fix: Use cluster-issuer for TLS certs in project deploys

The deployer was using cert-manager.io/issuer (namespace-scoped) referencing letsencrypt-threesix which only exists in the threesix namespace. Projects deploy to the projects namespace, so changed to cert-manager.io/cluster-issuer with letsencrypt-prod. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-29 01:29:34 -07:00 · 2026-01-29 01:29:34 -07:00 · 4c41bc3a3f
commit 4c41bc3a3f
parent aa6fa4ebdf
2 changed files with 2 additions and 2 deletions
--- a/cmd/rdev-api/config.go
+++ b/cmd/rdev-api/config.go
@ -105,7 +105,7 @@ func loadConfig() Config {
 		CloudflareZoneID:        os.Getenv("CLOUDFLARE_ZONE_ID"),
 		DefaultDomain:           getEnv("DEFAULT_DOMAIN", "threesix.ai"),
 		DeployNamespace:         getEnv("DEPLOY_NAMESPACE", "projects"),
-		DeployTLSIssuer:         getEnv("DEPLOY_TLS_ISSUER", "letsencrypt-threesix"),
+		DeployTLSIssuer:         getEnv("DEPLOY_TLS_ISSUER", "letsencrypt-prod"),
 		ClusterIP:               getEnv("CLUSTER_IP", "208.122.204.172"),
 		RegistryURL:             getEnv("REGISTRY_URL", "zot.threesix.svc.cluster.local:5000"),
 		WoodpeckerURL:           getEnv("WOODPECKER_URL", "https://ci.threesix.ai"),
--- a/internal/adapter/deployer/resources.go
+++ b/internal/adapter/deployer/resources.go
@ -200,7 +200,7 @@ func (d *Deployer) createOrUpdateIngress(ctx context.Context, spec domain.Deploy

 	annotations := map[string]string{}
 	if d.config.TLSIssuer != "" {
-		annotations["cert-manager.io/issuer"] = d.config.TLSIssuer
+		annotations["cert-manager.io/cluster-issuer"] = d.config.TLSIssuer
 	}

 	ingress := d.buildIngress(spec, ns, pathType, ingressClass, tlsSecretName, annotations)