More bugfixes, ingress certs

charts/kubezero-istio-ingress/templates/ingress-certificate.yaml

@@ -2,15 +2,34 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: public-ingress-cert
+  name: ingress-cert
   namespace: {{ .Release.Namespace }}
   labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 spec:
-  secretName: public-ingress-cert
+  secretName: ingress-cert
   issuerRef:
     name: letsencrypt-dns-prod
     kind: ClusterIssuer
   dnsNames:
 {{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }}
 {{- end }}
+
+{{- if index .Values "istio-private-ingress" "dnsNames" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: private-ingress-cert
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+spec:
+  secretName: private-ingress-cert
+  issuerRef:
+    name: letsencrypt-dns-prod
+    kind: ClusterIssuer
+  dnsNames:
+{{ toYaml (index .Values "istio-private-ingress" "dnsNames") | indent 4 }}
+{{- end }}
+

charts/kubezero-istio-ingress/templates/ingress-gateway.yaml

@@ -28,7 +28,7 @@ spec:
       mode: SIMPLE
       privateKey: /etc/istio/ingressgateway-certs/tls.key
       serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: ingress-cert
 {{- end }}
 
 {{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
@@ -62,7 +62,7 @@ spec:
       mode: SIMPLE
       privateKey: /etc/istio/ingressgateway-certs/tls.key
       serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: private-ingress-cert
   - port:
       number: 5672
       name: amqp
@@ -85,7 +85,7 @@ spec:
       mode: SIMPLE
       privateKey: /etc/istio/ingressgateway-certs/tls.key
       serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: private-ingress-cert
   - port:
       number: 6379
       name: redis

charts/kubezero-istio-ingress/values.yaml

@@ -11,6 +11,8 @@ global:
   defaultPodDisruptionBudget:
     enabled: false
 
+  arch:
+    amd64: 2
 
 istio-ingress:
   enabled: false

charts/kubezero-istio/update.sh

@@ -30,4 +30,4 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/gateways/istio-ingress ../kubezero
 sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
 
 # Get matching istioctl
-# [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
+[ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }

charts/kubezero-metrics/values.yaml

@@ -132,6 +132,10 @@ kube-prometheus-stack:
       enabled: false
     testFramework:
       enabled: false
+    # Missing default in prometheus-stack
+    sidecar:
+      notifiers:
+        enabled: false
 
   # Assign state metrics to control plane
   kube-state-metrics: