adrien/ansible-role-k8s-cert-manager
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add buuypass & zerossl providers

Browse source
This commit is contained in:
Adrien Reslinger 2024-10-08 23:57:28 +02:00
parent 8b19bad103
commit a12f5ea60e
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
4 changed files with 61 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

10
templates/cert-manager-webhook-ovh-Role.yml.j2
View file

@ -1,10 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cert-manager-webhook-ovh:secret-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["ovh-api-key"]
verbs: ["get", "watch"]

10
templates/cert-manager-webhook-ovh-RoleBinding.yml.j2 → templates/cert-manager-webhook-ovh-rbac.yml.j2
View file

@ -1,5 +1,15 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cert-manager-webhook-ovh:secret-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["ovh-api-key"]
verbs: ["get", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cert-manager-webhook-ovh:secret-reader

18
templates/clusterissuer.yml.j2
View file

@ -7,21 +7,27 @@ spec:
{% if item.acme_provider is defined %}
acme:
{% if item.acme_provider == "letsencrypt" %}
email: "{{ cert_manager_acme_email }}"
email: "{{ item.email }}"
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: {{ item.name }}-account-key
{% elif item.acme_provider == "buypass"%}
email: "{{ item.email }}"
server: https://api.buypass.com/acme/directory
privateKeySecretRef:
name: {{ item.name }}-account-key
{% elif item.acme_provider == "zerossl" %}
email: "{{ item.email }}"
server: https://acme.zerossl.com/v2/DV90
externalAccountBinding:
keyID: YOUR_EAB_KID
keyID: {{ item.zerossl_eab_key_id }}
keySecretRef:
name: zero-sll-eabsecret
key: secret
keyAlgorithm: HS256
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: {{ item.name }}-prod
name: {{ item.name }}-account-key
{% endif %}
solvers:
@ -58,10 +64,12 @@ spec:
ingress:
class: traefik
{% endif %}
{% if i.domain is defined %}
{% if i.domains is defined %}
selector:
dnsZones:
- "{{ i.domain }}"
{% for j in i.domains %}
- "{{ j }}"
{% endfor %}
{% endif %}
{% endfor %}
{% else %}