diff --git a/deployment/digital-ocean/https/README.md b/deployment/digital-ocean/https/README.md index 73b68a548..18b177462 100644 --- a/deployment/digital-ocean/https/README.md +++ b/deployment/digital-ocean/https/README.md @@ -3,7 +3,7 @@ {% tabs %} {% tab title="Helm 3" %} -Follow [this quick start guide](https://cert-manager.io/docs/installation/kubernetes/) and install certmanager via Helm 3: +Follow [this quick start guide](https://cert-manager.io/next-docs/installation/kubernetes/) and install certmanager via Helm 3: ## … Via Kubernetes Directly @@ -74,7 +74,7 @@ $ kubectl describe -n ocelot-social certificate tls $ kubectl describe -n ocelot-social secret tls ``` -If everything looks good, update the issuer of your ingress. Change the annotation `certmanager.k8s.io/issuer` from `letsencrypt-testing` (in the cert-manager docs named `letsencrypt-staging`) to `letsencrypt-production` in your ingress configuration in `ingress.yaml`. +If everything looks good, update the issuer of your ingress. Change the annotation `cert-manager.io/issuer` from `letsencrypt-staging` (for testing without getting a real certificate) to `letsencrypt-prod` (for production) in your ingress configuration in `ingress.yaml`. ```bash # in folder deployment/digital-ocean/https/ diff --git a/deployment/digital-ocean/https/templates/ingress.template.yaml b/deployment/digital-ocean/https/templates/ingress.template.yaml index a910b2b9a..36733507e 100644 --- a/deployment/digital-ocean/https/templates/ingress.template.yaml +++ b/deployment/digital-ocean/https/templates/ingress.template.yaml @@ -5,8 +5,8 @@ metadata: namespace: ocelot-social annotations: kubernetes.io/ingress.class: "nginx" - certmanager.k8s.io/issuer: "letsencrypt-testing" - certmanager.k8s.io/acme-challenge-type: http01 + cert-manager.io/issuer: "letsencrypt-staging" + # DEPRECATED certmanager.k8s.io/acme-challenge-type: http01 nginx.ingress.kubernetes.io/proxy-body-size: 6m spec: rules: diff --git a/deployment/digital-ocean/https/templates/issuer.template.yaml b/deployment/digital-ocean/https/templates/issuer.template.yaml index ce6a9e00e..dccccbc1c 100644 --- a/deployment/digital-ocean/https/templates/issuer.template.yaml +++ b/deployment/digital-ocean/https/templates/issuer.template.yaml @@ -1,9 +1,9 @@ --- # used while installation as first setup for testing purposes, recognize 'server: https://acme-staging-v02…' - apiVersion: certmanager.k8s.io/v1alpha1 + apiVersion: certmanager.k8s.io/v1 kind: Issuer metadata: - name: letsencrypt-testing + name: letsencrypt-staging namespace: ocelot-social spec: acme: @@ -13,15 +13,15 @@ email: user@example.com # Name of a secret used to store the ACME account private key privateKeySecretRef: - name: letsencrypt-testing + name: letsencrypt-staging # Enable the HTTP-01 challenge provider http01: {} --- # used after installation for production, recognize 'server: https://acme-v02…' - apiVersion: certmanager.k8s.io/v1alpha1 + apiVersion: certmanager.k8s.io/v1 kind: Issuer metadata: - name: letsencrypt-production + name: letsencrypt-prod namespace: ocelot-social spec: acme: @@ -31,6 +31,6 @@ email: user@example.com # Name of a secret used to store the ACME account private key privateKeySecretRef: - name: letsencrypt-production + name: letsencrypt-prod # Enable the HTTP-01 challenge provider http01: {} diff --git a/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-production.yaml b/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-prod.yaml similarity index 89% rename from deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-production.yaml rename to deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-prod.yaml index 2a297cad2..e46c1f0b3 100644 --- a/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-production.yaml +++ b/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-prod.yaml @@ -1,7 +1,7 @@ apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: - name: letsencrypt-production + name: letsencrypt-prod labels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} @@ -13,7 +13,7 @@ spec: server: https://acme-v02.api.letsencrypt.org/directory email: {{ .Values.supportEmail }} privateKeySecretRef: - name: letsencrypt-production + name: letsencrypt-prod solvers: - http01: ingress: diff --git a/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-testing.yaml b/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-staging.yaml similarity index 90% rename from deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-testing.yaml rename to deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-staging.yaml index b5eef1f71..531b2075b 100644 --- a/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-testing.yaml +++ b/deployment/helm/ocelot.social/templates/cluster-issuers/letsencrypt-staging.yaml @@ -1,7 +1,7 @@ apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: - name: letsencrypt-testing + name: letsencrypt-staging labels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} @@ -13,7 +13,7 @@ spec: server: https://acme-staging-v02.api.letsencrypt.org/directory email: {{ .Values.supportEmail }} privateKeySecretRef: - name: letsencrypt-testing + name: letsencrypt-staging solvers: - http01: ingress: diff --git a/deployment/helm/ocelot.social/values.yaml b/deployment/helm/ocelot.social/values.yaml index 259464a9f..42eed0c7b 100644 --- a/deployment/helm/ocelot.social/values.yaml +++ b/deployment/helm/ocelot.social/values.yaml @@ -19,7 +19,7 @@ image: # pullPolicy indicates when, if ever, pods pull a new image from docker hub. pullPolicy: IfNotPresent # letsencryptIssuer is used by cert-manager to set up certificates with the given provider. -letsencryptIssuer: "letsencrypt-production" +letsencryptIssuer: "letsencrypt-prod" # neo4jConfig changes any default neo4j config/adds it. neo4jConfig: # acceptLicenseAgreement is used to agree to the license agreement for neo4j's enterprise edition.