Difference between revisions of "Kubectl apply -f ./certbot-issuers.yaml"

kubectl apply -f ./certbot-issuers.yaml
clusterissuer.cert-manager.io/letsencrypt-staging created
clusterissuer.cert-manager.io/letsencrypt-prod configured
clusterissuer.cert-manager.io/letsencrypt-clouddns-staging created
clusterissuer.cert-manager.io/letsencrypt-clouddns-prod created

Certbot-issuers.yaml[edit]

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: your_emaill@your_company.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

---

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: your_emaill@your_company.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

---

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-clouddns-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: your_emaill@your_company.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
    - dns01:
        cloudDNS:
          project: your-project
          serviceAccountSecretRef:
            name: clouddns-dns01-solver-svc-acct
            key: clouddns-sa-key.json

---

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-clouddns-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: your_emaill@your_company.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - dns01:
        cloudDNS:
          project: your-project
          serviceAccountSecretRef:
            name: clouddns-dns01-solver-svc-acct
            key: clouddns-sa-key.json

Related[edit]

• kind: ClusterIssuer

See also[edit]

• kind: ClusterIssuer
• cert-manager, cert-manager-controller, ingress-shim, kind: Certificate, kind: ClusterIssuer, Kind: CertificateSigningRequest, kind: Issuer, kubectl [ get | describe ] certificates, cmctl, kubectl get issuer, kubectl get csr, IngressShim