fix(alerts): match prometheus root issuer (#658)

* fix(alerts): match prometheus root issuer

Signed-off-by: Richard Tief <richard.tief@sap.com>

* chore(alerts): align test on new certificate name

Signed-off-by: Richard Tief <richard.tief@sap.com>

* chore(alerts): more effective naming for cert-manager resources

Signed-off-by: Richard Tief <richard.tief@sap.com>

* chore(alerts): apply renaming

Signed-off-by: Richard Tief <richard.tief@sap.com>

---------

Signed-off-by: Richard Tief <richard.tief@sap.com>

Author: richardtief

alerts/charts/Chart.yaml

@@ -8,7 +8,7 @@ maintainers:
 name: alerts
 sources:
   - https://github.com/cloudoperators/greenhouse-extensions
-version: 0.19.6
+version: 0.19.7
 keywords:
   - prometheus-alertmanager
 dependencies:

alerts/charts/templates/certmanager.yaml

@@ -5,7 +5,7 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ .Release.Namespace }}-prometheus-issuer
+  name: '{{ .Release.Namespace }}-alerts-issuer'
   labels:
 {{- include "kube-prometheus-stack.labels" . | indent 4 }}
 spec:
@@ -15,44 +15,44 @@ spec:
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ .Release.Namespace }}-prometheus-root-cert
+  name: '{{ .Release.Namespace }}-alerts-root-cert'
   labels:
 {{- include "kube-prometheus-stack.labels" . | indent 4 }}
 spec:
-  secretName: {{ .Release.Namespace  }}-prometheus-root-cert
+  secretName: tls-alerts-{{ .Release.Namespace  }}-root
   duration: {{ .Values.alerts.certManager.rootCert.duration | default "43800h0m0s" | quote }}
   issuerRef:
-    name: {{ .Release.Namespace }}-prometheus-issuer
+    name: {{ .Release.Namespace }}-alerts-issuer
   commonName: "ca.prometheus.greenhouse"
   isCA: true
 ---
 # Create an Issuer that uses the above generated CA certificate to issue certs
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ .Release.Namespace }}-prometheus-root-issuer
+  name: '{{ .Release.Namespace }}-alerts-root-issuer'
   labels:
 {{- include "kube-prometheus-stack.labels" . | indent 4 }}
 spec:
   ca:
-    secretName: {{ .Release.Namespace  }}-prometheus-root-cert
+    secretName: tls-alerts-{{ .Release.Namespace  }}-root-ca
 {{- end }}
 ---
 # generate a server certificate for the alertmanager to use
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ include "kube-prometheus-stack.fullname" . }}-cert
+  name: alertmanager-{{ .Release.Namespace }}-cert
   labels:
 {{- include "kube-prometheus-stack.labels" . | indent 4 }}
 spec:
-  secretName: tls-{{ include "kube-prometheus-stack.fullname" . }}-cert
+  secretName: tls-alertmanager-{{ .Release.Namespace }}
   duration: {{ .Values.alerts.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
   issuerRef:
     {{- if .Values.alerts.certManager.issuerRef }}
     {{- toYaml .Values.alerts.certManager.issuerRef | nindent 4 }}
     {{- else }}
-    name: {{ .Release.Namespace }}-root-issuer
+    name: {{ .Release.Namespace }}-alerts-root-issuer
     {{- end }}
   dnsNames:
   - {{ include "kube-prometheus-stack.fullname" . }}
@@ -76,7 +76,7 @@ spec:
     {{- if .Values.alerts.certManager.issuerRef }}
     {{- toYaml .Values.alerts.certManager.issuerRef | nindent 4 }}
     {{- else }}
-    name: {{ .Release.Namespace }}-root-issuer
+    name: {{ .Release.Namespace }}-alerts-root-issuer
     {{- end }}
   dnsNames:
 {{- if .Values.global.greenhouse.baseDomain }}

alerts/charts/templates/tests/test-alerts-config.yaml

@@ -48,13 +48,13 @@ data:
 
     {{- if and .Values.alerts.alertmanager.ingress.enabled .Values.alerts.alertmanager.ingress.hosts .Values.alerts.certManager.enabled }}
     @test "Generated server certificate for the Prometheus Alertmanager to use" {
-        verify "there is 1 issuer named '{{ .Release.Namespace }}-prometheus-issuer'"
-        verify "there is 1 issuer named '{{ .Release.Namespace }}-prometheus-root-issuer'"
-        verify "there is 1 certificate named '{{ .Release.Namespace }}-prometheus-root-cert'"
-        verify "there is 1 certificate named '{{ include "kube-prometheus-stack.fullname" . }}-cert'"
+        verify "there is 1 issuer named '{{ .Release.Namespace }}-alerts-issuer'"
+        verify "there is 1 issuer named '{{ .Release.Namespace }}-alerts-root-issuer"
+        verify "there is 1 certificate named '{{ .Release.Namespace }}-alerts-root-cert'"
+        verify "there is 1 certificate named 'alertmanager-{{ .Release.Namespace }}-cert'"
         verify "there is 1 certificate named 'prometheus-{{ .Release.Namespace }}-cert'"
-        verify "there is 1 secret named '{{ .Release.Namespace  }}-prometheus-root-cert'"
-        verify "there is 1 secret named 'tls-prometheus-{{ .Release.Namespace }}'"
+        verify "there is 1 secret named 'tls-alertmanager-{{ .Release.Namespace }}'"
+        verify "there is 1 secret named 'tls-prometheus-{{ .Release.Namespace }}"
 
         url="https://{{ first .Values.alerts.alertmanager.ingress.hosts }}/-/healthy"
         run curl --cert /tls-assets/tls.crt --key /tls-assets/tls.key ${url}

alerts/plugindefinition.yaml

@@ -6,7 +6,7 @@ kind: PluginDefinition
 metadata:
   name: alerts
 spec:
-  version: 2.7.6
+  version: 2.7.7
   weight: 0
   displayName: Alerts
   description: The Alerts Plugin consists of both Prometheus Alertmanager and Supernova, the holistic alert management UI
@@ -15,7 +15,7 @@ spec:
   helmChart:
     name: alerts
     repository: oci://ghcr.io/cloudoperators/greenhouse-extensions/charts
-    version: 0.19.6
+    version: 0.19.7
   uiApplication:
     name: supernova
     version: "latest"