aboutsummaryrefslogtreecommitdiff
path: root/roles/ca/files
diff options
context:
space:
mode:
Diffstat (limited to 'roles/ca/files')
-rw-r--r--roles/ca/files/ca.yaml32
-rw-r--r--roles/ca/files/lets-encrypt-dev.yaml18
-rw-r--r--roles/ca/files/lets-encrypt-prod.yaml18
3 files changed, 68 insertions, 0 deletions
diff --git a/roles/ca/files/ca.yaml b/roles/ca/files/ca.yaml
new file mode 100644
index 0000000..a77b415
--- /dev/null
+++ b/roles/ca/files/ca.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: selfsigned-issuer
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: selfsigned-ca
+ namespace: cert-manager
+spec:
+ isCA: true
+ commonName: selfsigned-ca
+ secretName: root-secret
+ privateKey:
+ algorithm: ECDSA
+ size: 256
+ issuerRef:
+ name: selfsigned-issuer
+ kind: ClusterIssuer
+ group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: ca-issuer
+spec:
+ ca:
+ secretName: root-secret
diff --git a/roles/ca/files/lets-encrypt-dev.yaml b/roles/ca/files/lets-encrypt-dev.yaml
new file mode 100644
index 0000000..e84120d
--- /dev/null
+++ b/roles/ca/files/lets-encrypt-dev.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-staging
+spec:
+ acme:
+ # The ACME server URL
+ server: https://acme-staging-v02.api.letsencrypt.org/directory
+ # Email address used for ACME registration
+ email: [email protected]
+ # Name of a secret used to store the ACME account private key
+ privateKeySecretRef:
+ name: letsencrypt-staging
+ # Enable the HTTP-01 challenge provider
+ solvers:
+ - http01:
+ ingress:
+ ingressClassName: traefik
diff --git a/roles/ca/files/lets-encrypt-prod.yaml b/roles/ca/files/lets-encrypt-prod.yaml
new file mode 100644
index 0000000..fb9b541
--- /dev/null
+++ b/roles/ca/files/lets-encrypt-prod.yaml
@@ -0,0 +1,18 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+ name: letsencrypt-prod
+spec:
+ acme:
+ # The ACME server URL
+ server: https://acme-v02.api.letsencrypt.org/directory
+ # Email address used for ACME registration
+ email: [email protected]
+ # Name of a secret used to store the ACME account private key
+ privateKeySecretRef:
+ name: letsencrypt-prod
+ # Enable the HTTP-01 challenge provider
+ solvers:
+ - http01:
+ ingress:
+ ingressClassName: traefik
generated by cgit (git 2.34.1) at 2025-09-07 12:59:29 +0000