From c77b0de06375193c39fde02afda1a1787970399d Mon Sep 17 00:00:00 2001
From: Vojtech Mares <iam@vojtechmares.com>
Date: Sat, 3 Sep 2022 15:49:22 +0200
Subject: [PATCH] feat: add ClusterIssuer letsencrypt-mareshq

This issuer has the connection to Cloudflare for DNS ACME challenge
---
 _argocd/values.yaml                                |  2 +-
 apps/vault/values.yaml                             |  2 +-
 ...yaml => clusterissuer-letsencrypt-mareshq.yaml} |  4 ++--
 .../templates/clusterissuer-letsencrypt-prod.yaml  | 14 ++++++++++++++
 cluster-components/longhorn/values.yaml            |  2 +-
 cluster-components/monitoring/values.yaml          |  6 +++---
 6 files changed, 22 insertions(+), 8 deletions(-)
 rename cluster-components/cert-manager/templates/{clusterissuer-letsencrypt.yaml => clusterissuer-letsencrypt-mareshq.yaml} (87%)
 create mode 100644 cluster-components/cert-manager/templates/clusterissuer-letsencrypt-prod.yaml

diff --git a/_argocd/values.yaml b/_argocd/values.yaml
index ec5a7f9..beb426e 100644
--- a/_argocd/values.yaml
+++ b/_argocd/values.yaml
@@ -25,7 +25,7 @@ argo-cd:
         - argocd.cloud.mareshq.com
       ingressClassName: nginx
       annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-prod
+        cert-manager.io/cluster-issuer: letsencrypt-mareshq
         kubernetes.io/tls-acme: "true"
         nginx.ingress.kubernetes.io/server-snippet: |
           proxy_ssl_verify off;
diff --git a/apps/vault/values.yaml b/apps/vault/values.yaml
index 0adf80a..dc19063 100644
--- a/apps/vault/values.yaml
+++ b/apps/vault/values.yaml
@@ -10,7 +10,7 @@ vault:
       enabled: true
       ingressClassName: nginx
       annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-prod
+        cert-manager.io/cluster-issuer: letsencrypt-mareshq
       pathType: Prefix
       tls:
       - secretName: vault-tls
diff --git a/cluster-components/cert-manager/templates/clusterissuer-letsencrypt.yaml b/cluster-components/cert-manager/templates/clusterissuer-letsencrypt-mareshq.yaml
similarity index 87%
rename from cluster-components/cert-manager/templates/clusterissuer-letsencrypt.yaml
rename to cluster-components/cert-manager/templates/clusterissuer-letsencrypt-mareshq.yaml
index 425ff37..9e38678 100644
--- a/cluster-components/cert-manager/templates/clusterissuer-letsencrypt.yaml
+++ b/cluster-components/cert-manager/templates/clusterissuer-letsencrypt-mareshq.yaml
@@ -1,13 +1,13 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
+  name: letsencrypt-mareshq
 spec:
   acme:
     email: me+infra@vojtechmares.com
     server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
-      name: letsencrypt-prod
+      name: letsencrypt-mareshq
     solvers:
     - http01:
         ingress:
diff --git a/cluster-components/cert-manager/templates/clusterissuer-letsencrypt-prod.yaml b/cluster-components/cert-manager/templates/clusterissuer-letsencrypt-prod.yaml
new file mode 100644
index 0000000..bc6616e
--- /dev/null
+++ b/cluster-components/cert-manager/templates/clusterissuer-letsencrypt-prod.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: me+infra@vojtechmares.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
diff --git a/cluster-components/longhorn/values.yaml b/cluster-components/longhorn/values.yaml
index 767bfe5..6257fdd 100644
--- a/cluster-components/longhorn/values.yaml
+++ b/cluster-components/longhorn/values.yaml
@@ -7,4 +7,4 @@ longhorn:
     tlsSecret: longhorn-tls
 
     annotations:
-      cert-manager.io/cluster-issuer: letsencrypt-prod
+      cert-manager.io/cluster-issuer: letsencrypt-mareshq
diff --git a/cluster-components/monitoring/values.yaml b/cluster-components/monitoring/values.yaml
index f1c00f3..d296030 100644
--- a/cluster-components/monitoring/values.yaml
+++ b/cluster-components/monitoring/values.yaml
@@ -21,7 +21,7 @@ kube-prometheus-stack:
       enabled: true
       pathType: Prefix
       annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-prod
+        cert-manager.io/cluster-issuer: letsencrypt-mareshq
         # nginx.ingress.kubernetes.io/auth-url: "https://auth.cloud.mareshq.com/oauth2/auth"
         # nginx.ingress.kubernetes.io/auth-signin: "https://auth.cloud.mareshq.com/oauth2/start?rd=$scheme://$host$request_uri"
       hosts:
@@ -47,7 +47,7 @@ kube-prometheus-stack:
       enabled: true
       pathType: Prefix
       annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-prod
+        cert-manager.io/cluster-issuer: letsencrypt-mareshq
       hosts:
         - grafana.cloud.mareshq.com
       paths:
@@ -87,7 +87,7 @@ kube-prometheus-stack:
       enabled: true
       pathType: Prefix
       annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-prod
+        cert-manager.io/cluster-issuer: letsencrypt-mareshq
         # nginx.ingress.kubernetes.io/auth-url: "https://auth.cloud.mareshq.com/oauth2/auth"
         # nginx.ingress.kubernetes.io/auth-signin: "https://auth.cloud.mareshq.com/oauth2/start?rd=$scheme://$host$request_uri"
       hosts: