From bc7f4b08edcb0b16e4fb329ab90f97d348546492 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Sat, 28 Nov 2020 15:01:20 -0800
Subject: [PATCH] More bugfixes, ingress certs

---
 .../templates/ingress-certificate.yaml        | 23 +++++++++++++++++--
 .../templates/ingress-gateway.yaml            |  6 ++---
 charts/kubezero-istio-ingress/values.yaml     |  2 ++
 charts/kubezero-istio/update.sh               |  2 +-
 charts/kubezero-metrics/values.yaml           |  4 ++++
 5 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/charts/kubezero-istio-ingress/templates/ingress-certificate.yaml b/charts/kubezero-istio-ingress/templates/ingress-certificate.yaml
index 5ea0ad0..fbb2fee 100644
--- a/charts/kubezero-istio-ingress/templates/ingress-certificate.yaml
+++ b/charts/kubezero-istio-ingress/templates/ingress-certificate.yaml
@@ -2,15 +2,34 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: public-ingress-cert
+  name: ingress-cert
   namespace: {{ .Release.Namespace }}
   labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 spec:
-  secretName: public-ingress-cert
+  secretName: ingress-cert
   issuerRef:
     name: letsencrypt-dns-prod
     kind: ClusterIssuer
   dnsNames:
 {{ toYaml (index .Values "istio-ingress" "dnsNames") | indent 4 }}
 {{- end }}
+
+{{- if index .Values "istio-private-ingress" "dnsNames" }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: private-ingress-cert
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+spec:
+  secretName: private-ingress-cert
+  issuerRef:
+    name: letsencrypt-dns-prod
+    kind: ClusterIssuer
+  dnsNames:
+{{ toYaml (index .Values "istio-private-ingress" "dnsNames") | indent 4 }}
+{{- end }}
+
diff --git a/charts/kubezero-istio-ingress/templates/ingress-gateway.yaml b/charts/kubezero-istio-ingress/templates/ingress-gateway.yaml
index 319ead6..4995ee0 100644
--- a/charts/kubezero-istio-ingress/templates/ingress-gateway.yaml
+++ b/charts/kubezero-istio-ingress/templates/ingress-gateway.yaml
@@ -28,7 +28,7 @@ spec:
       mode: SIMPLE
       privateKey: /etc/istio/ingressgateway-certs/tls.key
       serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: ingress-cert
 {{- end }}
 
 {{- if and (index .Values "istio-private-ingress" "enabled") (index .Values "istio-private-ingress" "dnsNames") }}
@@ -62,7 +62,7 @@ spec:
       mode: SIMPLE
       privateKey: /etc/istio/ingressgateway-certs/tls.key
       serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: private-ingress-cert
   - port:
       number: 5672
       name: amqp
@@ -85,7 +85,7 @@ spec:
       mode: SIMPLE
       privateKey: /etc/istio/ingressgateway-certs/tls.key
       serverCertificate: /etc/istio/ingressgateway-certs/tls.crt
-      credentialName: public-ingress-cert
+      credentialName: private-ingress-cert
   - port:
       number: 6379
       name: redis
diff --git a/charts/kubezero-istio-ingress/values.yaml b/charts/kubezero-istio-ingress/values.yaml
index 0129098..5d57615 100644
--- a/charts/kubezero-istio-ingress/values.yaml
+++ b/charts/kubezero-istio-ingress/values.yaml
@@ -11,6 +11,8 @@ global:
   defaultPodDisruptionBudget:
     enabled: false
 
+  arch:
+    amd64: 2
 
 istio-ingress:
   enabled: false
diff --git a/charts/kubezero-istio/update.sh b/charts/kubezero-istio/update.sh
index dee4b6a..648dc6d 100755
--- a/charts/kubezero-istio/update.sh
+++ b/charts/kubezero-istio/update.sh
@@ -30,4 +30,4 @@ cp -r istio-${ISTIO_VERSION}/manifests/charts/gateways/istio-ingress ../kubezero
 sed -i -e 's/name: istio-ingress/name: istio-private-ingress/' ../kubezero-istio-ingress/charts/istio-private-ingress/Chart.yaml
 
 # Get matching istioctl
-# [ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
+[ -x istioctl ] && [ "$(./istioctl version --remote=false)" == $ISTIO_VERSION ] || { curl -sL https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istioctl-${ISTIO_VERSION}-linux-amd64.tar.gz | tar xz; chmod +x istioctl; }
diff --git a/charts/kubezero-metrics/values.yaml b/charts/kubezero-metrics/values.yaml
index 2f20d6a..40868fc 100644
--- a/charts/kubezero-metrics/values.yaml
+++ b/charts/kubezero-metrics/values.yaml
@@ -132,6 +132,10 @@ kube-prometheus-stack:
       enabled: false
     testFramework:
       enabled: false
+    # Missing default in prometheus-stack
+    sidecar:
+      notifiers:
+        enabled: false
 
   # Assign state metrics to control plane
   kube-state-metrics: