From 4c41bc3a3f6208d453dc17064b8598752fd4114a Mon Sep 17 00:00:00 2001 From: jordan Date: Thu, 29 Jan 2026 01:29:34 -0700 Subject: [PATCH] fix: Use cluster-issuer for TLS certs in project deploys The deployer was using cert-manager.io/issuer (namespace-scoped) referencing letsencrypt-threesix which only exists in the threesix namespace. Projects deploy to the projects namespace, so changed to cert-manager.io/cluster-issuer with letsencrypt-prod. Co-Authored-By: Claude Opus 4.5 --- cmd/rdev-api/config.go | 2 +- internal/adapter/deployer/resources.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/rdev-api/config.go b/cmd/rdev-api/config.go index 92855e1..165c1e0 100644 --- a/cmd/rdev-api/config.go +++ b/cmd/rdev-api/config.go @@ -105,7 +105,7 @@ func loadConfig() Config { CloudflareZoneID: os.Getenv("CLOUDFLARE_ZONE_ID"), DefaultDomain: getEnv("DEFAULT_DOMAIN", "threesix.ai"), DeployNamespace: getEnv("DEPLOY_NAMESPACE", "projects"), - DeployTLSIssuer: getEnv("DEPLOY_TLS_ISSUER", "letsencrypt-threesix"), + DeployTLSIssuer: getEnv("DEPLOY_TLS_ISSUER", "letsencrypt-prod"), ClusterIP: getEnv("CLUSTER_IP", "208.122.204.172"), RegistryURL: getEnv("REGISTRY_URL", "zot.threesix.svc.cluster.local:5000"), WoodpeckerURL: getEnv("WOODPECKER_URL", "https://ci.threesix.ai"), diff --git a/internal/adapter/deployer/resources.go b/internal/adapter/deployer/resources.go index 384295e..49240ba 100644 --- a/internal/adapter/deployer/resources.go +++ b/internal/adapter/deployer/resources.go @@ -200,7 +200,7 @@ func (d *Deployer) createOrUpdateIngress(ctx context.Context, spec domain.Deploy annotations := map[string]string{} if d.config.TLSIssuer != "" { - annotations["cert-manager.io/issuer"] = d.config.TLSIssuer + annotations["cert-manager.io/cluster-issuer"] = d.config.TLSIssuer } ingress := d.buildIngress(spec, ns, pathType, ingressClass, tlsSecretName, annotations)