Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

swap to production let's encrypt issuer #4

Merged
merged 1 commit into from
Feb 25, 2024
Merged

swap to production let's encrypt issuer #4

merged 1 commit into from
Feb 25, 2024

Conversation

jgilfoil
Copy link
Owner

No description provided.

@github-actions GitHub Actions
Copy link 

--- HelmRelease: network/ingress-nginx-external Deployment: network/ingress-nginx-external-controller

+++ HelmRelease: network/ingress-nginx-external Deployment: network/ingress-nginx-external-controller

@@ -45,13 +45,13 @@

         - --controller-class=k8s.io/external
         - --ingress-class=nginx
         - --configmap=$(POD_NAMESPACE)/ingress-nginx-external-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
-        - --default-ssl-certificate=network/${SECRET_DOMAIN/./-}-staging-tls
+        - --default-ssl-certificate=network/${SECRET_DOMAIN/./-}-production-tls
         securityContext:
           runAsNonRoot: true
           runAsUser: 101
           allowPrivilegeEscalation: false
           seccompProfile:
             type: RuntimeDefault
--- HelmRelease: network/ingress-nginx-internal Deployment: network/ingress-nginx-internal-controller

+++ HelmRelease: network/ingress-nginx-internal Deployment: network/ingress-nginx-internal-controller

@@ -45,13 +45,13 @@

         - --controller-class=k8s.io/internal
         - --ingress-class=nginx
         - --configmap=$(POD_NAMESPACE)/ingress-nginx-internal-controller
         - --validating-webhook=:8443
         - --validating-webhook-certificate=/usr/local/certificates/cert
         - --validating-webhook-key=/usr/local/certificates/key
-        - --default-ssl-certificate=network/${SECRET_DOMAIN/./-}-staging-tls
+        - --default-ssl-certificate=network/${SECRET_DOMAIN/./-}-production-tls
         securityContext:
           runAsNonRoot: true
           runAsUser: 101
           allowPrivilegeEscalation: false
           seccompProfile:
             type: RuntimeDefault

@github-actions GitHub Actions
Copy link 

--- kubernetes/apps/network/ingress-nginx/certificates Kustomization: flux-system/ingress-nginx-certificates Certificate: network/${SECRET_DOMAIN/./-}-staging

+++ kubernetes/apps/network/ingress-nginx/certificates Kustomization: flux-system/ingress-nginx-certificates Certificate: network/${SECRET_DOMAIN/./-}-staging

@@ -1,20 +0,0 @@

----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  labels:
-    app.kubernetes.io/name: ingress-nginx-certificates
-    kustomize.toolkit.fluxcd.io/name: ingress-nginx-certificates
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: ${SECRET_DOMAIN/./-}-staging
-  namespace: network
-spec:
-  commonName: ${SECRET_DOMAIN}
-  dnsNames:
-  - ${SECRET_DOMAIN}
-  - '*.${SECRET_DOMAIN}'
-  issuerRef:
-    kind: ClusterIssuer
-    name: letsencrypt-staging
-  secretName: ${SECRET_DOMAIN/./-}-staging-tls
-
--- kubernetes/apps/network/ingress-nginx/certificates Kustomization: flux-system/ingress-nginx-certificates Certificate: network/${SECRET_DOMAIN/./-}-production

+++ kubernetes/apps/network/ingress-nginx/certificates Kustomization: flux-system/ingress-nginx-certificates Certificate: network/${SECRET_DOMAIN/./-}-production

@@ -0,0 +1,20 @@

+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    app.kubernetes.io/name: ingress-nginx-certificates
+    kustomize.toolkit.fluxcd.io/name: ingress-nginx-certificates
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+  name: ${SECRET_DOMAIN/./-}-production
+  namespace: network
+spec:
+  commonName: ${SECRET_DOMAIN}
+  dnsNames:
+  - ${SECRET_DOMAIN}
+  - '*.${SECRET_DOMAIN}'
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-production
+  secretName: ${SECRET_DOMAIN/./-}-production-tls
+
--- kubernetes/apps/network/ingress-nginx/internal Kustomization: flux-system/ingress-nginx-internal HelmRelease: network/ingress-nginx-internal

+++ kubernetes/apps/network/ingress-nginx/internal Kustomization: flux-system/ingress-nginx-internal HelmRelease: network/ingress-nginx-internal

@@ -49,13 +49,13 @@

         log-format-upstream: |
           {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent"}
         proxy-body-size: 0
         proxy-buffer-size: 16k
         ssl-protocols: TLSv1.3 TLSv1.2
       extraArgs:
-        default-ssl-certificate: network/${SECRET_DOMAIN/./-}-staging-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN/./-}-production-tls
       ingressClassResource:
         controllerValue: k8s.io/internal
         default: true
         name: internal
       metrics:
         enabled: true
--- kubernetes/apps/network/ingress-nginx/external Kustomization: flux-system/ingress-nginx-external HelmRelease: network/ingress-nginx-external

+++ kubernetes/apps/network/ingress-nginx/external Kustomization: flux-system/ingress-nginx-external HelmRelease: network/ingress-nginx-external

@@ -52,13 +52,13 @@

         log-format-upstream: |
           {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent"}
         proxy-body-size: 0
         proxy-buffer-size: 16k
         ssl-protocols: TLSv1.3 TLSv1.2
       extraArgs:
-        default-ssl-certificate: network/${SECRET_DOMAIN/./-}-staging-tls
+        default-ssl-certificate: network/${SECRET_DOMAIN/./-}-production-tls
       ingressClassResource:
         controllerValue: k8s.io/external
         default: false
         name: external
       metrics:
         enabled: true

@jgilfoil jgilfoil merged commit 2833333 into main Feb 25, 2024
7 checks passed
@jgilfoil jgilfoil deleted the update/certs-to-prod branch February 25, 2024 03:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jgilfoil