33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
{{- if .Values.tenant.domain }}
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-prod
|
|
labels:
|
|
app.kubernetes.io/managed-by: cluster-platform-v3
|
|
annotations:
|
|
# Argo applies resources in ascending sync-wave order. cert-manager
|
|
# subchart resources land in the default wave (0); we push CR
|
|
# consumers to wave 5 so the CRDs (Certificate, ClusterIssuer) the
|
|
# cert-manager Helm subchart installs are present by the time
|
|
# Argo apply hits these. Without this, Argo discovery fails on
|
|
# the first sync with "no matches for kind" because Argo applies
|
|
# the bundle in one pass and CRD discovery is cached.
|
|
argocd.argoproj.io/sync-wave: "5"
|
|
spec:
|
|
acme:
|
|
email: {{ required "acme.email is required" .Values.acme.email | quote }}
|
|
server: {{ .Values.acme.server | quote }}
|
|
privateKeySecretRef:
|
|
name: letsencrypt-prod-account-key
|
|
solvers:
|
|
- dns01:
|
|
cloudflare:
|
|
apiTokenSecretRef:
|
|
name: {{ .Values.secrets.cloudflareTokenSecret.name | quote }}
|
|
key: {{ .Values.secrets.cloudflareTokenSecret.key | quote }}
|
|
selector:
|
|
dnsZones:
|
|
- {{ .Values.tenant.domain | quote }}
|
|
{{- end }}
|