env: create private cert issuer as part of new env
diff --git a/core/installer/values-tmpl/certificate-issuer-private.jsonschema b/core/installer/values-tmpl/certificate-issuer-private.jsonschema
index cb7e4dc..27f907e 100644
--- a/core/installer/values-tmpl/certificate-issuer-private.jsonschema
+++ b/core/installer/values-tmpl/certificate-issuer-private.jsonschema
@@ -1,7 +1,14 @@
{
"type": "object",
"properties": {
- "GandiAPIToken": { "type": "string" }
+ "APIConfigMap": {
+ "type": "object",
+ "properties": {
+ "Name": { "type": "string" },
+ "Namespace": { "type": "string" }
+ },
+ "additionalProperties": false
+ }
},
"additionalProperties": false
}
diff --git a/core/installer/values-tmpl/certificate-issuer-private.yaml b/core/installer/values-tmpl/certificate-issuer-private.yaml
index 09209d0..8654be5 100644
--- a/core/installer/values-tmpl/certificate-issuer-private.yaml
+++ b/core/installer/values-tmpl/certificate-issuer-private.yaml
@@ -16,9 +16,6 @@
namespace: {{ .Global.Id }}
interval: 1m0s
values:
- certManager:
- namespace: {{ .Global.PCloudEnvName }}-cert-manager
- gandiWebhookSecretReader: {{ .Global.PCloudEnvName }}-cert-manager-webhook-gandi
issuer:
name: {{ .Global.Id }}-private
server: https://acme-v02.api.letsencrypt.org/directory
@@ -26,3 +23,6 @@
domain: {{ .Global.PrivateDomain }}
contactEmail: {{ .Global.ContactEmail }}
gandiAPIToken: {{ .Values.GandiAPIToken }}
+ apiConfigMap:
+ name: {{ .Values.APIConfigMap.Name }}
+ namespace: {{ .Values.APIConfigMap.Namespace }}
diff --git a/core/installer/values-tmpl/certificate-issuer-public.yaml b/core/installer/values-tmpl/certificate-issuer-public.yaml
index 5755f0f..bcf0079 100644
--- a/core/installer/values-tmpl/certificate-issuer-public.yaml
+++ b/core/installer/values-tmpl/certificate-issuer-public.yaml
@@ -17,10 +17,6 @@
namespace: {{ .Global.Id }}
interval: 1m0s
values:
- pcloudInstanceId: {{ .Global.Id }}
- certManager:
- namespace: {{ .Global.PCloudEnvName }}-cert-manager
- gandiWebhookSecretReader: {{ .Global.PCloudEnvName }}-cert-manager-webhook-gandi
issuer:
name: {{ .Global.Id }}-public
server: https://acme-v02.api.letsencrypt.org/directory
diff --git a/core/installer/welcome/env.go b/core/installer/welcome/env.go
index c11770c..c0f2f01 100644
--- a/core/installer/welcome/env.go
+++ b/core/installer/welcome/env.go
@@ -564,6 +564,20 @@
}
}
{
+ app, err := appsRepo.Find("certificate-issuer-private")
+ if err != nil {
+ return err
+ }
+ if err := appManager.Install(*app, nsGen, emptySuffixGen, map[string]any{
+ "APIConfigMap": map[string]any{
+ "Name": "api-config", // TODO(gio): take from global pcloud config
+ "Namespace": fmt.Sprintf("%s-dns-zone-manager", pcloudEnvName),
+ },
+ }); err != nil {
+ return err
+ }
+ }
+ {
app, err := appsRepo.Find("core-auth")
if err != nil {
return err
diff --git a/core/installer/welcome/welcome.go b/core/installer/welcome/welcome.go
index e13ec3a..04e0792 100644
--- a/core/installer/welcome/welcome.go
+++ b/core/installer/welcome/welcome.go
@@ -118,19 +118,6 @@
}
appsRepo := installer.NewInMemoryAppRepository(installer.CreateAllApps())
{
- app, err := appsRepo.Find("certificate-issuer-private")
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- if err := appManager.Install(*app, nsGen, suffixGen, map[string]any{
- "GandiAPIToken": req.GandiAPIToken,
- }); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- }
- {
app, err := appsRepo.Find("headscale-user")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)