---
# Self-signed issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-issuer
spec:
  selfSigned: {}

---
# Let's encrypt production issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    email: {{ .Values.email }}
    preferredChain: ""
    privateKeySecretRef:
      name: letsencrypt-production
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          {{- if .Values.ingress.ingressClassName }}
          class: "{{ .Values.ingress.ingressClassName }}"
          {{- end }}
          ingressTemplate:
            metadata:
              annotations:
                traefik.ingress.kubernetes.io/router.entrypoints: websecure
                traefik.ingress.kubernetes.io/router.tls: "true"

---
# Private CA (epinio-ca) issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: epinio-ca
spec:
  ca:
    secretName: epinio-ca-root