Don't autogenerate certificate

2018-07-28 10:46:10 +10:00 · 2018-07-28 10:46:10 +10:00 · 36d079f56b
commit 36d079f56b
parent f0d14754a7
2 changed files with 36 additions and 3 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -51,6 +51,7 @@ build_review_deployment:
    paths:
    - k8s/deployment.json
    - k8s/ingress.json
+    - k8s/certificate.json

 build_2019_image:
  image: docker:git
@ -112,6 +113,7 @@ build_2019_image:
  - kubectl config use-context cluster
  - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/deployment.json
  - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/ingress.json
+  - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/certificate.json

  only:
  - /^dev\/.*$/
@ -130,6 +132,7 @@ build_2019_image:
  - kubectl config use-context cluster
  - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/deployment.json
  - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/ingress.json
+  - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/certificate.json
  only:
  - /^dev\/.*$/
  when: manual
--- a/k8s/deployment_template.jsonnet
+++ b/k8s/deployment_template.jsonnet
@ -3,7 +3,7 @@ function (slug, sha) {
  local app = "symposion-app-" + slug,
  local namespace = "rego-review",
  local domain = slug + ".dev.lca2019.org",
-  local tls_secret = domain + "-tls",
+  local tls_secret = slug + "-tls",

  "deployment.json":
    {
@ -157,9 +157,7 @@ function (slug, sha) {
            "name": app,
            "namespace": namespace,
            "annotations": {
-                "certmanager.k8s.io/acme-http01-edit-in-place": "true",
                "kubernetes.io/ingress.class": "nginx-review",
-                "kubernetes.io/tls-acme": "true"
            }
        },
        "spec": {
@ -192,5 +190,37 @@ function (slug, sha) {
                }
            ]
        }
+    },
+  "certificate.json":
+    {
+      "apiVersion": "certmanager.k8s.io/v1alpha1",
+      "kind": "Certificate",
+      "metadata": {
+        "name": slug,
+        "namespace": "rego-review",
+      },
+      "spec": {
+        "acme": {
+          "config": [
+            {
+              "domains": [
+                domain
+                    ],
+              "http01": {
+                      "ingressClass": "nginx-review"
+                    }
+                }
+            ]
+        },
+        "commonName": "",
+        "dnsNames": [
+            domain
+        ],
+        "issuerRef": {
+            "kind": "ClusterIssuer",
+            "name": "letsencrypt-prod"
+        },
+        "secretName": tls_secret
+      }
    }
 }