Part 8 and 9 documented (even tho part 9 was just a link to the repo used ... )

2023-10-20 20:30:53 +02:00 · 2023-10-20 20:30:53 +02:00 · 57a8288769
commit 57a8288769
parent efcb916c9f
2 changed files with 54 additions and 0 deletions
--- a/Migrations/Forget_Traefik_2023/P8_Fihome_Cert/Issuer.yaml
+++ b/Migrations/Forget_Traefik_2023/P8_Fihome_Cert/Issuer.yaml
@ -0,0 +1,45 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-fihome
+  namespace: istio-system
+spec:
+  acme:
+    # ACME Server
+#    prod : https://acme-v02.api.letsencrypt.org/directory
+#    staging : https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # ACME Email address
+    email: <redacted>
+    privateKeySecretRef:
+      name: letsencrypt-fihome # staging or production
+    solvers:
+      - selector:
+          dnsNames:
+            - '*.fihome.xyz'
+        dns01:
+          webhook:
+            config:
+              apiKeySecretRef:
+                name: fihome-godaddy-api-key
+                key: key
+                secret: secret
+              production: true
+              ttl: 600
+            groupName: acme.fihome.xyz
+            solverName: godaddy
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: fihome-domain-cert-public
+  namespace: istio-system
+spec:
+  secretName: fihome-domain-cert-public
+  duration: 720h # 30d
+  renewBefore: 168h # 1d
+  dnsNames:
+    - '*.fihome.xyz'
+  issuerRef:
+    name: letsencrypt-fihome
+    kind: ClusterIssuer
--- a/Migrations/Forget_Traefik_2023/P8_Fihome_Cert/Secret.yaml
+++ b/Migrations/Forget_Traefik_2023/P8_Fihome_Cert/Secret.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: fihome-godaddy-api-key
+  namespace: cert-manager
+type: Opaque
+data:
+  key: <redacted>
+  secret: <redacted>