81 lines
1.9 KiB
YAML
81 lines
1.9 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: cert-manager
|
|
namespace: argo-cd
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: cert-manager
|
|
project: default
|
|
source:
|
|
chart: cert-manager
|
|
helm:
|
|
values: |
|
|
|
|
prometheus:
|
|
enabled: false
|
|
|
|
extraArgs:
|
|
- --enable-certificate-owner-ref=true
|
|
- --dns01-recursive-nameservers-only
|
|
- --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
|
|
|
|
repoURL: https://charts.jetstack.io
|
|
targetRevision: 1.10.1
|
|
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: roxedus.com-cloudflare
|
|
namespace: cert-manager
|
|
spec:
|
|
acme:
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
privateKeySecretRef:
|
|
name: cloudflare-issuer-account-key
|
|
solvers:
|
|
- dns01:
|
|
cloudflare:
|
|
apiTokenSecretRef:
|
|
name: cloudflare-api-token-secret
|
|
key: CLOUDFLARE_API_KEY
|
|
# selector:
|
|
# dnsNames:
|
|
# - 'roxedus.com'
|
|
# - '*.roxedus.com'
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
# add an annotation indicating the issuer to use.
|
|
cert-manager.io/acme-challenge-type: dns01
|
|
cert-manager.io/cluster-issuer: roxedus.com-cloudflare
|
|
name: testingress
|
|
namespace: default
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: test.roxedus.com
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: /
|
|
backend:
|
|
service:
|
|
name: searxng
|
|
port:
|
|
number: 8080
|
|
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
|
|
- hosts:
|
|
- test.roxedus.com
|
|
secretName: test-roxedus-com-cert # < cert-manager will store the created certificate in this secret. |