--- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: {{ item.name }} spec: {% if item.acme_provider is defined %} acme: {% if item.acme_provider == "letsencrypt" %} email: "{{ item.email }}" server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: {{ item.name }}-account-key {% elif item.acme_provider == "buypass"%} email: "{{ item.email }}" server: https://api.buypass.com/acme/directory privateKeySecretRef: name: {{ item.name }}-account-key {% elif item.acme_provider == "zerossl" %} email: "{{ item.email }}" server: https://acme.zerossl.com/v2/DV90 externalAccountBinding: keyID: {{ item.zerossl_eab_key_id }} keySecretRef: name: zero-sll-eabsecret key: secret keyAlgorithm: HS256 # Name of a secret used to store the ACME account private key privateKeySecretRef: name: {{ item.name }}-account-key {% endif %} solvers: {% for i in item.solvers %} - {{ i.solver }}: {% if i.solver == "dns01" %} {% if i.dns_provider == "cloudflare" %} cloudflare: email: "{{ i.cloudflare_email }}" apiKeySecretRef: name: cloudflare-api-key key: api-key {% elif i.dns_provider == "route53" %} route53: region: us-west-3 hostedZoneID: {{ route53_hostzoneid_exemplecom }} accessKeyID: {{ route53_access_key }} secretAccessKeySecretRef: name: route53-api-key key: secret-access-key {% elif i.dns_provider == "ovh" %} webhook: groupName: '{{ i.consumerKey }}' solverName: ovh config: endpoint: ovh-eu applicationKey: '{{ i.applicationKey }}' applicationSecretRef: name: ovh-api-key key: applicationSecret consumerKey: '{{ i.consumerKey }}' {% endif %} {% elif i.solver == "http01" %} ingress: class: traefik {% endif %} {% if i.domains is defined %} selector: dnsZones: {% for j in i.domains %} - "{{ j }}" {% endfor %} {% endif %} {% endfor %} {% else %} selfSigned: {} {% endif %}