env: create private cert issuer as part of new env
diff --git a/charts/certificate-issuer-private/templates/gandi-credentials.yaml b/charts/certificate-issuer-private/templates/gandi-credentials.yaml
deleted file mode 100644
index 65c7076..0000000
--- a/charts/certificate-issuer-private/templates/gandi-credentials.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
- name: gandi-credentials
- namespace: {{ .Release.Namespace }}
-data:
- api-token: {{ .Values.issuer.gandiAPIToken | b64enc }}
diff --git a/charts/certificate-issuer-private/templates/gandi-webhook-secret-reader.yaml b/charts/certificate-issuer-private/templates/gandi-webhook-secret-reader.yaml
deleted file mode 100644
index 88cf405..0000000
--- a/charts/certificate-issuer-private/templates/gandi-webhook-secret-reader.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: {{ .Release.Namespace }}-cert-manager-gandi-webhook-secret-reader # TODO(giolekva): make namespace part configurable
- namespace: {{ .Release.Namespace }}
-rules:
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: {{ .Release.Namespace }}-cert-manager-gandi-webhook-secret-reader
- namespace: {{ .Release.Namespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: {{ .Release.Namespace }}-cert-manager-gandi-webhook-secret-reader
-subjects:
-- kind: ServiceAccount
- name: {{ .Values.certManager.gandiWebhookSecretReader }}
- namespace: {{ .Values.certManager.namespace }}
diff --git a/charts/certificate-issuer-private/templates/issuer.yaml b/charts/certificate-issuer-private/templates/issuer.yaml
index 91c4d57..6692784 100644
--- a/charts/certificate-issuer-private/templates/issuer.yaml
+++ b/charts/certificate-issuer-private/templates/issuer.yaml
@@ -15,5 +15,5 @@
groupName: dodo.cloud
solverName: pcloud-dns-solver
config:
- createAddress: "http://ns-controller.dodo-dns-zone-manager.svc.cluster.local/create-txt-record"
- deleteAddress: "http://ns-controller.dodo-dns-zone-manager.svc.cluster.local/delete-txt-record"
+ apiConfigMapName: {{ .Values.apiConfigMap.name }}
+ apiConfigMapNamespace: {{ .Values.apiConfigMap.Namespace }}
diff --git a/charts/certificate-issuer-private/values.yaml b/charts/certificate-issuer-private/values.yaml
index 4d6234f..e332987 100644
--- a/charts/certificate-issuer-private/values.yaml
+++ b/charts/certificate-issuer-private/values.yaml
@@ -1,10 +1,9 @@
-certManager:
- namespace: cert-manager
- gandiWebhookSecretReader: cert-manager-webhook-gandi
issuer:
name: selfsigned-private
server: https://acme-v02.api.letsencrypt.org/directory
contactEmail: admin@example.com
gandiAPIToken: token
domain: p.example.com
-
+apiConfigMap:
+ name: api-config
+ namespace: pcloud-dns-zone-manager
diff --git a/charts/dns-ns-controller/templates/api-config.yaml b/charts/dns-ns-controller/templates/api-config.yaml
index e489493..f902fd8 100644
--- a/charts/dns-ns-controller/templates/api-config.yaml
+++ b/charts/dns-ns-controller/templates/api-config.yaml
@@ -4,5 +4,5 @@
name: {{ .Values.apiConfigMapName }}
namespace: {{ .Release.Namespace }}
data:
- createTXTAddr: "http://controller-manager.{{ .Release.Namespace }}.svc.cluster.local/create-txt-record"
- deleteTXTAddr: "http://controller-manager.{{ .Release.Namespace }}.svc.cluster.local/delete-txt-record"
+ createTXTAddr: "http://ns-controller.{{ .Release.Namespace }}.svc.cluster.local/create-txt-record"
+ deleteTXTAddr: "http://ns-controller.{{ .Release.Namespace }}.svc.cluster.local/delete-txt-record"
diff --git a/charts/dns-ns-controller/templates/install.yaml b/charts/dns-ns-controller/templates/install.yaml
index 11210d4..555b170 100644
--- a/charts/dns-ns-controller/templates/install.yaml
+++ b/charts/dns-ns-controller/templates/install.yaml
@@ -205,7 +205,7 @@
metadata:
labels:
control-plane: controller-manager
- name: ns-controller
+ name: ns-controller # TODO(gio): move to _helpers
namespace: {{ .Release.Namespace }}
spec:
ports: