From 4da9a67c36fe7aeb74cb8ed8486bf0c7c52e3a56 Mon Sep 17 00:00:00 2001 From: CJ_Clippy Date: Sat, 29 Jun 2024 14:53:45 -0800 Subject: [PATCH] use infra-config --- charts/fp/Chart.yaml | 2 +- charts/fp/templates/cert-manager.yaml | 28 +--------- clusters/staging/infrastructure.yaml | 78 +++++++++++++-------------- 3 files changed, 42 insertions(+), 66 deletions(-) diff --git a/charts/fp/Chart.yaml b/charts/fp/Chart.yaml index 4abbd99..174abb8 100644 --- a/charts/fp/Chart.yaml +++ b/charts/fp/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: fp description: The Galaxy's Best VTuber Hentai Site -version: 0.0.29 +version: 0.0.30 keywords: - fp - futureporn diff --git a/charts/fp/templates/cert-manager.yaml b/charts/fp/templates/cert-manager.yaml index c844639..c3bc9b4 100644 --- a/charts/fp/templates/cert-manager.yaml +++ b/charts/fp/templates/cert-manager.yaml @@ -69,7 +69,7 @@ subjects: name: cert-manager-webhook-exoscale --- -{{ if eq .Values.environment "development" || if eq .Values.environment "staging" }} +{{ if eq .Values.environment "development" }} apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: @@ -98,28 +98,4 @@ spec: key: apiSecret {{ end }} -{{ if eq .Values.environment "production" }} ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-prod -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ .Values.adminEmail }} - privateKeySecretRef: - name: letsencrypt-prod - solvers: - - dns01: - webhook: - groupName: acme.exoscale.com - solverName: exoscale - config: - apiKeyRef: - name: exoscale - key: apiKey - apiSecretRef: - name: exoscale - key: apiSecret -{{ end }} \ No newline at end of file +## in staging and production, ClusterIssuer is created by Flux2/Kustomize. (not Helm) \ No newline at end of file diff --git a/clusters/staging/infrastructure.yaml b/clusters/staging/infrastructure.yaml index 4f43796..8a93f7a 100644 --- a/clusters/staging/infrastructure.yaml +++ b/clusters/staging/infrastructure.yaml @@ -15,42 +15,42 @@ spec: prune: true wait: true -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1 -# kind: Kustomization -# metadata: -# name: infra-configs -# namespace: flux-system -# spec: -# dependsOn: -# - name: infra-controllers -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./infrastructure/configs -# prune: true -# patches: -# - patch: | -# - op: replace -# path: /spec/acme/server -# value: https://acme-staging-v02.api.letsencrypt.org/directory -# target: -# kind: ClusterIssuer -# name: letsencrypt -# - patch: | -# - op: replace -# path: /metadata/name -# value: letsencrypt-staging -# target: -# kind: ClusterIssuer -# name: letsencrypt -# - patch: | -# - op: replace -# path: /spec/acme/privateKeySecretRef/name -# value: letsencrypt-staging -# target: -# kind: ClusterIssuer -# name: letsencrypt \ No newline at end of file +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infra-configs + namespace: flux-system +spec: + dependsOn: + - name: infra-controllers + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./infrastructure/configs + prune: true + patches: + - patch: | + - op: replace + path: /spec/acme/server + value: https://acme-staging-v02.api.letsencrypt.org/directory + target: + kind: ClusterIssuer + name: letsencrypt + - patch: | + - op: replace + path: /metadata/name + value: letsencrypt-staging + target: + kind: ClusterIssuer + name: letsencrypt + - patch: | + - op: replace + path: /spec/acme/privateKeySecretRef/name + value: letsencrypt-staging + target: + kind: ClusterIssuer + name: letsencrypt \ No newline at end of file