apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # 使用 Let's Encrypt 的生产环境服务器
    server: https://acme-v02.api.letsencrypt.org/directory
    # 邮件地址用于重要的通讯，例如安全通知和证书到期通知
    email: user@example.com
    # 用于存储ACME账户的私钥
    privateKeySecretRef:
      name: letsencrypt-prod
    # ACME协议中用于验证域名所有权的挑战机制
    solvers:
      - http01:
          ingress:
            class: nginx