69 lines
1.9 KiB
Django/Jinja
69 lines
1.9 KiB
Django/Jinja
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: {{ item.name }}
|
|
spec:
|
|
{% if item.acme_provider is defined %}
|
|
acme:
|
|
{% if item.acme_provider == "letsencrypt" %}
|
|
email: "{{ cert_manager_acme_email }}"
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
privateKeySecretRef:
|
|
name: {{ item.name }}-account-key
|
|
{% elif item.acme_provider == "zerossl" %}
|
|
server: https://acme.zerossl.com/v2/DV90
|
|
externalAccountBinding:
|
|
keyID: YOUR_EAB_KID
|
|
keySecretRef:
|
|
name: zero-sll-eabsecret
|
|
key: secret
|
|
keyAlgorithm: HS256
|
|
# Name of a secret used to store the ACME account private key
|
|
privateKeySecretRef:
|
|
name: {{ item.name }}-prod
|
|
{% endif %}
|
|
|
|
solvers:
|
|
{% for i in item.solvers %}
|
|
- {{ i.solver }}:
|
|
{% if i.solver == "dns01" %}
|
|
{% if i.dns_provider == "cloudflare" %}
|
|
cloudflare:
|
|
email: "{{ i.cloudflare_email }}"
|
|
apiKeySecretRef:
|
|
name: cloudflare-api-key
|
|
key: api-key
|
|
{% elif i.dns_provider == "route53" %}
|
|
route53:
|
|
region: us-west-3
|
|
hostedZoneID: {{ route53_hostzoneid_exemplecom }}
|
|
accessKeyID: {{ route53_access_key }}
|
|
secretAccessKeySecretRef:
|
|
name: route53-api-key
|
|
key: secret-access-key
|
|
{% elif i.dns_provider == "ovh" %}
|
|
webhook:
|
|
groupName: '{{ i.consumerKey }}'
|
|
solverName: ovh
|
|
config:
|
|
endpoint: ovh-eu
|
|
applicationKey: '{{ i.applicationKey }}'
|
|
applicationSecretRef:
|
|
name: ovh-api-key
|
|
key: applicationSecret
|
|
consumerKey: '{{ i.consumerKey }}'
|
|
{% endif %}
|
|
{% elif i.solver == "http01" %}
|
|
ingress:
|
|
class: traefik
|
|
{% endif %}
|
|
{% if i.domain is defined %}
|
|
selector:
|
|
dnsZones:
|
|
- "{{ i.domain }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% else %}
|
|
selfSigned: {}
|
|
{% endif %}
|