aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/namespaces/cert-manager
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/namespaces/cert-manager')
-rw-r--r--kubernetes/namespaces/cert-manager/cert-manager/README.md13
-rw-r--r--kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml12
-rw-r--r--kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-prod.yaml18
-rw-r--r--kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-staging.yaml18
-rw-r--r--kubernetes/namespaces/cert-manager/cert-manager/values.yaml1
5 files changed, 62 insertions, 0 deletions
diff --git a/kubernetes/namespaces/cert-manager/cert-manager/README.md b/kubernetes/namespaces/cert-manager/cert-manager/README.md
new file mode 100644
index 0000000..a7389e6
--- /dev/null
+++ b/kubernetes/namespaces/cert-manager/cert-manager/README.md
@@ -0,0 +1,13 @@
+# cert-manager
+
+X.509 certificate management for Kubernetes.
+
+> cert-manager builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide to developers 'certificates as a service' in your Kubernetes cluster.
+
+We install cert-mamnanger through [Helm using this guide](https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm).
+
+## Directories
+
+`issuers`: Contains configured issuers, right now only letsencrypt production & staging.
+
+`certificates`: Contains TLS certificates that should be provisioned and where they should be stored.
diff --git a/kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml b/kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml
new file mode 100644
index 0000000..94bd7dc
--- /dev/null
+++ b/kubernetes/namespaces/cert-manager/cert-manager/certificates/pythondiscord.com.yaml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: pythondiscord-com
+spec:
+ secretName: pythondiscord.com-tls
+ dnsNames:
+ - pythondiscord.com
+ - '*.pythondiscord.com'
+ issuerRef:
+ name: letsencrypt
+ kind: ClusterIssuer
diff --git a/kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-prod.yaml b/kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-prod.yaml
new file mode 100644
index 0000000..4321377
--- /dev/null
+++ b/kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-prod.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt
+ namespace: cert-manager
+spec:
+ acme:
+ email: [email protected]
+ server: https://acme-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ name: letsencrypt-account-key
+ solvers:
+ - dns01:
+ cloudflare:
+ email: [email protected]
+ apiTokenSecretRef:
+ name: cloudflare-credentials
+ key: cloudflare-api-key
diff --git a/kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-staging.yaml b/kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-staging.yaml
new file mode 100644
index 0000000..e9fdfc7
--- /dev/null
+++ b/kubernetes/namespaces/cert-manager/cert-manager/issuers/letsencrypt-staging.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-staging
+ namespace: cert-manager
+spec:
+ acme:
+ email: [email protected]
+ server: https://acme-staging-v02.api.letsencrypt.org/directory
+ privateKeySecretRef:
+ name: letsencrypt-staging-account-key
+ solvers:
+ - dns01:
+ cloudflare:
+ email: [email protected]
+ apiTokenSecretRef:
+ name: cloudflare-credentials
+ key: cloudflare-api-key
diff --git a/kubernetes/namespaces/cert-manager/cert-manager/values.yaml b/kubernetes/namespaces/cert-manager/cert-manager/values.yaml
new file mode 100644
index 0000000..1b4551c
--- /dev/null
+++ b/kubernetes/namespaces/cert-manager/cert-manager/values.yaml
@@ -0,0 +1 @@
+installCRDs: true
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-21 00:42:29 +0000