letsencrypt renewal sketch

 kubectl delete secret $OBJECTNAME

kubectl delete certificate $CERTNAME_USEFQDN 

kubectl delete clusterissuer $NAMECLUSTERISSUER


$SVC_CLUSTERIP

$EMAIL

---

apiVersion: cert-manager.io/v1

kind: ClusterIssuer

metadata:

  name: $NAMECLUSTERISSUER

spec:

  acme:

    # You must replace this email address with your own.

    # Let's Encrypt will use this to contact you about expiring

    # certificates, and issues related to your account.

    email: $EMAIL

    server: https://acme-v02.api.letsencrypt.org/directory

    privateKeySecretRef:

      # Secret resource that will be used to store the account's private key.

      name: $NAMECLUSTERISSUER

    # Add a single challenge solver, HTTP01 using nginx

    solvers:

    - http01:

        ingress:

          class: nginx

---

apiVersion: cert-manager.io/v1

kind: Certificate

metadata:

  name: $CERTNAME_USEFQDN 

spec:

  secretName: $CERTNAME_USEFQDN.prod

  issuerRef:

    name: prod

    kind: ClusterIssuer

  commonName: $CERTNAME_USEFQDN 

  dnsNames:

  - $CERTNAME_USEFQDN 

---


apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  annotations:

    cert-manager.io/cluster-issuer: prod

    kubernetes.io/ingress.class: nginx

    nginx.ingress.kubernetes.io/ssl-redirect: "false"

  generation: 2

  name: nginx-ingress

spec:

  rules:

  - host: $CERTNAME_USEFQDN 

    http:

      paths:

      - backend:

          service:

            name: $SVC_CLUSTERIP

            port:

              number: 80

        path: /

        pathType: Prefix

  tls:

  - hosts:

    - $CERTNAME_USEFQDN

    secretName: $CERTNAME_USEFQDN.prod


Commenti

Post popolari in questo blog

Teams Incoming Webhook deprecated: Use PowerAutomate - Workflow

Mysql operator S3 innodbcluster backup SECRET CONFIG

Fedora - KVM - qemu - Windows 11 guest. error: swtpm at /usr/bin/swtpm does not support TPM 2