37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-dns01-prod
|
|
spec:
|
|
acme:
|
|
# Serveur Let's Encrypt production
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
# Email pour les notifications Let's Encrypt
|
|
email: gkpoubelle78@gmail.com
|
|
# Secret pour stocker la clé privée de l'account ACME
|
|
privateKeySecretRef:
|
|
name: letsencrypt-dns01-prod
|
|
# Challenge DNS-01 pour les certificats wildcard (sites internes)
|
|
solvers:
|
|
- dns01:
|
|
webhook:
|
|
groupName: acme.gkdomaine.fr
|
|
solverName: ovh
|
|
config:
|
|
# Les credentials OVH sont dans le secret ovh-credentials
|
|
# Voir helm/certificates/ops/templates/secret-ovh-credentials.yaml
|
|
applicationKey: "1d1a85ccc3a5bcc9"
|
|
applicationSecretRef:
|
|
name: ovh-credentials
|
|
key: application-secret
|
|
consumerKeyRef:
|
|
name: ovh-credentials
|
|
key: consumer-key
|
|
# Ce solver s'applique uniquement aux domaines internes
|
|
selector:
|
|
dnsZones:
|
|
- "dev.gkdomaine.fr"
|
|
- "rct.gkdomaine.fr"
|
|
- "prd.gkdomaine.fr"
|
|
|