More bugfixes, ingress certs

2020-11-28 15:01:20 -08:00 · 2020-11-28 15:01:20 -08:00 · e27692430e
commit e27692430e
parent 09d2b52f74
5 changed files with 31 additions and 6 deletions
--- a/charts/kubezero-istio-ingress/templates/ingress-certificate.yaml
+++ b/charts/kubezero-istio-ingress/templates/ingress-certificate.yaml
@ -2,15 +2,34 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: public-ingress-cert
+  name: ingress-cert
  namespace: {{ .Release.Namespace }}
  labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 spec:
-  secretName: public-ingress-cert
+  secretName: ingress-cert
  issuerRef:
    name: letsencrypt-dns-prod
    kind: ClusterIssuer
  dnsNames:
 {{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }}
 {{- end }}
+
+{{- if index .Values "istio-private-ingress" "dnsNames" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: private-ingress-cert
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+spec:
+  secretName: private-ingress-cert
+  issuerRef:
+    name: letsencrypt-dns-prod
+    kind: ClusterIssuer
+  dnsNames:
+{{ toYaml (index .Values "istio-private-ingress" "dnsNames") | indent 4 }}
+{{- end }}
+
--- a/charts/kubezero-istio-ingress/templates/ingress-gateway.yaml
+++ b/charts/kubezero-istio-ingress/templates/ingress-gateway.yaml
@ -28,7 +28,7 @@ spec:
      mode: SIMPLE
      privateKey: /etc/istio/ingressgateway-certs/tls.key
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: ingress-cert
 {{- end }}

 {{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
@ -62,7 +62,7 @@ spec:
      mode: SIMPLE
      privateKey: /etc/istio/ingressgateway-certs/tls.key
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: private-ingress-cert
  - port:
      number: 5672
      name: amqp
@ -85,7 +85,7 @@ spec:
      mode: SIMPLE
      privateKey: /etc/istio/ingressgateway-certs/tls.key
      serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: private-ingress-cert
  - port:
      number: 6379
      name: redis
--- a/charts/kubezero-istio-ingress/values.yaml
+++ b/charts/kubezero-istio-ingress/values.yaml
@ -11,6 +11,8 @@ global:
  defaultPodDisruptionBudget:
    enabled: false

+  arch:
+    amd64: 2

 istio-ingress:
  enabled: false
--- a/charts/kubezero-istio/update.sh
+++ b/charts/kubezero-istio/update.sh
@ -30,4 +30,4 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/gateways/istio-ingress ../kubezero
 sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml

 # Get matching istioctl
-# [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
+[ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
--- a/charts/kubezero-metrics/values.yaml
+++ b/charts/kubezero-metrics/values.yaml
@ -132,6 +132,10 @@ kube-prometheus-stack:
      enabled: false
    testFramework:
      enabled: false
+    # Missing default in prometheus-stack
+    sidecar:
+      notifiers:
+        enabled: false

  # Assign state metrics to control plane
  kube-state-metrics: