---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: "{{ cert_manager_acme_email }}"
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod-account-key

    solvers:
{% for i in cert_manager_issuer %}
    - selector:
        dnsZones:
          - "{{ i.domain }}"
      {{ i.solver }}:
{% if i.solver == "dns01" %}
{% if i.provider == "cloudflare" %}
        cloudflare:
          email: "{{ i.email }}"
          apiKeySecretRef:
            name: cloudflare-api-key
            key: api-key
{% elif i.provider == "route53" %}
        route53:
            region: us-west-3
            hostedZoneID: {{ route53_hostzoneid_exemplecom }}
            accessKeyID: {{ route53_access_key }}
            secretAccessKeySecretRef:
              name: route53-api-key
              key: secret-access-key
{% elif i.provider == "ovh" %}
        webhook:
          groupName: '{{ i.consumerKey }}'
          solverName: ovh
          config:
            endpoint: ovh-eu
            applicationKey: '{{ i.applicationKey }}'
            applicationSecretRef:
              name: ovh-api-key
              key: applicationSecret
            consumerKey: '{{ i.consumerKey }}'
{% endif %}
{% elif i.solver == "http01" %}
        ingress:
          class: traefik
{% endif %}
{% endfor %}