delete example
This commit is contained in:
@@ -1,92 +0,0 @@
|
|||||||
---
|
|
||||||
# Example: Wildcard Certificate for *.example.com
|
|
||||||
# This creates a certificate that covers ALL subdomains of example.com
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: wildcard-example-com
|
|
||||||
namespace: default # Change to your application's namespace
|
|
||||||
spec:
|
|
||||||
# The secret where the TLS certificate will be stored
|
|
||||||
secretName: wildcard-example-com-tls
|
|
||||||
|
|
||||||
# Use the production issuer (use letsencrypt-staging for testing)
|
|
||||||
issuerRef:
|
|
||||||
name: letsencrypt-prod
|
|
||||||
kind: ClusterIssuer
|
|
||||||
|
|
||||||
# DNS names this certificate will cover
|
|
||||||
# Both wildcard AND apex domain are recommended
|
|
||||||
dnsNames:
|
|
||||||
- '*.example.com' # Covers: app.example.com, api.example.com, etc.
|
|
||||||
- 'example.com' # Also include apex domain explicitly
|
|
||||||
|
|
||||||
# Optional: Configure certificate duration and renewal
|
|
||||||
duration: 2160h0m0s # 90 days (Let's Encrypt default)
|
|
||||||
renewBefore: 720h0m0s # Renew 30 days before expiry
|
|
||||||
|
|
||||||
# Optional: Private key settings
|
|
||||||
privateKey:
|
|
||||||
algorithm: RSA
|
|
||||||
encoding: PKCS1
|
|
||||||
size: 4096
|
|
||||||
|
|
||||||
---
|
|
||||||
# Example: Using the wildcard certificate with a Traefik IngressRoute
|
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: app-ingress
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
entryPoints:
|
|
||||||
- websecure
|
|
||||||
routes:
|
|
||||||
# Match any subdomain - the wildcard cert covers all of them
|
|
||||||
- match: Host(`app.example.com`) || Host(`api.example.com`) || Host(`www.example.com`)
|
|
||||||
kind: Rule
|
|
||||||
services:
|
|
||||||
- name: my-service
|
|
||||||
port: 80
|
|
||||||
tls:
|
|
||||||
# Reference the secret created by the Certificate
|
|
||||||
secretName: wildcard-example-com-tls
|
|
||||||
|
|
||||||
---
|
|
||||||
# Example: Using wildcard certificate with standard Kubernetes Ingress
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: wildcard-ingress
|
|
||||||
namespace: default
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- '*.example.com'
|
|
||||||
- 'example.com'
|
|
||||||
secretName: wildcard-example-com-tls
|
|
||||||
rules:
|
|
||||||
- host: app.example.com
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: app-service
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
- host: api.example.com
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: api-service
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
Reference in New Issue
Block a user