Dev #1
Dev #1
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR migrates the Consul deployment from using self-signed certificates and local domain names to a production-ready setup using an external LABCA (Lab Certificate Authority) and proper domain configuration. The changes update domain names from consul.local.domain to mylab.lan subdomains and replace the self-signed certificate infrastructure with LABCA ACME configuration.
- Replaced self-signed certificate setup with LABCA ACME issuer configuration
- Updated all domain references from
consul.local.domaintomylab.lansubdomains - Modified certificate management to use external LABCA instead of internal CA
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| consul-deployment/scripts/validate-deployment.sh | Updated HTTPS test endpoint and summary messages to use new domain |
| consul-deployment/scripts/deploy-consul.sh | Changed Consul domain configuration variable |
| consul-deployment/demo-apps/demo2-app-with-mesh.yaml | Updated demo app display information and gateway hostnames |
| consul-deployment/demo-apps/demo-app-with-mesh.yaml | Updated demo app display information and gateway hostnames |
| consul-deployment/certificates/cert-manager-config.yaml | Replaced self-signed issuer with LABCA ACME configuration |
| consul-deployment/certificates/api-gateway-cert.yaml | Updated certificate issuer and DNS names for new domains |
| consul-deployment/api-gateway/gateway-config.yaml | Changed cluster issuer annotation to use LABCA |
| selfSigned: {} | ||
| acme: | ||
| server: https://labca.mylab.lan/acme/acme/directory | ||
| email: [email protected] # Update this to your actual email |
There was a problem hiding this comment.
The email address '[email protected]' appears to be a placeholder. Using a placeholder email in production ACME configuration could cause certificate issuance failures or security issues if the domain doesn't have proper email handling configured.
| email: admin@mylab.lan # Update this to your actual email | |
| email: admin@example.com # Update this to a valid, monitored email address |
Copilot uses AI. Check for mistakes.
| spec: | ||
| ca: | ||
| secretName: ca-key-pair | ||
| secretName: labca-ca-cert |
There was a problem hiding this comment.
The fallback ClusterIssuer references 'labca-ca-cert' secret, but there's no indication that this secret exists or how it should be created. This could cause certificate issuance failures for the ca-issuer.
Copilot uses AI. Check for mistakes.
No description provided.