From 36d079f56b969369950d8751ba64aadd8f89eb53 Mon Sep 17 00:00:00 2001
From: James Polley <jp@jamezpolley.com>
Date: Sat, 28 Jul 2018 10:46:10 +1000
Subject: [PATCH] Don't autogenerate certificate

---
 .gitlab-ci.yml                  |  3 +++
 k8s/deployment_template.jsonnet | 36 ++++++++++++++++++++++++++++++---
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e8cc29d..4926af63 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -51,6 +51,7 @@ build_review_deployment:
     paths:
     - k8s/deployment.json
     - k8s/ingress.json
+    - k8s/certificate.json
 
 build_2019_image:
   image: docker:git
@@ -112,6 +113,7 @@ build_2019_image:
   - kubectl config use-context cluster
   - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/deployment.json
   - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/ingress.json
+  - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/certificate.json
 
   only:
   - /^dev\/.*$/
@@ -130,6 +132,7 @@ build_2019_image:
   - kubectl config use-context cluster
   - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/deployment.json
   - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/ingress.json
+  - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/certificate.json
   only:
   - /^dev\/.*$/
   when: manual
diff --git a/k8s/deployment_template.jsonnet b/k8s/deployment_template.jsonnet
index 78593f6d..9a874724 100644
--- a/k8s/deployment_template.jsonnet
+++ b/k8s/deployment_template.jsonnet
@@ -3,7 +3,7 @@ function (slug, sha) {
   local app = "symposion-app-" + slug,
   local namespace = "rego-review",
   local domain = slug + ".dev.lca2019.org",
-  local tls_secret = domain + "-tls",
+  local tls_secret = slug + "-tls",
 
   "deployment.json":
     {
@@ -157,9 +157,7 @@ function (slug, sha) {
             "name": app,
             "namespace": namespace,
             "annotations": {
-                "certmanager.k8s.io/acme-http01-edit-in-place": "true",
                 "kubernetes.io/ingress.class": "nginx-review",
-                "kubernetes.io/tls-acme": "true"
             }
         },
         "spec": {
@@ -192,5 +190,37 @@ function (slug, sha) {
                 }
             ]
         }
+    },
+  "certificate.json":
+    {
+      "apiVersion": "certmanager.k8s.io/v1alpha1",
+      "kind": "Certificate",
+      "metadata": {
+        "name": slug,
+        "namespace": "rego-review",
+      },
+      "spec": {
+        "acme": {
+          "config": [
+            {
+              "domains": [
+                domain
+                    ],
+              "http01": {
+                      "ingressClass": "nginx-review"
+                    }
+                }
+            ]
+        },
+        "commonName": "",
+        "dnsNames": [
+            domain
+        ],
+        "issuerRef": {
+            "kind": "ClusterIssuer",
+            "name": "letsencrypt-prod"
+        },
+        "secretName": tls_secret
+      }
     }
 }