chart 0.7.3 — slug-suffix per-tenant ClusterIssuer (qsoft2 SSL fix)
cluster-issuer.yaml: name → letsencrypt-prod-{{ tenant.slug }}, hard-pin
apiTokenSecretRef.name to cloudflare-api-token-{{ tenant.slug }} so it
matches the ESO-created Secret. ACME account key also slug-suffixed
for tenant isolation. Pre-0.7.3 the unsuffixed letsencrypt-prod
mismatched what instance.go:504 stamps into per-instance Certificates
(letsencrypt-prod-<slug>), so cert-manager logged 'Referenced
ClusterIssuer not found' and erp2 served Traefik default cert forever.
tenants-wildcard-cert.yaml: issuerRef.name → letsencrypt-prod-{{ $.Values.tenant.slug }}
to match the renamed ClusterIssuer.
values.yaml: secrets.cloudflareTokenSecret block deprecated (the chart
no longer reads it; kept for back-compat with external overrides).
Diagnosed in the qsoft2 migrate test 2026-05-09.
This commit is contained in:
OdooSky v3
@@ -23,8 +23,8 @@ description: |
|
||||
Git).
|
||||
|
||||
type: application
|
||||
version: 0.7.2
|
||||
appVersion: "0.7.2"
|
||||
version: 0.7.3
|
||||
appVersion: "0.7.3"
|
||||
|
||||
# All 4 subcharts now resolve from registry.odoosky.cloud (mirrored
|
||||
# 2026-05-08). Mirror-first discipline + China-region readiness: a
|
||||
|
||||
Reference in New Issue
Block a user