Trying ZeroSSL

This commit is contained in:
Joseph Hanson 2024-04-03 16:11:13 -05:00
parent 697a901288
commit 7498c9558c
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
2 changed files with 29 additions and 10 deletions

View file

@ -3,17 +3,30 @@
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dnsimple-api-token name: zerossl-secret
namespace: cert-manager namespace: cert-manager
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: onepassword-connect name: onepassword-connect
target: target:
name: dnsimple-api-token name: zerossl-secret
creationPolicy: Owner creationPolicy: Owner
data: template:
- secretKey: api-token engineVersion: v2
remoteRef: data:
api-token: "{{ .cert_manager_api_token }}"
eab-hmac-key: "{{ .zerossl_eab_hmac_key }}"
dataFrom:
- extract:
key: DNSimple key: DNSimple
property: cert_manager_api_token rewrite:
- regexp:
source: "(.*)"
target: "dnsimple_$1"
- extract:
key: ZeroSSL
rewrite:
- regexp:
source: "(.*)"
target: "zerossl_$1"

View file

@ -3,14 +3,20 @@
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-dnsimple-prod-jahanson-tech name: issuer-zerossl-prod
spec: spec:
acme: acme:
server: https://acme.zerossl.com/v2/DV90
email: "joe@veri.dev" email: "joe@veri.dev"
preferredChain: "" preferredChain: ""
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-dnsimple-production name: zerossl-production
server: https://acme-v02.api.letsencrypt.org/directory externalAccountBinding:
keyID: feJODDijN9gypthMXaHtVA
keySecretRef:
name: zerossl-secret
key: eab-hmac-key
keyAlgorithm: HS256
solvers: solvers:
- dns01: - dns01:
webhook: webhook:
@ -18,7 +24,7 @@ spec:
solverName: dnsimple solverName: dnsimple
config: config:
apiKeySecretRef: apiKeySecretRef:
name: dnsimple-api-token name: zerossl-secret
key: api-token key: api-token
selector: selector:
dnsZones: dnsZones: