Certificate Issuer CRD

giuliohome · giuliohome · commit c06e01cb4632 · 2024-08-30T09:12:01.000Z
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -50,6 +50,9 @@ jobs:
     - name: Update deployment file
       run: TAG=$(echo $GITHUB_SHA | head -c7) && sed -i 's|<IMAGE>|${{ secrets.REGISTRY_NAME }}/golang-web:'${TAG}'|' $GITHUB_WORKSPACE/deployment.yml
 
+    - name: Update certificate email in issuer CRD
+      run: sed -i 's|<CERTIFICATE_EMAIL>|${{ secrets.CERTIFICATE_EMAIL }}|' $GITHUB_WORKSPACE/deployment.yml
+
     - name: Save DigitalOcean kubeconfig with short-lived credentials
       run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 ${{ secrets.CLUSTER_NAME }}
     
diff --git a/deployment.yml b/deployment.yml
@@ -4,6 +4,27 @@ metadata:
   name: golang
 ---
 ---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-nginx
+  namespace: golang
+spec:
+  # ACME issuer configuration
+  # `email` - the email address to be associated with the ACME account (make sure it's a valid one)
+  # `server` - the URL used to access the ACME server’s directory endpoint
+  # `privateKeySecretRef` - Kubernetes Secret to store the automatically generated ACME account private key
+  acme:
+    email: <CERTIFICATE_EMAIL>
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-nginx-private-key
+    solvers:
+      # Use the HTTP-01 challenge provider
+      - http01:
+          ingress:
+            class: nginx
+---
 ---
 apiVersion: apps/v1
 kind: Deployment
