Merge pull request #254 from 3dwardch3ng/app/cert-manager

disable certificate issuing
2024-06-20 17:10:55 +10:00
parent fc81537d18 57b8332da2
commit 7be1fbc1f8
1 changed files with 63 additions and 57 deletions
--- a/kubernetes/apps/cert-manager/certificates/adguard-home.yaml
+++ b/kubernetes/apps/cert-manager/certificates/adguard-home.yaml
@@ -1,58 +1,64 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: adguard-home-cert
-  namespace: cert-manager
-spec:
-  # Secret names are always required.
-  secretName: adguard-home.cluster.edward.sydney-tls
+#apiVersion: cert-manager.io/v1
+#kind: Certificate
+#metadata:
+#  name: adguard-home-cert
+#  namespace: cert-manager
+#spec:
+#  # Secret names are always required.
+#  secretName: adguard-home.cluster.edward.sydney-tls
+#
+#  privateKey:
+#    algorithm: RSA
+#    encoding: PKCS1
+#    size: 2048
+#
+#  # keystores allows adding additional output formats. This is an example for reference only.
+#  keystores:
+#    pkcs12:
+#      create: true
+#      passwordSecretRef:
+#        name: adguard-home-tls-keystore
+#        key: ${adguard_home_certificate_tls_keystore_password}
+#      profile: Modern2023
+#
+#  duration: 2160h # 90d
+#  renewBefore: 360h # 15d
+#
+#  isCA: false
+#  usages:
+#    - server auth
+#    - client auth
+#
+#  subject:
+#    organizations:
+#      - edward.sydney
+#
+#  # The literalSubject field is exclusive with subject and commonName. It allows
+#  # specifying the subject directly as a string. This is useful for when the order
+#  # of the subject fields is important or when the subject contains special types
+#  # which can be specified by their OID.
+#  #
+#  # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe"
+#
+#  # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
+#  dnsNames:
+#    - "${adguard_home_certificate_dns_name}"
+#    - "*.${adguard_home_certificate_dns_name}"
+#  emailAddresses:
+#    - ${adguard_home_certificate_email}
+#
+#  # Issuer references are always required.
+#  issuerRef:
+#    name: clusterissuer
+#    # We can reference ClusterIssuers by changing the kind here.
+#    # The default value is Issuer (i.e. a locally namespaced Issuer)
+#    kind: ClusterIssuer
+#    # This is optional since cert-manager will default to this value however
+#    # if you are using an external issuer, change this to that issuer group.
+#    group: cert-manager.io

-  privateKey:
-    algorithm: RSA
-    encoding: PKCS1
-    size: 2048
-
-  # keystores allows adding additional output formats. This is an example for reference only.
-  keystores:
-    pkcs12:
-      create: true
-      passwordSecretRef:
-        name: adguard-home-tls-keystore
-        key: ${adguard_home_certificate_tls_keystore_password}
-      profile: Modern2023
-
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
-
-  isCA: false
-  usages:
-    - server auth
-    - client auth
-
-  subject:
-    organizations:
-      - edward.sydney
-
-  # The literalSubject field is exclusive with subject and commonName. It allows
-  # specifying the subject directly as a string. This is useful for when the order
-  # of the subject fields is important or when the subject contains special types
-  # which can be specified by their OID.
-  #
-  # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe"
-
-  # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required.
-  dnsNames:
-    - "${adguard_home_certificate_dns_name}"
-    - "*.${adguard_home_certificate_dns_name}"
-  emailAddresses:
-    - ${adguard_home_certificate_email}
-
-  # Issuer references are always required.
-  issuerRef:
-    name: clusterissuer
-    # We can reference ClusterIssuers by changing the kind here.
-    # The default value is Issuer (i.e. a locally namespaced Issuer)
-    kind: ClusterIssuer
-    # This is optional since cert-manager will default to this value however
-    # if you are using an external issuer, change this to that issuer group.
-    group: cert-manager.io
+#The certificate request has failed to complete and will be retried:
+#  Failed to wait for order resource "adguard-home-cert-1-1931876784" to become
+#  ready: order is in "errored" state: Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited:
+#  Error creating new order :: too many certificates already issued for "edward.sydney".
+#  Retry after 2024-06-25T21:00:00Z: see https://letsencrypt.org/docs/rate-limits/