mirror of
https://github.com/cozystack/cozystack.git
synced 2026-03-02 22:59:06 +00:00
02064888a4
<!-- Thank you for making a contribution! Here are some tips for you: - Start the PR title with the [label] of Cozystack component: - For system components: [platform], [system], [linstor], [cilium], [kube-ovn], [dashboard], [cluster-api], etc. - For managed apps: [apps], [tenant], [kubernetes], [postgres], [virtual-machine] etc. - For development and maintenance: [tests], [ci], [docs], [maintenance]. - If it's a work in progress, consider creating this PR as a draft. - Don't hesistate to ask for opinion and review in the community chats, even if it's still a draft. - Add the label `backport` if it's a bugfix that needs to be backported to a previous version. --> ## What this PR does Previously `_cluster.clusterissuer` controlled the ACME solver type using values `http01` / `cloudflare`, and every ingress template hardcoded `cert-manager.io/cluster-issuer: letsencrypt-prod` with no way to override it. This PR adds new parameters in platform chart: - `publishing.certificates.solver` (default `http01`) - `publishing.certificates.issuerName` (default: `letsencrypt-prod`) instead of single parameter before - `publishing.certificates.issuerType` Previous `certificates.issuerType` was renamed to `certificates.solver`; Also its possible value `cloudflare` was renamed to `dns01` to use standard ACME terminology. New `certificates.issuerName` (default: `letsencrypt-prod`) — propagated as `_cluster.issuer-name` to all packages via `cozystack-values` then its value appears in `cert-manager.io/cluster-issuer` annotation across 8 templates of ingresses in system applications. `publishing.certificates.solver` can be set empty to clearly support `selfsigned-cluster-issuer`, or have any value, but it can be a bit confusing. Operators can now point ingresses at any ClusterIssuer (custom ACME, self-signed, internal CA) by setting `certificates.issuerName` without touching individual package templates. ## Breaking changes | What changed | Before | After | |---|---|---| | Solver key | `certificates.issuerType` | `certificates.solver` | | Cloudflare solver value | `issuerType: cloudflare` | `solver: dns01` | This changes handled by migration when upgrading cozystack from v1 or by `migration-to-v1.0.sh` script (also checked by migration later) No actions from user needed. ### Release note <!-- Write a release note: - Explain what has changed internally and for users. - Start with the same [label] as in the PR title - Follow the guidelines at https://github.com/kubernetes/community/blob/master/contributors/guide/release-notes.md. --> ```release-note [platform] Added publishing.certificates.solver (http01/dns01) and publishing.certificates.issuerName fields to allow configuring ACME challenge type and ClusterIssuer per installation, replacing the old implicit issuerType field [platform] Migration script and upgrade hook (migration 32) convert old clusterissuer/issuerType fields to the new solver/issuerName fields ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Migrated certificate issuer configuration from legacy `issuerType` field to new `solver` and `issuerName` fields system-wide. * Automated migration script converts existing configurations, mapping legacy values (cloudflare, http01) to new format. * Updated all certificate-related templates to use new configurable solver and issuer settings with sensible defaults. <!-- end of auto-generated comment: release notes by coderabbit.ai -->