Switch to a self-signed issuer for default config

vardius · Oct 12, 2019 · 352e372 · 352e372
1 parent 7f9f7e5
commit 352e372
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/helm/app/templates/issuer.yml b/helm/app/templates/issuer.yml
@@ -12,6 +12,9 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
+{{- if .Values.issuer.selfSigned }}
+  selfSigned: {}
+{{- else -}}
   acme:
     server: {{ .Values.issuer.server }}
     email: {{ .Values.issuer.email }}
@@ -36,3 +39,4 @@ spec:
       {{- end }}
   {{- end }}
 {{- end }}
+{{- end }}
diff --git a/helm/app/values.yaml b/helm/app/values.yaml
@@ -21,7 +21,7 @@ magic-namespace:
         name: <group>
 
 ingress:
-  issuerName: letsencrypt
+  issuerName: selfsigned #letsencrypt
   issuerKind: Issuer
   class: nginx
   annotations:
@@ -70,7 +70,7 @@ heapster:
 
 cert-manager:
   ingressShim:
-    defaultIssuerName: letsencrypt
+    defaultIssuerName: selfsigned #letsencrypt
     defaultIssuerKind: Issuer
   # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer
   # resources. By default, the same namespace as cert-manager is deployed within is
@@ -82,12 +82,15 @@ cert-manager:
     # - --cluster-resource-namespace=go-api-boilerplate
 
 issuer:
-  name: letsencrypt
+  name: selfsigned
   kind: Issuer
-  server: https://acme-v02.api.letsencrypt.org/directory
-  email: [email protected]
-  secretName: go-api-boilerplate-tls
-  http01: true
+  selfSigned: true
+  # name: letsencrypt
+  # kind: Issuer
+  # server: https://acme-v02.api.letsencrypt.org/directory
+  # email: [email protected]
+  # secretName: go-api-boilerplate-tls
+  # http01: true
 
 phpmyadmin:
   service: