use infra-config

charts/fp/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: fp
 description: The Galaxy's Best VTuber Hentai Site
-version: 0.0.29
+version: 0.0.30
 keywords:
   - fp
   - futureporn

charts/fp/templates/cert-manager.yaml

@@ -69,7 +69,7 @@ subjects:
     name: cert-manager-webhook-exoscale
 
 ---
-{{ if eq .Values.environment "development" || if eq .Values.environment "staging" }} 
+{{ if eq .Values.environment "development" }} 
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
@@ -98,28 +98,4 @@ spec:
               key: apiSecret
 {{ end }}
 
-{{ if eq .Values.environment "production" }} 
+## in staging and production, ClusterIssuer is created by Flux2/Kustomize. (not Helm)
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-prod
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: {{ .Values.adminEmail }}
-    privateKeySecretRef:
-      name: letsencrypt-prod
-    solvers:
-    - dns01:
-        webhook:
-          groupName: acme.exoscale.com
-          solverName: exoscale
-          config:
-            apiKeyRef:
-              name: exoscale
-              key: apiKey
-            apiSecretRef:
-              name: exoscale
-              key: apiSecret
-{{ end }}

clusters/staging/infrastructure.yaml

@@ -15,42 +15,42 @@ spec:
   prune: true
   wait: true
 
-# ---
+---
-# apiVersion: kustomize.toolkit.fluxcd.io/v1
+apiVersion: kustomize.toolkit.fluxcd.io/v1
-# kind: Kustomization
+kind: Kustomization
-# metadata:
+metadata:
-#   name: infra-configs
+  name: infra-configs
-#   namespace: flux-system
+  namespace: flux-system
-# spec:
+spec:
-#   dependsOn:
+  dependsOn:
-#     - name: infra-controllers
+    - name: infra-controllers
-#   interval: 1h
+  interval: 1h
-#   retryInterval: 1m
+  retryInterval: 1m
-#   timeout: 5m
+  timeout: 5m
-#   sourceRef:
+  sourceRef:
-#     kind: GitRepository
+    kind: GitRepository
-#     name: flux-system
+    name: flux-system
-#   path: ./infrastructure/configs
+  path: ./infrastructure/configs
-#   prune: true
+  prune: true
-#   patches:
+  patches:
-#     - patch: |
+    - patch: |
-#         - op: replace
+        - op: replace
-#           path: /spec/acme/server
+          path: /spec/acme/server
-#           value: https://acme-staging-v02.api.letsencrypt.org/directory
+          value: https://acme-staging-v02.api.letsencrypt.org/directory
-#       target:
+      target:
-#         kind: ClusterIssuer
+        kind: ClusterIssuer
-#         name: letsencrypt
+        name: letsencrypt
-#     - patch: |
+    - patch: |
-#         - op: replace
+        - op: replace
-#           path: /metadata/name
+          path: /metadata/name
-#           value: letsencrypt-staging
+          value: letsencrypt-staging
-#       target:
+      target:
-#         kind: ClusterIssuer
+        kind: ClusterIssuer
-#         name: letsencrypt
+        name: letsencrypt
-#     - patch: |
+    - patch: |
-#         - op: replace
+        - op: replace
-#           path: /spec/acme/privateKeySecretRef/name
+          path: /spec/acme/privateKeySecretRef/name
-#           value: letsencrypt-staging
+          value: letsencrypt-staging
-#       target:
+      target:
-#         kind: ClusterIssuer
+        kind: ClusterIssuer
-#         name: letsencrypt
+        name: letsencrypt