apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-dns01-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: gkpoubelle78@gmail.com
    privateKeySecretRef:
      name: letsencrypt-dns01-prod-key
    solvers:
    # Configuration DNS-01 pour OVH via webhook
    # IMPORTANT: Vous devez installer cert-manager-webhook-ovh avant d'utiliser cette configuration
    # Installation: helm repo add cert-manager-webhook-ovh https://cert-manager.github.io/webhook-ovh
    #              helm install cert-manager-webhook-ovh cert-manager-webhook-ovh/cert-manager-webhook-ovh -n cert-manager-ops
    - selector:
        dnsZones:
          - "dev.gkdomaine.fr"
      dns01:
        webhook:
          groupName: acme.gkdomaine.fr
          solverName: ovh
          config:
            endpoint: ovh-eu
            applicationKeyRef:
              name: ovh-credentials
              key: application-key
            applicationSecretRef:
              name: ovh-credentials
              key: application-secret
            consumerKeyRef:
              name: ovh-credentials
              key: consumer-key
    
    # Option 4 : Generic (webhook personnalisé)
    # - dns01:
    #     webhook:
    #       groupName: acme.example.com
    #       solverName: my-dns-solver
    #       config:
    #         # Configuration spécifique au webhook
    
    # Option 5 : RFC2136 (DNS dynamique standard)
    # - dns01:
    #     rfc2136:
    #       nameserver: 8.8.8.8
    #       tsigSecretSecretRef:
    #         name: rfc2136-credentials
    #         key: tsig-secret
    #       tsigKeyName: "keyname"
    #       tsigAlgorithm: HMACSHA256