From fcafe5502c9252d29fe248b93a694f3bb8434480 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Wed, 4 Dec 2024 11:40:06 +0100
Subject: [PATCH] Add cert manager to nextcloud

---
 customers/base/kustomization.yaml                 |  1 +
 customers/base/nextcloud-cert-issuer.yaml         | 15 +++++++++++++++
 customers/base/nextcloud-ingress.yml              |  6 +++---
 .../overlays/nordunet/test/nextcloud-ingress.yml  |  4 +++-
 .../overlays/vinnova/test/nextcloud-ingress.yml   |  4 +++-
 5 files changed, 25 insertions(+), 5 deletions(-)
 create mode 100644 customers/base/nextcloud-cert-issuer.yaml

diff --git a/customers/base/kustomization.yaml b/customers/base/kustomization.yaml
index 62ca38d..d488ad3 100644
--- a/customers/base/kustomization.yaml
+++ b/customers/base/kustomization.yaml
@@ -3,6 +3,7 @@ resources:
   - apache-php-configmap.yml
   - apcu-configmap.yml
   - cli-php-configmap.yml
+  - nextcloud-cert-issuer.yml
   - nextcloud-configmap.yml
   - nextcloud-deployment.yml
   - nextcloud-ingress.yml
diff --git a/customers/base/nextcloud-cert-issuer.yaml b/customers/base/nextcloud-cert-issuer.yaml
new file mode 100644
index 0000000..bc70328
--- /dev/null
+++ b/customers/base/nextcloud-cert-issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: drive@sunet.se
+    privateKeySecretRef:
+      name: letsencrypt
+    solvers:
+      - http01:
+          ingress: 
+            class: nginx
+
diff --git a/customers/base/nextcloud-ingress.yml b/customers/base/nextcloud-ingress.yml
index fb2548f..5c473df 100644
--- a/customers/base/nextcloud-ingress.yml
+++ b/customers/base/nextcloud-ingress.yml
@@ -4,10 +4,10 @@ kind: Ingress
 metadata:
   name: customer-ingress
   annotations:
-    kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
+    cert-manager.io/issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
+  ingressClassName: nginx
   defaultBackend:
     service:
       name: customer-node
diff --git a/customers/overlays/nordunet/test/nextcloud-ingress.yml b/customers/overlays/nordunet/test/nextcloud-ingress.yml
index 7d4e9c2..2746080 100644
--- a/customers/overlays/nordunet/test/nextcloud-ingress.yml
+++ b/customers/overlays/nordunet/test/nextcloud-ingress.yml
@@ -4,8 +4,10 @@ kind: Ingress
 metadata:
   name: customer-ingress
   annotations:
-    kubernetes.io/ingress.class: nginx
+    cert-manager.io/issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
+  ingressClassName: nginx
   tls:
     - hosts:
         - nordunet.drive.test.sunet.se 
diff --git a/customers/overlays/vinnova/test/nextcloud-ingress.yml b/customers/overlays/vinnova/test/nextcloud-ingress.yml
index 23fb18f..ac82344 100644
--- a/customers/overlays/vinnova/test/nextcloud-ingress.yml
+++ b/customers/overlays/vinnova/test/nextcloud-ingress.yml
@@ -4,8 +4,10 @@ kind: Ingress
 metadata:
   name: customer-ingress
   annotations:
-    kubernetes.io/ingress.class: nginx
+    cert-manager.io/issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
 spec:
+  ingressClassName: nginx
   tls:
     - hosts:
         - vinnova.drive.test.sunet.se