use cert-manager to mock cert.

labring · Jul 19, 2023 · d1ea5d9 · d1ea5d9
1 parent 650c00f
commit d1ea5d9
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 80 deletions.
diff --git a/deploy/cloud/manifests/mock-cert-job.yaml.tmpl b/deploy/cloud/manifests/mock-cert-job.yaml.tmpl
diff --git a/deploy/cloud/manifests/mock-cert.yaml.tmpl b/deploy/cloud/manifests/mock-cert.yaml.tmpl
@@ -0,0 +1,27 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: sealos-cloud
+  namespace: sealos-system
+spec:
+  secretName: wildcard-cert
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+  commonName: {{ .cloudDomain }}
+  dnsNames:
+    - '{{ .cloudDomain }}'
+    - '*.{{ .cloudDomain }}'
+  secretTemplate:
+    annotations:
+      reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
+      reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: sealos,\w+-system,\w+-frontend,ns-[\-a-z0-9]*
+      reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
+      reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: sealos,\w+-system,\w+-frontend,ns-[\-a-z0-9]*
diff --git a/deploy/cloud/scripts/init.sh b/deploy/cloud/scripts/init.sh
@@ -13,8 +13,8 @@ function read_env {
 function create_tls_secret {
   if grep -q $tlsCrtPlaceholder manifests/tls-secret.yaml; then
     echo "mock tls secret"
-    kubectl apply -f manifests/mock-cert-job.yaml
-    echo "mock tls job has been created successfully."
+    kubectl apply -f manifests/mock-cert.yaml
+    echo "mock tls cert has been created successfully."
   else
     echo "tls secret is already set"
     kubectl apply -f manifests/tls-secret.yaml