From 86a038f9ec93f22e5501e50bea43de1636512d30 Mon Sep 17 00:00:00 2001
From: Mic Szillat <mic@freifunk-duesseldorf.de>
Date: Fri, 3 May 2024 10:56:18 +0200
Subject: [PATCH] feat: Configure cluster issuer for DNS (#54)

This configures the Let's Encrypt cluster issuer to follow CNAME records
in order to determine the right zone for DNS challenges.

With this, we can issue certificates for the zone
'freifunk-duesseldorf.de' for certain hostnames without giving
cert-manager permission to edit this zone.

see-also: https://github.com/ffddorf/terraform-cloudflare-dns/pull/48
---
 base/cert-manager/cluster-issuer-letsencrypt-prod.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/base/cert-manager/cluster-issuer-letsencrypt-prod.yaml b/base/cert-manager/cluster-issuer-letsencrypt-prod.yaml
index 0c2f2a4..3256e41 100644
--- a/base/cert-manager/cluster-issuer-letsencrypt-prod.yaml
+++ b/base/cert-manager/cluster-issuer-letsencrypt-prod.yaml
@@ -13,6 +13,7 @@ spec:
     - http01:
         ingress: {}
     - dns01:
+        cnameStrategy: Follow
         cloudflare:
           email: support@freifunk-duesseldorf.de
           apiTokenSecretRef:
@@ -21,3 +22,4 @@ spec:
       selector:
         dnsZones:
         - ffddorf.net
+        - freifunk-duesseldorf.de