Skip to content

Commit 506f22e

Browse files
detjensrobertdetjensrobert
committed
use challenge domain as cert issuer email
Signed-off-by: Robert Detjens <[email protected]>
1 parent cf19204 commit 506f22e

File tree

2 files changed

+20
-8
lines changed

2 files changed

+20
-8
lines changed

src/asset_files/setup_manifests/letsencrypt.issuers.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ spec:
66
acme:
77
server: https://acme-v02.api.letsencrypt.org/directory"
88
# TODO: use user email?
9-
email: beavercds-prod@example.com
9+
email: beavercds-prod@{{ chal_domain }}
1010
privateKeySecretRef:
1111
name: letsencrypt-secret
1212
solvers:
@@ -23,7 +23,7 @@ spec:
2323
acme:
2424
server: https://acme-staging-v02.api.letsencrypt.org/directory
2525
# TODO: use user email?
26-
email: beavercds-staging@example.com
26+
email: beavercds-staging@{{ chal_domain }}
2727
privateKeySecretRef:
2828
name: letsencrypt-staging-secret
2929
solvers:

src/cluster_setup/mod.rs

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ use tracing::{debug, error, info, trace, warn};
2222

2323
use crate::clients::{apply_manifest_yaml, kube_client};
2424
use crate::configparser::{config, get_config, get_profile_config};
25+
use crate::utils::render_strict;
2526

2627
// Deploy cluster resources needed for challenges to work.
2728
//
@@ -69,9 +70,17 @@ pub async fn install_certmanager(profile: &config::ProfileConfig) -> Result<()>
6970
let client = kube_client(profile).await?;
7071

7172
// letsencrypt and letsencrypt-staging
72-
const ISSUERS_YAML: &str =
73+
const ISSUERS_TEMPLATE: &str =
7374
include_str!("../asset_files/setup_manifests/letsencrypt.issuers.yaml");
74-
apply_manifest_yaml(&client, ISSUERS_YAML).await?;
75+
76+
let issuers_yaml = render_strict(
77+
ISSUERS_TEMPLATE,
78+
minijinja::context! {
79+
chal_domain => profile.challenges_domain
80+
},
81+
)?;
82+
83+
apply_manifest_yaml(&client, &issuers_yaml).await?;
7584

7685
Ok(())
7786
}
@@ -83,11 +92,14 @@ pub async fn install_extdns(profile: &config::ProfileConfig) -> Result<()> {
8392
include_str!("../asset_files/setup_manifests/external-dns.helm.yaml.j2");
8493

8594
// add profile dns: field directly to chart values
86-
let values = minijinja::render!(
95+
let values = render_strict(
8796
VALUES_TEMPLATE,
88-
provider_credentials => serde_yml::to_string(&profile.dns)?,
89-
chal_domain => profile.challenges_domain
90-
);
97+
minijinja::context! {
98+
provider_credentials => serde_yml::to_string(&profile.dns)?,
99+
chal_domain => profile.challenges_domain
100+
},
101+
)?;
102+
91103
trace!("deploying templated external-dns values:\n{}", values);
92104

93105
install_helm_chart(

0 commit comments

Comments
 (0)