Fix path error in GH token output (#42)

Update templates to disambiguate TLS and Cert secrets
NeonGeckoCom · Sep 6, 2023 · 1bda191 · 1bda191
1 parent 363a0d9
commit 1bda191
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 5 deletions.
diff --git a/neon_diana_utils/configuration.py b/neon_diana_utils/configuration.py
@@ -359,7 +359,7 @@ def configure_backend(username: str = None,
                 gh_username = click.prompt("GitHub username", type=str)
                 gh_token = click.prompt("GitHub Token with `read:packages` "
                                         "permission", type=str)
-                gh_secret_path = join(output_path, "templates",
+                gh_secret_path = join(output_path, "diana-backend", "templates",
                                       "secret_gh_token.yaml")
                 create_github_secret(gh_username, gh_token, gh_secret_path)
                 click.echo(f"Generated GH secret at {gh_secret_path}")

diff --git a/neon_diana_utils/helm_charts/diana-backend/values.yaml b/neon_diana_utils/helm_charts/diana-backend/values.yaml
@@ -11,8 +11,8 @@ configSecret: diana-config
 # Note: Changes here need to be reflected in all MQ containers
 
 letsencrypt:
-  sslSecret: letsencrypt-ssl
-  # Note: This should match `diana-http.ingress.tlsSecretName
+  sslSecret: &ssl_secret letsencrypt-private-key
+  # Note: This MUST match `diana-http.ingress.certIssuer
   server: https://acme-staging-v02.api.letsencrypt.org/directory
   email: developers@neon.ai
   # TODO: Update server and email to valid options
@@ -38,7 +38,8 @@ rabbitmq:
 diana-http:
   domain: *domain
   ingress:
-    tlsSecretName: letsencrypt-ssl
+    certIssuer: *ssl_secret
+    tlsSecretName: letsencrypt-tls-secret
     extraRules:
       - host: mqadmin
         serviceName: *name_rmq

diff --git a/neon_diana_utils/helm_charts/http-services/templates/ingress.yaml b/neon_diana_utils/helm_charts/http-services/templates/ingress.yaml
@@ -13,7 +13,7 @@ metadata:
   name: ingress-diana-http
   annotations:
     kubernetes.io/ingress.class: {{ .Values.ingress.ingressClassName }}
-    cert-manager.io/issuer: {{ .Values.ingress.tlsSecretName }}
+    cert-manager.io/issuer: {{ .Values.ingress.certIssuer }}
 spec:
   tls:
     - secretName: {{ .Values.ingress.tlsSecretName }}

diff --git a/neon_diana_utils/helm_charts/http-services/values.yaml b/neon_diana_utils/helm_charts/http-services/values.yaml
@@ -53,6 +53,7 @@ ingress:
   enabled: True
   ingressClassName: nginx
   tlsSecretName: tls-letsencrypt-prod
+  certIssuer: letsencrypt-private-key
   rules:
     - host: *host_libretranslate
       serviceName: libretranslate