Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: New resources for ClusterIssuer, Issuer, Certificate #45

Open
insekticid opened this issue Aug 16, 2018 · 1 comment
Open

Feature Request: New resources for ClusterIssuer, Issuer, Certificate #45

insekticid opened this issue Aug 16, 2018 · 1 comment
Labels
enhancement

Comments

@insekticid
Copy link

insekticid commented Aug 16, 2018
edited
Loading

New resources for ClusterIssuer, Issuer, Certificate

https://cert-manager.readthedocs.io/en/latest/reference/clusterissuers.html

---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: "[email protected]"
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    http01: {}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    # The ACME production api URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: [email protected]
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-production
    # Enable the HTTP-01 challenge provider
    http01: {}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: example-com
  namespace: cattle-system
spec:
  secretName: example-com
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-staging
  commonName: example.com
  dnsNames:
  - example.com
  acme:
    config:
    - http01:
        ingressClass: nginx
      domains:
      - example.com
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  namespace: cattle-system
  name: cattle-ingress-http
  annotations:
    kubernetes.io/tls-acme: "true"
    certmanager.k8s.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "30"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"   # Max time in seconds for ws to remain shell window open
    nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"   # Max time in seconds for ws to remain shell window open
#    nginx.ingress.kubernetes.io/ssl-passthrough: "true"      # Enable ssl-passthrough to backend.
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: cattle-service
          servicePort: 80
  tls:
  - secretName: example-com
    hosts:
    - example.com

Edit:
solution via raw kubernetes_manifest resource https://github.com/ericchiang/terraform-provider-k8s
@insekticid insekticid changed the title Feature Request: New resources for ClusterIssuer, Certificate Feature Request: New resources for ClusterIssuer, Issuer, Certificate Aug 16, 2018
@sl1pm4t
Copy link
Owner

sl1pm4t commented Aug 29, 2018

Hi @insekticid - when I get some spare cycles to work on the provider I'll try slip this in.
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@insekticid @sl1pm4t