charts/fp/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: fp
 description: The Galaxy's Best VTuber Hentai Site
-version: 0.0.30
+version: 0.0.28
 keywords:
   - fp
   - futureporn

charts/fp/templates/cert-manager.yaml

@@ -69,7 +69,7 @@ subjects:
     name: cert-manager-webhook-exoscale
 
 ---
-{{ if eq .Values.environment "development" }} 
+{{ if eq .Values.environment "staging" }} 
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
@@ -98,4 +98,28 @@ spec:
               key: apiSecret
 {{ end }}
 
-## in staging and production, ClusterIssuer is created by Flux2/Kustomize. (not Helm)
+{{ if eq .Values.environment "production" }} 
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: {{ .Values.adminEmail }}
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - dns01:
+        webhook:
+          groupName: acme.exoscale.com
+          solverName: exoscale
+          config:
+            apiKeyRef:
+              name: exoscale
+              key: apiKey
+            apiSecretRef:
+              name: exoscale
+              key: apiSecret
+{{ end }}

clusters/staging/infrastructure.yaml

@@ -15,42 +15,42 @@ spec:
   prune: true
   wait: true
 
----
+# ---
-apiVersion: kustomize.toolkit.fluxcd.io/v1
+# apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
+# kind: Kustomization
-metadata:
+# metadata:
-  name: infra-configs
+#   name: infra-configs
-  namespace: flux-system
+#   namespace: flux-system
-spec:
+# spec:
-  dependsOn:
+#   dependsOn:
-    - name: infra-controllers
+#     - name: infra-controllers
-  interval: 1h
+#   interval: 1h
-  retryInterval: 1m
+#   retryInterval: 1m
-  timeout: 5m
+#   timeout: 5m
-  sourceRef:
+#   sourceRef:
-    kind: GitRepository
+#     kind: GitRepository
-    name: flux-system
+#     name: flux-system
-  path: ./infrastructure/configs
+#   path: ./infrastructure/configs
-  prune: true
+#   prune: true
-  patches:
+#   patches:
-    - patch: |
+#     - patch: |
-        - op: replace
+#         - op: replace
-          path: /spec/acme/server
+#           path: /spec/acme/server
-          value: https://acme-staging-v02.api.letsencrypt.org/directory
+#           value: https://acme-staging-v02.api.letsencrypt.org/directory
-      target:
+#       target:
-        kind: ClusterIssuer
+#         kind: ClusterIssuer
-        name: letsencrypt
+#         name: letsencrypt
-    - patch: |
+#     - patch: |
-        - op: replace
+#         - op: replace
-          path: /metadata/name
+#           path: /metadata/name
-          value: letsencrypt-staging
+#           value: letsencrypt-staging
-      target:
+#       target:
-        kind: ClusterIssuer
+#         kind: ClusterIssuer
-        name: letsencrypt
+#         name: letsencrypt
-    - patch: |
+#     - patch: |
-        - op: replace
+#         - op: replace
-          path: /spec/acme/privateKeySecretRef/name
+#           path: /spec/acme/privateKeySecretRef/name
-          value: letsencrypt-staging
+#           value: letsencrypt-staging
-      target:
+#       target:
-        kind: ClusterIssuer
+#         kind: ClusterIssuer
-        name: letsencrypt
+#         name: letsencrypt

infrastructure/configs/cluster-issuers.yaml

@@ -1,4 +1,4 @@
-## Example values are replaced using environment-specific Kuztomization patches
+## Example values are replaced using Kuztomization patches
 
 ---
 apiVersion: cert-manager.io/v1
@@ -18,14 +18,6 @@ spec:
     privateKeySecretRef:
       name: letsencrypt
     solvers:
-    - dns01:
+      - http01:
-        webhook:
+          ingress:
-          groupName: acme.exoscale.com
+            class: traefik
-          solverName: exoscale
-          config:
-            apiKeyRef:
-              name: exoscale
-              key: apiKey
-            apiSecretRef:
-              name: exoscale
-              key: apiSecret