From 6a593a6ac770125d76a6219295bfad0242f27be3 Mon Sep 17 00:00:00 2001 From: Asara Date: Sat, 2 Jul 2022 17:37:54 -0400 Subject: [PATCH] Add aws config to cert-manager --- 003-cert-manager/external-secrets.yaml | 28 +++++++++++++++++++ 003-cert-manager/install.sh | 2 +- .../{vault-issuer.yaml => issuers.yaml} | 27 ++++++++++++++++++ 3 files changed, 56 insertions(+), 1 deletion(-) rename 003-cert-manager/{vault-issuer.yaml => issuers.yaml} (85%) diff --git a/003-cert-manager/external-secrets.yaml b/003-cert-manager/external-secrets.yaml index 934dbbd..325b741 100644 --- a/003-cert-manager/external-secrets.yaml +++ b/003-cert-manager/external-secrets.yaml @@ -61,6 +61,10 @@ spec: remoteRef: key: acme property: private_key + - secretKey: private_key_rsa + remoteRef: + key: acme + property: private_key_rsa ... --- apiVersion: external-secrets.io/v1beta1 @@ -82,3 +86,27 @@ spec: key: namecheap property: api_user ... +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: aws-credentials + namespace: cert-manager +spec: + secretStoreRef: + name: cert-manager + kind: SecretStore + data: + - secretKey: accessKeyID + remoteRef: + key: aws + property: access_key + - secretKey: hostedZoneID + remoteRef: + key: aws + property: hosted_zone_id + - secretKey: secretAccessKey + remoteRef: + key: aws + property: secret_key +... diff --git a/003-cert-manager/install.sh b/003-cert-manager/install.sh index 82856e2..59b51ed 100755 --- a/003-cert-manager/install.sh +++ b/003-cert-manager/install.sh @@ -48,4 +48,4 @@ helm upgrade --install \ --cleanup-on-fail popd -kubectl apply -f vault-issuer.yaml +kubectl apply -f issuers.yaml diff --git a/003-cert-manager/vault-issuer.yaml b/003-cert-manager/issuers.yaml similarity index 85% rename from 003-cert-manager/vault-issuer.yaml rename to 003-cert-manager/issuers.yaml index 53f8654..ed3b817 100644 --- a/003-cert-manager/vault-issuer.yaml +++ b/003-cert-manager/issuers.yaml @@ -16,3 +16,30 @@ spec: secretRef: name: cert-manager-vault-approle key: secretId +... +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: route53-issuer + namespace: cert-manager +spec: + acme: + email: amarpreet@minhas.io + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: cert-manager + key: private_key_rsa + solvers: + - selector: + dnsZones: + - "sudoscientist.com" + dns01: + route53: + region: us-east-1 + hostedZoneID: ZF270LM26E53A + accessKeyID: AKIAIFCFRUFAI6PNNJNQ + secretAccessKeySecretRef: + name: aws-credentials + key: secretAccessKey +...