97 lines
3.2 KiB
Smarty
97 lines
3.2 KiB
Smarty
{{- define "certmanager.clusterissuer.acme" -}}
|
|
{{- range .Values.clusterIssuer.ACME }}
|
|
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}}
|
|
{{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
|
{{- end -}}
|
|
{{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" -}}
|
|
{{- if not (mustHas .type $validTypes) -}}
|
|
{{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
|
|
{{- end -}}
|
|
{{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: {{ .name }}
|
|
spec:
|
|
acme:
|
|
email: {{ .email }}
|
|
server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
|
|
privateKeySecretRef:
|
|
name: {{ .name }}-acme-clusterissuer-account-key
|
|
solvers:
|
|
{{- if eq .type "HTTP01" }}
|
|
- http01:
|
|
ingress:
|
|
{{- else }}
|
|
- dns01:
|
|
{{- if eq .type "cloudflare" }}
|
|
cloudflare:
|
|
email: {{ .email }}
|
|
{{- if .cfapitoken }}
|
|
apiTokenSecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: cf-api-token
|
|
{{- else if .cfapikey }}
|
|
apiKeySecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: cf-api-key
|
|
{{- else -}}
|
|
{{- fail "A cloudflare API key or token is required" -}}
|
|
{{- end -}}
|
|
{{- else if eq .type "route53" }}
|
|
route53:
|
|
region: {{ .region }}
|
|
accessKeyID: {{ .accessKeyID }}
|
|
{{- if .role }}
|
|
role: {{ .role }}
|
|
{{- end }}
|
|
secretAccessKeySecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: route53-secret-access-key
|
|
{{- else if eq .type "akamai" }}
|
|
akamai:
|
|
serviceConsumerDomain: {{ .serviceConsumerDomain }}
|
|
clientTokenSecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: akclientToken
|
|
clientSecretSecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: akclientSecret
|
|
accessTokenSecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: akaccessToken
|
|
{{- else if eq .type "digitalocean" }}
|
|
digitalocean:
|
|
tokenSecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: doaccessToken
|
|
{{- else if eq .type "rfc2136" }}
|
|
rfc2136:
|
|
nameserver: {{ .nameserver }}
|
|
tsigKeyName: {{ .tsigKeyName }}
|
|
tsigAlgorithm: {{ .tsigAlgorithm }}
|
|
tsigSecretSecretRef:
|
|
name: {{ $issuerSecretName }}
|
|
key: rfctsigSecret
|
|
{{- end -}}
|
|
{{- end }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
namespace: cert-manager
|
|
name: {{ $issuerSecretName }}
|
|
type: Opaque
|
|
stringData:
|
|
cf-api-token: {{ .cfapitoken | default "" }}
|
|
cf-api-key: {{ .cfapikey | default "" }}
|
|
route53-secret-access-key: {{ .route53SecretAccessKey | default "" }}
|
|
akclientToken: {{ .akclientToken | default "" }}
|
|
akclientSecret: {{ .akclientSecret | default "" }}
|
|
akaccessToken: {{ .akaccessToken | default "" }}
|
|
doaccessToken: {{ .doaccessToken | default "" }}
|
|
rfctsigSecret: {{ .rfctsigSecret | default "" }}
|
|
{{- end }}
|
|
{{- end -}}
|