added certificate generation with cert-manager

2026-01-11 09:59:43 +00:00 · 2018-07-22 16:49:20 +07:00 · 2018-07-22 16:49:20 +07:00 · 3b46e28a39
commit 3b46e28a39
parent 65b19d5e9f
2 changed files with 50 additions and 0 deletions
--- a/certificate.yaml
+++ b/certificate.yaml
@ -0,0 +1,35 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: san-gorilych-ru-certificate
+  namespace: default
+spec:
+  secretName: san-gorilych-ru-tls
+  issuerRef:
+    name: letsencrypt
+    kind: Issuer
+  commonName: gorilych.ru
+  dnsNames:
+  - gorilych.ru
+  - confluence.gorilych.ru
+  - git.gorilych.ru
+  - jira.gorilych.ru
+  - jupyter.gorilych.ru
+  - k8s.gorilych.ru
+  - router.gorilych.ru
+  - seafile.gorilych.ru
+  # w/a for rewrite-target from https://github.com/jetstack/cert-manager/issues/286#issuecomment-361033891
+  acme:
+    config:
+    - http01: { ingressClass: nginx }
+      domains:
+      - gorilych.ru
+      - confluence.gorilych.ru
+      - git.gorilych.ru
+      - jira.gorilych.ru
+      - jupyter.gorilych.ru
+      - k8s.gorilych.ru
+      - router.gorilych.ru
+      - seafile.gorilych.ru
+
+
--- a/cluster-issuer.yaml
+++ b/cluster-issuer.yaml
@ -0,0 +1,15 @@
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: gorilych@gmail.com
+    # Name of a secret used to store the ACME account private key from step 3
+    privateKeySecretRef:
+      name: letsencrypt-private-key
+    # Enable the HTTP-01 challenge provider
+    http01: {}