mirror of https://git.rancher.io/charts
45 lines
1.0 KiB
YAML
45 lines
1.0 KiB
YAML
|
---
|
||
|
|
# Self-signed issuer
|
||
|
|
apiVersion: cert-manager.io/v1
|
||
|
|
kind: ClusterIssuer
|
||
|
|
metadata:
|
||
|
|
name: selfsigned-issuer
|
||
|
|
spec:
|
||
|
|
selfSigned: {}
|
||
|
|
|
||
|
|
---
|
||
|
|
# Let's encrypt production issuer
|
||
|
|
apiVersion: cert-manager.io/v1
|
||
|
|
kind: ClusterIssuer
|
||
|
|
metadata:
|
||
|
|
name: letsencrypt-production
|
||
|
|
spec:
|
||
|
|
acme:
|
||
|
|
email: {{ .Values.global.tlsIssuerEmail | default .Values.email | quote }}
|
||
|
|
preferredChain: ""
|
||
|
|
privateKeySecretRef:
|
||
|
|
name: letsencrypt-production
|
||
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||
|
|
solvers:
|
||
|
|
- http01:
|
||
|
|
ingress:
|
||
|
|
{{- if .Values.ingress.ingressClassName }}
|
||
|
|
class: "{{ .Values.ingress.ingressClassName }}"
|
||
|
|
{{- end }}
|
||
|
|
ingressTemplate:
|
||
|
|
metadata:
|
||
|
|
annotations:
|
||
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||
|
|
|
||
|
|
---
|
||
|
|
# Private CA (epinio-ca) issuer
|
||
|
|
apiVersion: cert-manager.io/v1
|
||
|
|
kind: ClusterIssuer
|
||
|
|
metadata:
|
||
|
|
name: epinio-ca
|
||
|
|
spec:
|
||
|
|
ca:
|
||
|
|
secretName: epinio-ca-root
|
||
|
|
|