Add aws config to cert-manager

This commit is contained in:
Amarpreet Minhas 2022-07-02 17:37:54 -04:00
parent 50a4ea9c28
commit 6a593a6ac7
3 changed files with 56 additions and 1 deletions

View file

@ -61,6 +61,10 @@ spec:
remoteRef: remoteRef:
key: acme key: acme
property: private_key property: private_key
- secretKey: private_key_rsa
remoteRef:
key: acme
property: private_key_rsa
... ...
--- ---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
@ -82,3 +86,27 @@ spec:
key: namecheap key: namecheap
property: api_user property: api_user
... ...
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: aws-credentials
namespace: cert-manager
spec:
secretStoreRef:
name: cert-manager
kind: SecretStore
data:
- secretKey: accessKeyID
remoteRef:
key: aws
property: access_key
- secretKey: hostedZoneID
remoteRef:
key: aws
property: hosted_zone_id
- secretKey: secretAccessKey
remoteRef:
key: aws
property: secret_key
...

View file

@ -48,4 +48,4 @@ helm upgrade --install \
--cleanup-on-fail --cleanup-on-fail
popd popd
kubectl apply -f vault-issuer.yaml kubectl apply -f issuers.yaml

View file

@ -16,3 +16,30 @@ spec:
secretRef: secretRef:
name: cert-manager-vault-approle name: cert-manager-vault-approle
key: secretId key: secretId
...
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: route53-issuer
namespace: cert-manager
spec:
acme:
email: amarpreet@minhas.io
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cert-manager
key: private_key_rsa
solvers:
- selector:
dnsZones:
- "sudoscientist.com"
dns01:
route53:
region: us-east-1
hostedZoneID: ZF270LM26E53A
accessKeyID: AKIAIFCFRUFAI6PNNJNQ
secretAccessKeySecretRef:
name: aws-credentials
key: secretAccessKey
...