From 3809e6778e18474927fe3d4dfa90823979f973bd Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Fri, 1 Jul 2022 21:54:48 +0100
Subject: [PATCH] basic: create and use letsencrypt staging issuer

---
 basic/apps/dev/gitea-values-configmap.yaml     |  2 +-
 basic/apps/do/vikunja-values-configmap.yaml    |  2 +-
 .../apps/people/suitecrm-values-configmap.yaml |  1 +
 basic/overrides/cluster-issuer-staging.yaml    | 18 ++++++++++++++++++
 4 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 basic/overrides/cluster-issuer-staging.yaml

diff --git a/basic/apps/dev/gitea-values-configmap.yaml b/basic/apps/dev/gitea-values-configmap.yaml
index 973627c..f2bad1f 100644
--- a/basic/apps/dev/gitea-values-configmap.yaml
+++ b/basic/apps/dev/gitea-values-configmap.yaml
@@ -10,6 +10,7 @@ data:
       enabled: true
       annotations:
         kubernetes.io/tls-acme: "true"
+        certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
       hosts:
         - host: "dev.${domain}"
           paths:
@@ -19,7 +20,6 @@ data:
         - secretName: gitea-tls
           hosts:
             - "dev.${domain}"
-            - "tempdev.${domain}"
     gitea:
       oauth:
         - name: Stackspin
diff --git a/basic/apps/do/vikunja-values-configmap.yaml b/basic/apps/do/vikunja-values-configmap.yaml
index ca8abff..70ff3db 100644
--- a/basic/apps/do/vikunja-values-configmap.yaml
+++ b/basic/apps/do/vikunja-values-configmap.yaml
@@ -29,6 +29,7 @@ data:
         primary: false
         annotations:
           kubernetes.io/tls-acme: "true"
+          certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
         hosts:
           - host: "do.${domain}"
             paths:
@@ -38,7 +39,6 @@ data:
           - secretName: vikunja
             hosts:
               - "do.${domain}"
-              - "tempdo.${domain}"
     additionalContainers:
       api:
         image: vikunja/api:0.18.1
diff --git a/basic/apps/people/suitecrm-values-configmap.yaml b/basic/apps/people/suitecrm-values-configmap.yaml
index afd5bde..6d90d96 100644
--- a/basic/apps/people/suitecrm-values-configmap.yaml
+++ b/basic/apps/people/suitecrm-values-configmap.yaml
@@ -10,6 +10,7 @@ data:
       enabled: true
       annotations:
         kubernetes.io/tls-acme: "true"
+        certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
       hostname: "people.${domain}"
       tls: true
       #  - secretName: suitecrm-tls
diff --git a/basic/overrides/cluster-issuer-staging.yaml b/basic/overrides/cluster-issuer-staging.yaml
new file mode 100644
index 0000000..c1e38a6
--- /dev/null
+++ b/basic/overrides/cluster-issuer-staging.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-issuer-staging
+spec:
+  acme:
+    email: ${admin_email}
+    # overwrite this to "https://acme-staging-v02.api.letsencrypt.org/directory" for staging
+    server: "https://acme-staging-v02.api.letsencrypt.org/directory"
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: letsencrypt-account-key
+    # Enable the HTTP01 challenge mechanism for this Issuer
+    solvers:
+    - http01:
+        ingress:
+          class: nginx