diff --git a/infrastructure/07-certmanager/additional-roles.yaml b/infrastructure/07-certmanager/additional-roles.yaml new file mode 100644 index 0000000..0158884 --- /dev/null +++ b/infrastructure/07-certmanager/additional-roles.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dns-challenge-illium +rules: +- apiGroups: ["acme.steffenillium.de"] # "" indicates the core API group + resources: ["ionos"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dns-challenge-illium-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dns-challenge-illium +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: cert-manager \ No newline at end of file diff --git a/infrastructure/07-certmanager/dns-issuer.yaml b/infrastructure/07-certmanager/dns-issuer.yaml index b363191..ce45725 100644 --- a/infrastructure/07-certmanager/dns-issuer.yaml +++ b/infrastructure/07-certmanager/dns-issuer.yaml @@ -33,7 +33,7 @@ metadata: spec: acme: # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/ + server: https://acme-v02.api.letsencrypt.org/directory # Email address used for ACME registration email: steffen.illium@gmail.com # Name of a secret used to store the ACME account private key @@ -43,7 +43,7 @@ spec: solvers: - dns01: webhook: - # groupName: acme.fabmade.de + groupName: acme. solverName: ionos config: apiUrl: https://api.hosting.ionos.com/dns/v1 diff --git a/infrastructure/07-certmanager/kustomization.yaml b/infrastructure/07-certmanager/kustomization.yaml index fa6d5d2..76efaa3 100644 --- a/infrastructure/07-certmanager/kustomization.yaml +++ b/infrastructure/07-certmanager/kustomization.yaml @@ -7,6 +7,7 @@ resources: - wildcard-cert.yaml - dns-issuer.yaml - ionos-secret-sealed.yaml + - additional-roles.yaml - https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml - namespace.yaml