basic: create and use letsencrypt staging issuer

basic/apps/dev/gitea-values-configmap.yaml

@@ -10,6 +10,7 @@ data:
       enabled: true
       annotations:
         kubernetes.io/tls-acme: "true"
+        certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
       hosts:
         - host: "dev.${domain}"
           paths:
@@ -19,7 +20,6 @@ data:
         - secretName: gitea-tls
           hosts:
             - "dev.${domain}"
-            - "tempdev.${domain}"
     gitea:
       oauth:
         - name: Stackspin

basic/apps/do/vikunja-values-configmap.yaml

@@ -29,6 +29,7 @@ data:
         primary: false
         annotations:
           kubernetes.io/tls-acme: "true"
+          certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
         hosts:
           - host: "do.${domain}"
             paths:
@@ -38,7 +39,6 @@ data:
           - secretName: vikunja
             hosts:
               - "do.${domain}"
-              - "tempdo.${domain}"
     additionalContainers:
       api:
         image: vikunja/api:0.18.1

basic/apps/people/suitecrm-values-configmap.yaml

@@ -10,6 +10,7 @@ data:
       enabled: true
       annotations:
         kubernetes.io/tls-acme: "true"
+        certmanager.k8s.io/cluster-issuer: letsencrypt-issuer-staging
       hostname: "people.${domain}"
       tls: true
       #  - secretName: suitecrm-tls

basic/overrides/cluster-issuer-staging.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-issuer-staging
+spec:
+  acme:
+    email: ${admin_email}
+    # overwrite this to "https://acme-staging-v02.api.letsencrypt.org/directory" for staging
+    server: "https://acme-staging-v02.api.letsencrypt.org/directory"
+    privateKeySecretRef:
+      # Secret resource used to store the account's private key.
+      name: letsencrypt-account-key
+    # Enable the HTTP01 challenge mechanism for this Issuer
+    solvers:
+    - http01:
+        ingress:
+          class: nginx