From 3b46e28a39a1ded53092d1188c29c2a256eed99d Mon Sep 17 00:00:00 2001 From: Andrey Kartashov Date: Sun, 22 Jul 2018 16:49:20 +0700 Subject: [PATCH] added certificate generation with cert-manager --- certificate.yaml | 35 +++++++++++++++++++++++++++++++++++ cluster-issuer.yaml | 15 +++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 certificate.yaml create mode 100644 cluster-issuer.yaml diff --git a/certificate.yaml b/certificate.yaml new file mode 100644 index 0000000..47b2643 --- /dev/null +++ b/certificate.yaml @@ -0,0 +1,35 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Certificate +metadata: + name: san-gorilych-ru-certificate + namespace: default +spec: + secretName: san-gorilych-ru-tls + issuerRef: + name: letsencrypt + kind: Issuer + commonName: gorilych.ru + dnsNames: + - gorilych.ru + - confluence.gorilych.ru + - git.gorilych.ru + - jira.gorilych.ru + - jupyter.gorilych.ru + - k8s.gorilych.ru + - router.gorilych.ru + - seafile.gorilych.ru + # w/a for rewrite-target from https://github.com/jetstack/cert-manager/issues/286#issuecomment-361033891 + acme: + config: + - http01: { ingressClass: nginx } + domains: + - gorilych.ru + - confluence.gorilych.ru + - git.gorilych.ru + - jira.gorilych.ru + - jupyter.gorilych.ru + - k8s.gorilych.ru + - router.gorilych.ru + - seafile.gorilych.ru + + diff --git a/cluster-issuer.yaml b/cluster-issuer.yaml new file mode 100644 index 0000000..7dc02a0 --- /dev/null +++ b/cluster-issuer.yaml @@ -0,0 +1,15 @@ +apiVersion: certmanager.k8s.io/v1alpha1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: gorilych@gmail.com + # Name of a secret used to store the ACME account private key from step 3 + privateKeySecretRef: + name: letsencrypt-private-key + # Enable the HTTP-01 challenge provider + http01: {}