Configure ssl.com clusterissuer

README.md

@@ -17,7 +17,8 @@ Create a `gitlab` namespace:
 
 Create a secret for the Gitlab kubernetes agent:
 
-    cat flux/gitlab-k8s-agent-secret.yml.tmpl| token=TOKEN_IN_PLAINTEXT envsubst | kubectl apply -f -
+    cat flux/gitlab-k8s-agent-secret.yml.tmpl| token=$GITLAB-K8S-AGENT-SECRET envsubst | kubectl apply -f -
+    cat flux/sslcom-eabsecret-secret.yml.tmpl | secret=$SSL_COM_EAB_HMAC_KEY envsubst | kubectl apply -f -
 
 Run
 

flux/cert-manager/sslcom-clusterissuer.yaml

+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: sslcom-issuer
+  namespace: cert-manager
+spec:
+  acme:
+    email: maarten@greenhost.nl
+    server: https://acme.ssl.com/sslcom-dv-rsa
+    externalAccountBinding:
+      keyID: 24e31e029f14
+      keySecretRef:
+        name: sslcom-eabsecret
+        key: secret
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: sslcom-eabsecret
+    solvers:
+      - http01:
+          ingress:
+            class: nginx

flux/cert-manager/stackspin-cert-manager-override.yaml

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: cert-manager
+  name: stackspin-cert-manager-override
+data:
+  values.yaml: |
+    ingressShim:
+      defaultIssuerName: sslcom-issuer
+      defaultIssuerKind: ClusterIssuer

flux/kustomizations/sslcom-kustomization.yaml

+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: sslcom
+  namespace: cert-manager
+spec:
+  interval: 24h
+  sourceRef:
+    kind: GitRepository
+    name: kubernetes-agent-setup
+  path: ./flux/cert-manager
+  prune: true
+  validation: client

flux/sslcom-eabsecret-secret.yml.tmpl

+apiVersion: v1
+kind: Secret
+metadata:
+  name: sslcom-eabsecret
+  namespace: cert-manager
+stringData:
+  secret: ${secret}