Add aws config to cert-manager

003-cert-manager/external-secrets.yaml

@@ -61,6 +61,10 @@ spec:
     remoteRef:
       key: acme
       property: private_key
+  - secretKey: private_key_rsa
+    remoteRef:
+      key: acme
+      property: private_key_rsa
 ...
 ---
 apiVersion: external-secrets.io/v1beta1
@@ -82,3 +86,27 @@ spec:
       key: namecheap
       property: api_user
 ...
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: aws-credentials
+  namespace: cert-manager
+spec:
+  secretStoreRef:
+    name: cert-manager
+    kind: SecretStore
+  data:
+  - secretKey: accessKeyID
+    remoteRef:
+      key: aws
+      property: access_key
+  - secretKey: hostedZoneID
+    remoteRef:
+      key: aws
+      property: hosted_zone_id
+  - secretKey: secretAccessKey
+    remoteRef:
+      key: aws
+      property: secret_key
+...

003-cert-manager/install.sh

@@ -48,4 +48,4 @@ helm upgrade --install \
 	--cleanup-on-fail
 popd
 
-kubectl apply -f vault-issuer.yaml
+kubectl apply -f issuers.yaml

003-cert-manager/issuers.yaml

@@ -16,3 +16,30 @@ spec:
         secretRef:
           name: cert-manager-vault-approle
           key: secretId
+...
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: route53-issuer
+  namespace: cert-manager
+spec:
+  acme:
+    email: amarpreet@minhas.io
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cert-manager
+      key: private_key_rsa
+    solvers:
+    - selector:
+        dnsZones:
+          - "sudoscientist.com"
+      dns01:
+        route53:
+          region: us-east-1
+          hostedZoneID: ZF270LM26E53A
+          accessKeyID: AKIAIFCFRUFAI6PNNJNQ
+          secretAccessKeySecretRef:
+            name: aws-credentials
+            key: secretAccessKey
+...