Trying ZeroSSL

This commit is contained in:
Joseph Hanson 2024-04-03 16:11:13 -05:00
parent 697a901288
commit 7498c9558c
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
2 changed files with 29 additions and 10 deletions

View file

@ -3,17 +3,30 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: dnsimple-api-token
name: zerossl-secret
namespace: cert-manager
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: dnsimple-api-token
name: zerossl-secret
creationPolicy: Owner
data:
- secretKey: api-token
remoteRef:
template:
engineVersion: v2
data:
api-token: "{{ .cert_manager_api_token }}"
eab-hmac-key: "{{ .zerossl_eab_hmac_key }}"
dataFrom:
- extract:
key: DNSimple
property: cert_manager_api_token
rewrite:
- regexp:
source: "(.*)"
target: "dnsimple_$1"
- extract:
key: ZeroSSL
rewrite:
- regexp:
source: "(.*)"
target: "zerossl_$1"

View file

@ -3,14 +3,20 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-dnsimple-prod-jahanson-tech
name: issuer-zerossl-prod
spec:
acme:
server: https://acme.zerossl.com/v2/DV90
email: "joe@veri.dev"
preferredChain: ""
privateKeySecretRef:
name: letsencrypt-dnsimple-production
server: https://acme-v02.api.letsencrypt.org/directory
name: zerossl-production
externalAccountBinding:
keyID: feJODDijN9gypthMXaHtVA
keySecretRef:
name: zerossl-secret
key: eab-hmac-key
keyAlgorithm: HS256
solvers:
- dns01:
webhook:
@ -18,7 +24,7 @@ spec:
solverName: dnsimple
config:
apiKeySecretRef:
name: dnsimple-api-token
name: zerossl-secret
key: api-token
selector:
dnsZones: