Skip to content

Commit

Permalink
feat: Configure cluster issuer for DNS (#54)
Browse files Browse the repository at this point in the history 
This configures the Let's Encrypt cluster issuer to follow CNAME records
in order to determine the right zone for DNS challenges.

With this, we can issue certificates for the zone
'freifunk-duesseldorf.de' for certain hostnames without giving
cert-manager permission to edit this zone.

see-also: ffddorf/terraform-cloudflare-dns#48
  • Loading branch information
@nomaster
nomaster committed May 3, 2024
1 parent 02481fb commit 86a038f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions base/cert-manager/cluster-issuer-letsencrypt-prod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ spec:
- http01:
ingress: {}
- dns01:
cnameStrategy: Follow
cloudflare:
email: [email protected]
apiTokenSecretRef:
Expand All @@ -21,3 +22,4 @@ spec:
selector:
dnsZones:
- ffddorf.net
- freifunk-duesseldorf.de

0 comments on commit 86a038f

Please sign in to comment.