From 95e7312153e9e435f6a02c8aca30c5a5b259d18c Mon Sep 17 00:00:00 2001
From: Andrey Kartashov <gorilych@gmail.com>
Date: Sat, 2 Nov 2019 21:06:47 +0700
Subject: [PATCH] use separate certificate for oauth2-proxy

because it's not in default namespace
---
 apps/services/certificate.yaml       | 2 --
 apps/system/oauth2-proxy/values.yaml | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/apps/services/certificate.yaml b/apps/services/certificate.yaml
index a920354..2782ced 100644
--- a/apps/services/certificate.yaml
+++ b/apps/services/certificate.yaml
@@ -18,7 +18,6 @@ spec:
   - router.gorilych.ru
   - seafile.gorilych.ru
   - grafana.gorilych.ru
-  - oauth2.gorilych.ru
   acme:
     config:
     - http01: { ingressClass: nginx }
@@ -31,6 +30,5 @@ spec:
       - router.gorilych.ru
       - seafile.gorilych.ru
       - grafana.gorilych.ru
-      - oauth2.gorilych.ru
 
 
diff --git a/apps/system/oauth2-proxy/values.yaml b/apps/system/oauth2-proxy/values.yaml
index 5dabc00..481a4f5 100644
--- a/apps/system/oauth2-proxy/values.yaml
+++ b/apps/system/oauth2-proxy/values.yaml
@@ -13,10 +13,11 @@ oauth2-proxy:
     enabled: true
     annotations:
       kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: letsencrypt
     hosts:
     - oauth2.gorilych.ru
     tls:
     - hosts:
       - oauth2.gorilych.ru
-      secretName: san-gorilych-ru-tls
+      secretName: oauth2-gorilych-ru-tls