---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: "{{ cert_manager_issuer_name }}"
spec:
  acme:
    server: "{% if cert_manager_issuer_env == 'production' %}https://acme-v02.api.letsencrypt.org/directory{% else %}https://acme-staging-v02.api.letsencrypt.org/directory{% endif %}"
    email: "{{ cert_manager_email }}"
    privateKeySecretRef:
      name: "{{ cert_manager_issuer_name }}-account-key"
    solvers:
    - selector:
        dnsZones:
          - 'k3s.seyshiro.de'
      dns01:
        webhook:
            groupName: com.netcup.webhook
            solverName: netcup
            config:
                secretRef: netcup-secret
                secretNamespace: cert-manager