Installer: separate certificates from ingress and annotate to keep them after helm uninstall

commit: 26a96815245899b58f51679b99e55d739dc6e873 [log] [tgz]
author: giolekva <giolekva@gmail.com> Fri Dec 03 13:36:02 2021 +0400
committer: giolekva <giolekva@gmail.com> Fri Dec 03 13:36:02 2021 +0400
tree: aaf3f958122d7023f729f482b3c2802a0491b9ff
parent: a2cf492bdebb5dd1c9ac702d6a445c7c17143c0e [diff]
diff --git a/charts/auth/templates/certificates.yaml b/charts/auth/templates/certificates.yaml
new file mode 100644
index 0000000..b6b54b7
--- /dev/null
+++ b/charts/auth/templates/certificates.yaml

@@ -0,0 +1,44 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: accounts-ui.{{ .Values.ui.domain }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  dnsNames:
+  - 'accounts-ui.{{ .Values.ui.domain }}'
+  issuerRef:
+    name: {{ .Values.ui.certificateIssuer }}
+    kind: ClusterIssuer
+  secretName: cert-accounts-ui.{{ .Values.ui.domain }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: accounts.{{ .Values.ui.domain }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  dnsNames:
+  - 'accounts.{{ .Values.ui.domain }}'
+  issuerRef:
+    name: {{ .Values.ui.certificateIssuer }}
+    kind: ClusterIssuer
+  secretName: cert-accounts.{{ .Values.ui.domain }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hydra.{{ .Values.ui.domain }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  dnsNames:
+  - 'hydra.{{ .Values.ui.domain }}'
+  issuerRef:
+    name: {{ .Values.ui.certificateIssuer }}
+    kind: ClusterIssuer
+  secretName: cert-hydra.{{ .Values.ui.domain }}

diff --git a/charts/auth/templates/ui.yaml b/charts/auth/templates/ui.yaml
index ee79d7e..8936f4d 100644
--- a/charts/auth/templates/ui.yaml
+++ b/charts/auth/templates/ui.yaml

@@ -18,16 +18,12 @@
 metadata:
   name: ui
   namespace: {{ .Release.Namespace }}
-  annotations:
-    cert-manager.io/cluster-issuer: {{ .Values.ui.certificateIssuer }}
-    acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
   ingressClassName: {{ .Values.ui.ingressClassName }}
   tls:
   - hosts:
     - accounts-ui.{{ .Values.ui.domain }}
     secretName: cert-accounts-ui.{{ .Values.ui.domain }}
-    # secretName: cert-wildcard.{{ .Values.ui.domain }}
   rules:
   - host: accounts-ui.{{ .Values.ui.domain }}
     http:
@@ -62,10 +58,6 @@
       - name: config
         configMap:
           name: {{ .Values.ui.nebula.lighthouse.name }}
-      hostAliases:
-      - ip: "111.0.0.1"
-        hostnames:
-          - "hydra.{{ .Values.ui.internalDomain }}"
       containers:
       - name: server
         image: giolekva/auth-ui:latest

diff --git a/charts/certificate-issuer/templates/wildcard-certificate-private.yaml b/charts/certificate-issuer/templates/wildcard-certificate-private.yaml
index 0300ce8..5d8c667 100644
--- a/charts/certificate-issuer/templates/wildcard-certificate-private.yaml
+++ b/charts/certificate-issuer/templates/wildcard-certificate-private.yaml

@@ -3,6 +3,8 @@
 metadata:
   name: wildcard-{{ .Values.private.domain }}
   namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: keep
 spec:
   dnsNames:
   - '*.{{ .Values.private.domain }}'

diff --git a/charts/certificate-issuer/templates/www-certificate-public.yaml b/charts/certificate-issuer/templates/www-certificate-public.yaml
index cb0c7ff..2216a94 100644
--- a/charts/certificate-issuer/templates/www-certificate-public.yaml
+++ b/charts/certificate-issuer/templates/www-certificate-public.yaml

@@ -3,6 +3,8 @@
 metadata:
   name: www-{{ .Values.public.domain }}
   namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: keep
 spec:
   dnsNames:
   - '{{ .Values.public.domain }}'

diff --git a/charts/maddy/templates/install.yaml b/charts/maddy/templates/install.yaml
index 6605094..e84ef16 100644
--- a/charts/maddy/templates/install.yaml
+++ b/charts/maddy/templates/install.yaml

@@ -68,7 +68,7 @@
   name: mail.{{ .Values.ingress.public.domain }}
   namespace: {{ .Release.Namespace }}
   annotations:
-    "helm.sh/resource-policy": keep
+    helm.sh/resource-policy: keep
 spec:
   dnsNames:
   - 'mail.{{ .Values.ingress.public.domain }}'

diff --git a/charts/maddy/templates/mta-sts.yaml b/charts/maddy/templates/mta-sts.yaml
index bad3794..dd57797 100644
--- a/charts/maddy/templates/mta-sts.yaml
+++ b/charts/maddy/templates/mta-sts.yaml

@@ -17,7 +17,7 @@
   name: mta-sts.{{ .Values.ingress.public.domain }}
   namespace: {{ .Release.Namespace }}
   annotations:
-    "helm.sh/resource-policy": keep
+    helm.sh/resource-policy: keep
 spec:
   dnsNames:
   - 'mta-sts.{{ .Values.ingress.public.domain }}'

diff --git a/charts/mail-gateway/templates/mx-certificate.yaml b/charts/mail-gateway/templates/mx-certificate.yaml
index c4012ae..2999b08 100644
--- a/charts/mail-gateway/templates/mx-certificate.yaml
+++ b/charts/mail-gateway/templates/mx-certificate.yaml

@@ -4,7 +4,7 @@
   name: {{ .Values.domains.primary.mx }}
   namespace: {{ .Release.Namespace }}
   annotations:
-    "helm.sh/resource-policy": keep
+    helm.sh/resource-policy: keep
 spec:
   dnsNames:
   - {{ .Values.domains.primary.mx }}

diff --git a/charts/matrix/templates/matrix.yaml b/charts/matrix/templates/matrix.yaml
index e03223f..e400d33 100644
--- a/charts/matrix/templates/matrix.yaml
+++ b/charts/matrix/templates/matrix.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

diff --git a/helmfile/base/helmfile.yaml b/helmfile/base/helmfile.yaml
index 276096e..e7690ff 100644
--- a/helmfile/base/helmfile.yaml
+++ b/helmfile/base/helmfile.yaml

@@ -165,12 +165,6 @@
   - ingress:
       # TODO(giolekva): maybe run separate Nebula network for pcloud infrastructure services?
       enabled: false
-      # ngressClassName: nginx-private
-      # tls: true
-      # host: longhorn.pcloud
-      # annotations:
-      #   cert-manager.io/cluster-issuer: "selfsigned-ca"
-      #   acme.cert-manager.io/http01-edit-in-place: "true"
 - name: mail-gateway
   chart: ../../charts/mail-gateway
   namespace: {{ .Values.name }}-mail-gateway

diff --git a/helmfile/users/helmfile.yaml b/helmfile/users/helmfile.yaml
index 567d3e0..1515c39 100644
--- a/helmfile/users/helmfile.yaml
+++ b/helmfile/users/helmfile.yaml

@@ -179,14 +179,10 @@
             paths:
             - path: /
               pathType: Prefix
-          annotations:
-            cert-manager.io/cluster-issuer: "{{ .Values.id }}-public"
-            acme.cert-manager.io/http01-edit-in-place: "true"
           tls:
           - hosts:
             - accounts.{{ .Values.domain }}
             secretName: cert-accounts.{{ .Values.domain }}
-            # secretName: cert-wildcard.{{ .Values.domain }}
       secret:
         enabled: true
       kratos:
@@ -335,9 +331,6 @@
             paths:
             - path: /
               pathType: Prefix
-          annotations:
-            cert-manager.io/cluster-issuer: "{{ .Values.id }}-public"
-            acme.cert-manager.io/http01-edit-in-place: "true"
           tls:
           - hosts:
             - hydra.{{ .Values.domain }}
@@ -546,7 +539,7 @@
         domain: {{ .Values.domain }}
         certificateIssuer: {{ .Values.id }}-public
   - storage:
-      size: 10Gi
+      size: 100Gi
   - mailGateway:
       mxHostname: {{ .Values.mxHostname}}
       address: {{ .Values.mailGatewayAddress }}
commit	26a96815245899b58f51679b99e55d739dc6e873	[log] [tgz]
author	giolekva <giolekva@gmail.com>	Fri Dec 03 13:36:02 2021 +0400
committer	giolekva <giolekva@gmail.com>	Fri Dec 03 13:36:02 2021 +0400
tree	aaf3f958122d7023f729f482b3c2802a0491b9ff
parent	a2cf492bdebb5dd1c9ac702d6a445c7c17143c0e [diff]