Add readme for cert-manager

Fixes #35 and cipher security for traefik
2022-02-21 09:41:33 +01:00
parent 50532ba0b2
commit c183de3803
5 changed files with 71 additions and 6 deletions
--- a/kubernetes/certmanager/README.md
+++ b/kubernetes/certmanager/README.md
@@ -11,9 +11,4 @@ Or
 install with helm
 --set installCRDs=true

-$ helm install \
-  cert-manager jetstack/cert-manager \
-  --namespace cert-manager \
-  --create-namespace \
-  --version v1.7.0 \
-  # --set installCRDs=true
+helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
--- a/kubernetes/certmanager/templates/clusterissuer-acme.yml
+++ b/kubernetes/certmanager/templates/clusterissuer-acme.yml
@@ -0,0 +1,52 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: acme-issuer
+  # (Optional) Metadata
+  # ---
+  # namespace: your-namespace
+spec:
+  acme:
+    # Configure your email here...
+    # ---
+    # email: your-email@address
+
+    # Configure your server here...
+    # ---
+    # Letsencrypt Production
+    # server: https://acme-v02.api.letsencrypt.org/directory
+    # - or -
+    # Letsencrypt Staging
+    # server: https://acme-staging-v02.api.letsencrypt.org/directory
+
+    privateKeySecretRef:
+      name: example-issuer-account-key
+    solvers:
+    # Configure DNS or HTTP Challenge here...
+    # ---
+    # DNS Challenge:
+    - dns01:
+        # Configure your DNS Provider here...
+        # ---
+        # cloudflare:
+        #   email: your-email@address
+        # API Key:
+        #   apiKeySecretRef:
+        #     name: cloudflare-api-key-secret
+        #     key: api-key
+        # - or -
+        # API Token:
+        #   apiTokenSecretRef:
+        #     name: cloudflare-api-token-secret
+        #     key: api-token        
+      # (Optional) Add DNS selectors
+      # ---
+      # selector:
+      #   dnsNames:
+      #   - 'your-domain'
+      #   - '*.your-domain'
+
+    # HTTP Challenge:
+    # - http01:
+    #    ingress:
+    #      class: traefik
--- a/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml
+++ b/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml
@@ -0,0 +1,9 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+  # (Optional) Metadata
+  # ---
+  # namespace: your-namespace
+spec:
+  selfSigned: {}