pivpn update and working with doh

k3s/README.md

@@ -276,7 +276,49 @@ helm upgrade --install \
 Create the let's encrypt issuer (Route53 DNS)
 
 ```bash
-kubectl apply -f certmanager/letsencrypt-issuer.yaml
+export LE_ACCESS_KEY_ID=
+export LE_SECRET_KEY=
+
+cat <<EOF > secrets/cert-manager-secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prod-route53-credentials-cert-manager
+data:
+  access-key-id: $(echo $LE_ACCESS_KEY_ID | base64)
+  secret-access-key: $(echo $LE_SECRET_KEY | base64)
+EOF
+
+kubectl apply -f secrets/cert-manager-secret.yaml
+```
+
+```bash
+cat <<EOF > secrets/route53-cluster-issuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: nginx@ducoterra.net
+    privateKeySecretRef:
+      name: letsencrypt
+    solvers:
+    - selector:
+        dnsZones:
+          - "reeseapps.com"
+      dns01:
+        route53:
+          region: us-east-1
+          hostedZoneID: Z012820733346FJ0U4FUF
+          accessKeyID: ${LE_ACCESS_KEY_ID}
+          secretAccessKeySecretRef:
+            name: prod-route53-credentials-cert-manager
+            key: secret-access-key
+EOF
+
+kubectl apply -f secrets/route53-cluster-issuer.yaml
 ```
 
 You can test if your ingress is working with: