add wildcard

2026-01-21 00:54:28 +01:00
parent 22266b7892
commit 31018dc49c
8 changed files with 620 additions and 16 deletions
--- a/helm/certificates/ops/templates/cluster-issuer-letsencrypt-dns01.yaml
+++ b/helm/certificates/ops/templates/cluster-issuer-letsencrypt-dns01.yaml
@@ -0,0 +1,39 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dns01-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: gkpoubelle78@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-dns01-prod-key
+    solvers:
+    # Configuration DNS-01 pour OVH
+    - dns01:
+        ovh:
+          endpoint: ovh-eu  # ovh-eu pour l'Europe, ovh-us pour les USA, ovh-ca pour le Canada
+          applicationKey: "e598bb73ded17ee6"  # À remplacer par votre Application Key OVH
+          applicationSecretRef:
+            name: ovh-credentials
+            key: application-secret
+          consumerKey: "372e273858204d972dbf7c50506d12a1"  # À remplacer par votre Consumer Key OVH
+    
+    # Option 4 : Generic (webhook personnalisé)
+    # - dns01:
+    #     webhook:
+    #       groupName: acme.example.com
+    #       solverName: my-dns-solver
+    #       config:
+    #         # Configuration spécifique au webhook
+    
+    # Option 5 : RFC2136 (DNS dynamique standard)
+    # - dns01:
+    #     rfc2136:
+    #       nameserver: 8.8.8.8
+    #       tsigSecretSecretRef:
+    #         name: rfc2136-credentials
+    #         key: tsig-secret
+    #       tsigKeyName: "keyname"
+    #       tsigAlgorithm: HMACSHA256
+
--- a/helm/certificates/ops/templates/cluster-issuer-selfsigned.yaml
+++ b/helm/certificates/ops/templates/cluster-issuer-selfsigned.yaml
@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+
--- a/helm/certificates/ops/templates/longhorn/certificate-dev.yaml
+++ b/helm/certificates/ops/templates/longhorn/certificate-dev.yaml
@@ -1,13 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: longhorn-dev-tls
-  namespace: certificates-ops
-spec:
-  secretName: longhorn-dev-tls
-  issuerRef:
-    name: letsencrypt-prod
-    kind: ClusterIssuer
-  dnsNames:
-    - longhorn.dev.gkdomaine.fr
-
--- a/helm/certificates/ops/templates/wildcard/certificate-wildcard-dev.yaml
+++ b/helm/certificates/ops/templates/wildcard/certificate-wildcard-dev.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-dev-tls
+  namespace: certificates-ops
+spec:
+  secretName: wildcard-dev-tls
+  issuerRef:
+    name: letsencrypt-dns01-prod
+    kind: ClusterIssuer
+  dnsNames:
+    - "*.dev.gkdomaine.fr"
+    - dev.gkdomaine.fr  # Inclut aussi le domaine racine
+  # Note: Certificat wildcard pour tous les sous-domaines dev
+  # Nécessite DNS-01 challenge (le domaine doit être résolvable publiquement)
+