dns-01 cluster issuer

2021-05-08 12:11:52 +02:00 · 2021-05-08 12:11:52 +02:00 · a627c83904
commit a627c83904
parent bcd9281213
1 changed files with 34 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -327,6 +327,40 @@ spec:
    - http01:
        ingress:
          class: nginx
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tsig-dyn-update-secret
+  namespace: cert-manager
+type: Opaque
+data:
+  key: BASE64 encoded of BASE64 encoded (double-base64) TSIG-key
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dns01-issuer
+spec:
+  acme:
+    email: user@example.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-dns01-account-key
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers: 
+    - dns01:
+        rfc2136:
+          nameserver: ip_address_of_your_authoritative_nameserver:nameserver_port
+          tsigKeyName: name_of_tsig_key_in_your_authoritative_nameserver
+          tsigAlgorithm: HMACSHA512
+          tsigSecretSecretRef:
+            name: tsig-dyn-update-secret
+            key: key
+      selector:
+        dnsZones:
+        - 'int.example.org' 
 ```
 `kubectl apply -f lets-encrypt-cluster-issuers.yaml`