apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    # TODO: figure out how to get kustomize to interpolate this, or use a transformer
    #email: $(CONTACT_EMAIL)
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource used to store the account's private key.
      name: letsencrypt-production-acc-key
    solvers:
      - http01:
          ingress:
            class: traefik