xenit-eu · pvriel · Feb 3, 2025 · Feb 3, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 chronology things are added/fixed/changed and - where possible - links to the PRs involved.
 
 ### Changes
+[v0.8.9]
+* Introduced the `ingress.clusterIssuer` option to specify the cluster issuer for the ingress.
+
 [v0.8.8]
 * Introduced the `persistentStorage.aws.efs.storageClass.enableIfRequired`
 option, which can be used to prevent the AWS `efs-storage-class` from being created.

diff --git a/README.md b/README.md
@@ -268,20 +268,30 @@ nginx rules to redirect the normal pages to a 503 maintenance page.
   Replacement for `kubernetes.io/ingress.class` annotation since it's deprecation in k8s 1.18. 
   Set to `null` to allow usage of `kubernetes.io/ingress.class` in the `ingress.ingressAnnotations` dict.
 
+### `ingress.clusterIssuer`
+
+* Required: true
+* Default: `letsencrypt-production`
+* Description: Reference name for the cert-manager ClusterIssuer to be used. 
+  This is used to request a certificate for the ingress host.
+  This property adds the `cert-manager.io/cluster-issuer` annotation to the ingress.
+  If you don't want a certificate, set this to an empty string.
+
 #### `ingress.ingressAnnotations`
 
 * Required: false
 * Default:
   ```
     kubernetes.io/ingress.class: "nginx"
-    cert-manager.io/cluster-issuer: "letsencrypt-production"
   ```
 * Description: Annotations for ingress.
 * Remarks:
   * The default value of `kubernetes.io/ingress.class: "nginx"` will be filtered
   out if the `ingress.ingressClass` is set (This includes the default value). 
   The `kubernetes.io/ingress.class` is deprecated since k8s v1.18, but some setups still rely on it.
   Hence it can still be set and used if `ingress.ingressClass` is set to `null`.
+  * Do not use this for the `cert-manager.io/cluster-issuer` annotation;
+    use `ingress.clusterIssuer` instead.
 
 #### `ingress.additionalPaths`
 

diff --git a/xenit-alfresco/templates/ingress/alfresco-ingress.yaml b/xenit-alfresco/templates/ingress/alfresco-ingress.yaml
@@ -5,6 +5,9 @@ metadata:
   name: alfresco-ingress
   namespace: {{ .Release.Namespace | quote }}
   annotations:
+    {{- if and (.Values.ingress.clusterIssuer) (not (eq .Values.ingress.clusterIssuer "")) }}
+    cert-manager.io/cluster-issuer: {{ .Values.ingress.clusterIssuer | quote }}
+    {{- end }}
     {{- if .Values.ingress.ingressAnnotations }}
     {{- /*
       See https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation

diff --git a/xenit-alfresco/values.yaml b/xenit-alfresco/values.yaml
@@ -21,11 +21,11 @@ general:
       selfManaged: false
 
 ingress:
+  clusterIssuer: "letsencrypt-production"
   ingressClass: "nginx"
   protocol: 'https'
   ingressAnnotations:
     kubernetes.io/ingress.class: "nginx"
-    cert-manager.io/cluster-issuer: "letsencrypt-production"
   defaultPath:
     service: nginx-default-service
     port: 30403