feat: handle 100 domains cert limit
Description
Let's Encrypt enforces a 100 domains per certificate limit. This causes problems with cert-manager's ingress certificate provisioning when this limit is exceeded. This MR introduces limits each Ingress TLS section's entry to a 100 domains.
Supporting information
BB-8611
Testing instructions
Steps to test the changes: Deploy an ingress resource with at least 100 domains
Alternatively, if the test instance has less than 100 domains, we can set up Grove locally and modify CERT_LIMIT
to a value lower than the number of the test instance domains.
To do that that, one simple hacky way is modify the installed package directly, e.g.
- set
CERT_LIMIT
to a lower value in<path-to-this-repo>/instances/runtime-theme-sandbox/.venv/lib/python3.11/site-packages/tutorgrove/templates/grove/k8s/ingress.yml
./tutor runtime-theme-sandbox config save
- Check the generated Ingress at
<path-to-this-repo>/instances/runtime-theme-sandbox/env/plugins/grove/k8s/ingress.yml
- Deploy the new ingress by running
/workspace$ kubectl -n <namespace> apply -f instances/<namespace>/env/plugins/grove/k8s/ingress.yml
from within thetools-container
(accessed with./shell
)
Dependencies
List the dependencies required for this change, if any. Do not forget to link grove-template merge request here if that's affected by this change.
Checklist
If any of the items below is not applicable, do not remove them, but put a check in it.
-
Git commit history is clean -
Git commits are following conventional-commit practices -
Unit tests are added/updated -
Documentation is added/updated