Skip to content

Permit to choose the certmanager issuer/clusterissuer

We could define 2 ClusterIssuer:

  • One for production, default name letsencrypt-prod to use production ACME server (https://acme-v02.api.letsencrypt.org/directory)
  • One for test, default name letsencrypt-staging to use testing ACME server (https://acme-staging-v02.api.letsencrypt.org/directory)

To be used by the ingress like:

[general]
ingressController=nginx
ingressNamespace=ingress-nginx
ingressClassName=laboite-nginx
ingressClusterIssuerName=letsencrypt-prod

As an ideal, we should be able to configure both URL and names (in case a user has her own ACME server), as an example:

# vars.ini
[cert-manager]
prodClusterIssuerName=letsencrypt-prod
prodClusterIssuerServer=https://acme-v02.api.letsencrypt.org/directory
stagingClusterIssuerName=company-acme-staging
stagingClusterIssuerServer=https://acme-staging-v02.api.mycompany.org/directory

Everything should fallback to sane defaults for the configuration to be optional (even not present in vars.ini by default to avoid mistake).

Edited by Daniel Dehennin