Refactor cert-manager and ExternalDNS configurations

- Updated the namespace for the internal wildcard certificate from 'internal' to 'cert-manager'. - Adjusted the DNS zone selectors in Let's Encrypt configurations to use CLOUDFLARE_DOMAIN consistently. - Changed the namespace for the wildcard certificate from 'default' to 'cert-manager'. - Modified ExternalDNS configuration to use OWNER_ID instead of CLUSTER_ID for TXT owner ID. - Cleaned up setup-cert-manager.sh by removing unnecessary internal namespace creation and secret duplication. - Updated certificate wait commands to reflect the new namespace structure. - Simplified the copying of certificates to the example-admin namespace. - Removed test service deployment from setup-externaldns.sh for a cleaner setup process.
2025-05-03 13:51:52 -07:00
parent 84376fb3d5
commit 21d89c2b79
10 changed files with 5683 additions and 44 deletions
--- a/infrastructure_setup/cert-manager/cert-manager.yaml
+++ b/infrastructure_setup/cert-manager/cert-manager.yaml
--- a/infrastructure_setup/cert-manager/internal-wildcard-certificate.yaml
+++ b/infrastructure_setup/cert-manager/internal-wildcard-certificate.yaml
@@ -3,7 +3,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: wildcard-internal-sovereign-cloud
-  namespace: internal
+  namespace: cert-manager
 spec:
  secretName: wildcard-internal-sovereign-cloud-tls
  dnsNames:
--- a/infrastructure_setup/cert-manager/letsencrypt-prod-dns01.yaml
+++ b/infrastructure_setup/cert-manager/letsencrypt-prod-dns01.yaml
@@ -19,7 +19,7 @@ spec:
            key: api-token
      selector:
        dnsZones:
-        - "${CLOUDFLARE_DOMAIN}" # This will cover all subdomains
+        - "${CLOUDFLARE_DOMAIN}"
    # Keep the HTTP-01 solver for non-wildcard certificates
    - http01:
        ingress:
--- a/infrastructure_setup/cert-manager/letsencrypt-staging-dns01.yaml
+++ b/infrastructure_setup/cert-manager/letsencrypt-staging-dns01.yaml
@@ -19,7 +19,7 @@ spec:
            key: api-token
      selector:
        dnsZones:
-        - "${DOMAIN}" # This will cover all subdomains
+        - "${CLOUDFLARE_DOMAIN}"
    # Keep the HTTP-01 solver for non-wildcard certificates
    - http01:
        ingress:
--- a/infrastructure_setup/cert-manager/wildcard-certificate.yaml
+++ b/infrastructure_setup/cert-manager/wildcard-certificate.yaml
@@ -3,7 +3,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: wildcard-sovereign-cloud
-  namespace: default
+  namespace: cert-manager
 spec:
  secretName: wildcard-sovereign-cloud-tls
  dnsNames: