cert-manager init II

infrastructure/03-traefik/shared/base/traefik-tlsstore.yaml

@@ -5,10 +5,13 @@ metadata:
   namespace: default
 
 spec:
+  secretName: letsencrypt-ionos-key
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-prod
   defaultGeneratedCert:
     resolver: default
     domain:
       main: steffenillium.de
       sans:
         - '*.steffenillium.de'
-  

infrastructure/07-cert-manager/dns-issuer.yaml.yaml

@@ -0,0 +1,55 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: steffen.illium@gmail.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-ionos-staging-key
+    # Enable the dns01 challenge provider
+    solvers:
+      - dns01:
+          webhook:
+            groupName: acme.steffenillium.de
+            solverName: ionos
+            config:
+              apiUrl: https://api.hosting.ionos.com/dns/v1
+              publicKeySecretRef:
+                key: PREFIX 
+                name: ionos-secret
+              secretKeySecretRef:
+                key: SECRET
+                name: ionos-secret
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/
+    # Email address used for ACME registration
+    email: steffen.illium@gmail.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-ionos-key
+    # Enable the dns01 challenge provider
+    solvers:
+      - dns01:
+          webhook:
+            groupName: acme.steffenillium.de
+            solverName: ionos
+            config:
+              apiUrl: https://api.hosting.ionos.com/dns/v1
+              publicKeySecretRef:
+                key: PREFIX 
+                name: ionos-secret
+              secretKeySecretRef:
+                key: SECRET
+                name: ionos-secret

infrastructure/07-cert-manager/kustomization.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: cert-manager
+
+resources:
+  - dns-issuer.yaml
+  - ionos-secret-sealed.yaml
+
+helmCharts:
+- name: cert-manager
+  includeCRDs: true
+  version: 1.14.4
+  releaseName: "cert-manager"
+  repo: https://charts.jetstack.io
+  # valuesFile: values.yaml