
|
|
|
prune: true
|
2022-11-30 14:48:33 +01:00
|
|
|
selfHeal: true
|
2022-11-30 14:53:05 +01:00
|
|
|
|
|
|
|
---
|
|
|
|
apiVersion: cert-manager.io/v1
|
2022-11-30 14:57:45 +01:00
|
|
|
kind: ClusterIssuer
|
2022-11-30 14:53:05 +01:00
|
|
|
metadata:
|
2022-11-30 14:54:45 +01:00
|
|
|
name: roxedus.com-cloudflare
|
2022-11-30 14:53:05 +01:00
|
|
|
namespace: cert-manager
|
|
|
|
spec:
|
|
|
|
acme:
|
2022-11-30 15:39:54 +01:00
|
|
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
2022-11-30 14:53:05 +01:00
|
|
|
privateKeySecretRef:
|
|
|
|
name: cloudflare-issuer-account-key
|
|
|
|
solvers:
|
|
|
|
- dns01:
|
|
|
|
cloudflare:
|
|
|
|
apiTokenSecretRef:
|
|
|
|
name: cloudflare-api-token-secret
|
2022-11-30 15:02:11 +01:00
|
|
|
key: CLOUDFLARE_API_KEY
|
2022-11-30 15:08:33 +01:00
|
|
|
selector:
|
|
|
|
dnsNames:
|
|
|
|
- 'roxedus.com'
|
|
|
|
- '*.roxedus.com'
|
2022-11-30 22:41:56 +01:00
|
|
|
# ---
|
|
|
|
# apiVersion: cert-manager.io/v1
|
|
|
|
# kind: Certificate
|
|
|
|
# metadata:
|
|
|
|
# name: test-roxedus-com
|
|
|
|
# namespace: default
|
|
|
|
# spec:
|
|
|
|
# # Secret names are always required.
|
|
|
|
# secretName: example-com-tls
|
|
|
|
# commonName: test.roxedus.com
|
|
|
|
# dnsNames:
|
|
|
|
# - test.roxedus.com
|
|
|
|
# issuerRef:
|
|
|
|
# name: roxedus.com-cloudflare
|
|
|
|
# # We can reference ClusterIssuers by changing the kind here.
|
|
|
|
# # The default value is Issuer (i.e. a locally namespaced Issuer)
|
|
|
|
# kind: ClusterIssuer
|
2022-11-30 15:53:03 +01:00
|
|
|
---
|
2022-11-30 15:58:22 +01:00
|
|
|
apiVersion: networking.k8s.io/v1
|
2022-11-30 15:53:03 +01:00
|
|
|
kind: Ingress
|
|
|
|
metadata:
|
|
|
|
annotations:
|
2022-11-30 15:58:22 +01:00
|
|
|
# add an annotation indicating the issuer to use.
|
2022-11-30 22:34:01 +01:00
|
|
|
cert-manager.io/acme-challenge-type: dns01
|
2022-11-30 22:39:59 +01:00
|
|
|
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
|
2022-11-30 21:46:39 +01:00
|
|
|
name: myingress
|
2022-11-30 15:53:03 +01:00
|
|
|
namespace: default
|
|
|
|
spec:
|
2022-11-30 23:30:54 +01:00
|
|
|
ingressClassName: traefik
|
2022-11-30 15:53:03 +01:00
|
|
|
rules:
|
2022-11-30 23:25:34 +01:00
|
|
|
- host: test.roxedus.com
|
2022-11-30 15:53:03 +01:00
|
|
|
http:
|
|
|
|
paths:
|
2022-11-30 15:58:22 +01:00
|
|
|
- pathType: Prefix
|
|
|
|
path: /
|
|
|
|
backend:
|
|
|
|
service:
|
2022-11-30 23:25:34 +01:00
|
|
|
name: searxng
|
2022-11-30 15:58:22 +01:00
|
|
|
port:
|
2022-11-30 23:25:34 +01:00
|
|
|
number: 8080
|
2022-11-30 15:58:22 +01:00
|
|
|
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
|
2022-11-30 15:53:03 +01:00
|
|
|
- hosts:
|
|
|
|
- test.roxedus.com
|
2022-11-30 22:35:31 +01:00
|
|
|
secretName: test-roxedus-com-cert # < cert-manager will store the created certificate in this secret.
|