From f27b88d7976527e51b8a20d0c9d68af6f42fccc0 Mon Sep 17 00:00:00 2001
From: CJ_Clippy <cj@futureporn.net>
Date: Fri, 28 Jun 2024 15:59:31 -0800
Subject: [PATCH] set letsencrypt to appropriate env

---
 clusters/production/infrastructure.yaml     | 20 ++++++++++++++++++++
 infrastructure/configs/cluster-issuers.yaml |  6 ++++--
 scripts/k8s-secrets.sh                      |  7 +++++++
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/clusters/production/infrastructure.yaml b/clusters/production/infrastructure.yaml
index ce67ceb..812f7b5 100644
--- a/clusters/production/infrastructure.yaml
+++ b/clusters/production/infrastructure.yaml
@@ -36,6 +36,26 @@ spec:
         - op: replace
           path: /spec/acme/server
           value: https://acme-staging-v02.api.letsencrypt.org/directory
+        - op: replace
+          path: /metadata/name
+          value: letsencrypt-staging
+        - op: replace
+          path: /spec/acme/privateKeySecretRef/name
+          value: letsencrypt-staging
       target:
         kind: ClusterIssuer
         name: letsencrypt
+    # - patch: |
+    #     - op: replace
+    #       path: /metadata/name
+    #       value: letsencrypt-staging
+    #   target:
+    #     kind: ClusterIssuer
+    #     name: letsencrypt
+    # - patch: |
+    #     - op: replace
+    #       path: /spec/acme/privateKeySecretRef/name
+    #       value: letsencrypt-staging
+    #   target:
+    #     kind: ClusterIssuer
+    #     name: letsencrypt
\ No newline at end of file
diff --git a/infrastructure/configs/cluster-issuers.yaml b/infrastructure/configs/cluster-issuers.yaml
index 271335f..e7d00b1 100644
--- a/infrastructure/configs/cluster-issuers.yaml
+++ b/infrastructure/configs/cluster-issuers.yaml
@@ -1,14 +1,16 @@
+## Example values are replaced using Kuztomization patches
+
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt
+  name: letsencrypt-example
 spec:
   acme:
     # Replace the email address with your own contact email
     email: cj@futureporn.net
     # The server is replaced in /clusters/production/infrastructure.yaml
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://example.com
     privateKeySecretRef:
       name: letsencrypt-staging
     solvers:
diff --git a/scripts/k8s-secrets.sh b/scripts/k8s-secrets.sh
index 483b432..b721e40 100755
--- a/scripts/k8s-secrets.sh
+++ b/scripts/k8s-secrets.sh
@@ -30,6 +30,13 @@ kubectl --namespace cert-manager create secret generic exoscale \
 --from-literal=apiKey=${EXOSCALE_API_KEY} \
 --from-literal=apiSecret=${EXOSCALE_API_SECRET}
 
+## @todo we need exoscale in two separate namespaces.
+##       Is it worth using secrets reflector?
+kubectl --namespace futureporn delete secret exoscale --ignore-not-found
+kubectl --namespace futureporn create secret generic exoscale \
+--from-literal=apiKey=${EXOSCALE_API_KEY} \
+--from-literal=apiSecret=${EXOSCALE_API_SECRET}
+
 kubectl --namespace futureporn delete secret grafana --ignore-not-found
 kubectl --namespace futureporn create secret generic grafana \
 --from-literal=admin-user=${GRAFANA_USERNAME} \