IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Ocelot-Social/deployment/digital-ocean/https/templates/issuer.template.yaml
Wolfgang Huß 95079daa0c Setup a new ClusterIssuer
2020-12-14 13:53:55 +01:00

107 lines
3.4 KiB
YAML
Raw Blame History

# ---
# # used while installation as first setup for testing purposes, recognize 'server: https://acme-staging-v02…'
# apiVersion: cert-manager.io/v1
# kind: Issuer
# metadata:
# name: letsencrypt-staging
# namespace: ocelot-social
# spec:
# acme:
# # The ACME server URL
# server: https://acme-staging-v02.api.letsencrypt.org/directory
# # Email address used for ACME registration
# email: user@example.com
# # Name of a secret used to store the ACME account private key
# privateKeySecretRef:
# name: letsencrypt-staging
# # Enable the HTTP-01 challenge provider
# http01: {}
---
# used while installation as first setup for testing purposes, recognize 'server: https://acme-staging-v02…'
# !!! replace the e-mail for expiring certificates, see below !!!
# !!! create the used secret, see below !!!
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
namespace: ocelot-social
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: user@example.com
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-staging-issuer-account-key
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
# ---
# # used after installation for production, recognize 'server: https://acme-v02…'
# apiVersion: cert-manager.io/v1
# kind: Issuer
# metadata:
# name: letsencrypt-prod
# namespace: ocelot-social
# spec:
# acme:
# # The ACME server URL
# server: https://acme-v02.api.letsencrypt.org/directory
# # Email address used for ACME registration
# email: user@example.com
# # Name of a secret used to store the ACME account private key
# privateKeySecretRef:
# name: letsencrypt-prod
# # Enable the HTTP-01 challenge provider
# http01: {}
---
# used after installation for production, recognize 'server: https://acme-v02…'
# !!! replace the e-mail for expiring certificates, see below !!!
# !!! create the used secret, see below !!!
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: ocelot-social
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: user@example.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-prod-issuer-account-key
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
---
# fill in your letsencrypt-staging-issuer-account-key
# generate base 64: $ echo -n '<your data>' | base64
apiVersion: v1
data:
tls.key: <your base 64 data>
kind: Secret
metadata:
name: letsencrypt-staging-issuer-account-key
namespace: ocelot-social
type: Opaque
---
# fill in your letsencrypt-prod-issuer-account-key
# generate base 64: $ echo -n '<your data>' | base64
apiVersion: v1
data:
tls.key: <your base 64 data>
kind: Secret
metadata:
name: letsencrypt-prod-issuer-account-key
namespace: ocelot-social
type: Opaque
Reference in New Issue View Git Blame Copy Permalink