From 2f2f56cb64470efaa4fcccdeff4557d1c732f863 Mon Sep 17 00:00:00 2001
From: Dylan Leard <dylan@button.is>
Date: Wed, 15 Jan 2025 14:17:49 -0800
Subject: [PATCH 1/4] chore: remove certbot & use apps.silver url for dev/test

---
 Makefile                              |  4 ++--
 chart/cas-cif/Chart.yaml              |  4 ----
 chart/cas-cif/templates/postgres.yaml |  3 ---
 chart/cas-cif/templates/route.yaml    | 16 ----------------
 chart/cas-cif/values-dev.yaml         |  5 +----
 chart/cas-cif/values-prod.yaml        |  3 ---
 chart/cas-cif/values-test.yaml        |  5 +----
 chart/cas-cif/values.yaml             |  6 ------
 shipit.yml                            |  9 ---------
 9 files changed, 4 insertions(+), 51 deletions(-)

diff --git a/Makefile b/Makefile
index 1f1bbe54e6..4e9032fc01 100644
--- a/Makefile
+++ b/Makefile
@@ -248,9 +248,9 @@ install:
 	helm dep up $(CHART_DIR); \
 	if ! helm status --namespace $(NAMESPACE) $(CHART_INSTANCE); then \
 		echo 'Installing the application and issuing SSL certificate'; \
-		helm install --set certbot.manualRun=true $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
+		helm install $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
 	elif [ $(ISSUE_CERT) ]; then \
-		helm upgrade --set certbot.manualRun=true $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
+		helm upgrade $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
 	else \
 		helm upgrade $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
 	fi;
diff --git a/chart/cas-cif/Chart.yaml b/chart/cas-cif/Chart.yaml
index b767dfd77a..1bdf1b0181 100644
--- a/chart/cas-cif/Chart.yaml
+++ b/chart/cas-cif/Chart.yaml
@@ -18,7 +18,3 @@ dependencies:
     repository: https://bcgov.github.io/cas-airflow
     alias: deploy-db
     condition: deploy-db.enabled
-  - name: certbot
-    version: 0.1.3
-    repository: https://bcdevops.github.io/certbot
-    condition: certbot.enabled
diff --git a/chart/cas-cif/templates/postgres.yaml b/chart/cas-cif/templates/postgres.yaml
index d4d868f04d..4754651b46 100644
--- a/chart/cas-cif/templates/postgres.yaml
+++ b/chart/cas-cif/templates/postgres.yaml
@@ -48,7 +48,6 @@ spec:
                   postgres-operator.crunchydata.com/instance-set: pgha1
   proxy:
     pgBouncer:
-      image: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-pgbouncer:ubi8-1.18-0
       resources:
         requests:
           cpu: 10m
@@ -83,7 +82,6 @@ spec:
         - cif
   backups:
     pgbackrest:
-      image: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-pgbackrest:ubi8-2.41-4
     {{- if .Values.db.restore.enabled }}
       restore:
         enabled: true
@@ -114,7 +112,6 @@ spec:
   monitoring:
     pgmonitor:
       exporter:
-        image: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-postgres-exporter:ubi8-5.3.1-0
         resources:
           requests:
             cpu: 50m
diff --git a/chart/cas-cif/templates/route.yaml b/chart/cas-cif/templates/route.yaml
index b4e75bf824..067c8e923b 100644
--- a/chart/cas-cif/templates/route.yaml
+++ b/chart/cas-cif/templates/route.yaml
@@ -1,21 +1,10 @@
 {{- if not (hasSuffix "-prod" .Release.Namespace)}}
 
-{{- $route := (lookup "route.openshift.io/v1" "Route" .Release.Namespace "cas-cif" ) }}
-{{- $certificate := "" }}
-{{- $key := "" }}
-{{- $caCertificate := "" }}
-{{- if $route }}
-{{- $certificate = $route.spec.tls.certificate }}
-{{- $key = $route.spec.tls.key }}
-{{- $caCertificate = $route.spec.tls.caCertificate }}
-{{- end -}}
-
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
   name: {{ template "cas-cif.fullname" . }}
   labels: {{ include "cas-cif.labels" . | nindent 4 }}
-    certbot-managed: "true"
 
 spec:
   host: {{ .Values.hostName }}
@@ -24,11 +13,6 @@ spec:
   tls:
     termination: edge
     insecureEdgeTerminationPolicy: Redirect
-    {{- if $certificate }}
-    certificate: {{ $certificate | quote }}
-    key: {{ $key | quote }}
-    caCertificate: {{ $caCertificate | quote }}
-    {{- end }}
   to:
     kind: Service
     name: {{ template "cas-cif.fullname" . }}
diff --git a/chart/cas-cif/values-dev.yaml b/chart/cas-cif/values-dev.yaml
index ef3db145eb..8015150514 100644
--- a/chart/cas-cif/values-dev.yaml
+++ b/chart/cas-cif/values-dev.yaml
@@ -3,7 +3,7 @@ app:
   sitewide_notice:
     content: <div class="alert alert-warning">This is the DEV environment.</div>
 
-hostName: dev.cif.gov.bc.ca
+hostName: cas-cif-dev.apps.silver.devops.gov.bc.ca
 
 db:
   preUpgradeCommand: |
@@ -18,6 +18,3 @@ deploy-db:
 
 download-dags:
   airflowEndpoint: https://cas-airflow-dev.apps.silver.devops.gov.bc.ca
-
-certbot:
-  enabled: true
diff --git a/chart/cas-cif/values-prod.yaml b/chart/cas-cif/values-prod.yaml
index 520dbdea46..b31202b6e6 100644
--- a/chart/cas-cif/values-prod.yaml
+++ b/chart/cas-cif/values-prod.yaml
@@ -1,8 +1,5 @@
 hostName: cif.gov.bc.ca
 
-certbot:
-  enabled: false
-
 deploy-db:
   airflowEndpoint: https://cas-airflow-prod.apps.silver.devops.gov.bc.ca
 
diff --git a/chart/cas-cif/values-test.yaml b/chart/cas-cif/values-test.yaml
index d511e9cae3..c504cae2fd 100644
--- a/chart/cas-cif/values-test.yaml
+++ b/chart/cas-cif/values-test.yaml
@@ -2,7 +2,7 @@ app:
   sitewide_notice:
     content: <div class="alert alert-warning">This is the TEST environment.</div>
 
-hostName: test.cif.gov.bc.ca
+hostName: cas-cif-test.apps.silver.devops.gov.bc.ca
 
 db:
   postUpgradeCommandEnv: |
@@ -28,6 +28,3 @@ deploy-db:
 
 download-dags:
   airflowEndpoint: https://cas-airflow-test.apps.silver.devops.gov.bc.ca
-
-certbot:
-  enabled: true
diff --git a/chart/cas-cif/values.yaml b/chart/cas-cif/values.yaml
index 387c770560..ef1cd65a89 100644
--- a/chart/cas-cif/values.yaml
+++ b/chart/cas-cif/values.yaml
@@ -37,12 +37,6 @@ db:
 
 hostName: ~
 
-certbot:
-  image:
-    pullPolicy: IfNotPresent
-  certbot:
-    email: ggircs@gov.bc.ca
-
 resources:
   limits:
     cpu: 800m
diff --git a/shipit.yml b/shipit.yml
index 7f4efe39e9..f2a6ed1d31 100644
--- a/shipit.yml
+++ b/shipit.yml
@@ -12,12 +12,3 @@ deploy:
 ci:
   allow_failures:
     - "yarn-audit"
-
-tasks:
-  renew_cert:
-    action: "Renew SSL Certificate"
-    description: "Send a request via certbot to issue an SSL certificate"
-    steps:
-      - export ISSUE_CERT=true
-      - make install:
-          timeout: 5000

From d7873121197c327401fd213a0dd62a1f813a9656 Mon Sep 17 00:00:00 2001
From: Dylan Leard <dylan@button.is>
Date: Wed, 15 Jan 2025 14:18:46 -0800
Subject: [PATCH 2/4] chore: remove more leftover pinned PGO images

---
 database_backup_test/backup-test/templates/postgres.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/database_backup_test/backup-test/templates/postgres.yaml b/database_backup_test/backup-test/templates/postgres.yaml
index 17cf5c1d96..a46dcfc25f 100644
--- a/database_backup_test/backup-test/templates/postgres.yaml
+++ b/database_backup_test/backup-test/templates/postgres.yaml
@@ -48,7 +48,6 @@ spec:
                   postgres-operator.crunchydata.com/instance-set: pgha1
   proxy:
     pgBouncer:
-      image: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-pgbouncer:ubi8-1.18-0
       resources:
         requests:
           cpu: 10m
@@ -83,7 +82,6 @@ spec:
         - cif
   backups:
     pgbackrest:
-      image: artifacts.developer.gov.bc.ca/bcgov-docker-local/crunchy-pgbackrest:ubi8-2.41-4
     {{- if .Values.db.restore.enabled }}
       restore:
         enabled: true

From 2449ea8466ba70c3aa5e726b5a891058989974fc Mon Sep 17 00:00:00 2001
From: Dylan Leard <dylan@button.is>
Date: Wed, 15 Jan 2025 14:35:59 -0800
Subject: [PATCH 3/4] chore: update chart.lock

---
 chart/cas-cif/Chart.lock | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/chart/cas-cif/Chart.lock b/chart/cas-cif/Chart.lock
index bd39a957ec..a4da2ee72c 100644
--- a/chart/cas-cif/Chart.lock
+++ b/chart/cas-cif/Chart.lock
@@ -8,8 +8,5 @@ dependencies:
 - name: cas-airflow-dag-trigger
   repository: https://bcgov.github.io/cas-airflow
   version: 1.0.7
-- name: certbot
-  repository: https://bcdevops.github.io/certbot
-  version: 0.1.3
-digest: sha256:d2da5fb2e1380ca061fdadb0e4cbe54137f1e3d43f90afe245339ddb320a771b
-generated: "2024-12-16T11:23:41.617911-08:00"
+digest: sha256:0693261c3831cac56b20a88001ce8492535570768f78c9a46f1eb89d7280818c
+generated: "2025-01-15T14:35:44.502894429-08:00"

From 6e8b905e4f69478d616099e35e0d7261c186b6b7 Mon Sep 17 00:00:00 2001
From: Dylan Leard <dylan@button.is>
Date: Wed, 15 Jan 2025 14:57:38 -0800
Subject: [PATCH 4/4] chore: remove unncessary conditionals in make install
 target

---
 Makefile | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 4e9032fc01..c7614ff4e8 100644
--- a/Makefile
+++ b/Makefile
@@ -246,14 +246,7 @@ install:
 	@set -euo pipefail; \
 	dagConfig=$$(echo '{"org": "bcgov", "repo": "cas-cif", "ref": "$(GIT_SHA1)", "path": "dags/cas_cif_dags.py"}' | base64 -w0); \
 	helm dep up $(CHART_DIR); \
-	if ! helm status --namespace $(NAMESPACE) $(CHART_INSTANCE); then \
-		echo 'Installing the application and issuing SSL certificate'; \
-		helm install $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
-	elif [ $(ISSUE_CERT) ]; then \
-		helm upgrade $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
-	else \
-		helm upgrade $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR); \
-	fi;
+	helm install $(HELM_OPTS) $(CHART_INSTANCE) $(CHART_DIR);
 
 
 restore_prereq: ## Prerequisites for the restore target