mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-02-04 04:59:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

move all certs to automatic issuer

Browse Source
This commit is contained in:
Michael Thomson
2025-12-18 06:17:35 -05:00
parent f1d0cbeedd
commit 27c6abb459
27 changed files with 49 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/actual/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: actual name: actual
namespace: actual namespace: actual
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"

3
apps/authentik/release.yaml
View File

@@ -25,6 +25,7 @@ spec:
enabled: true enabled: true
ingressClassName: traefik ingressClassName: traefik
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
@@ -32,7 +33,7 @@ spec:
hosts: hosts:
- authentik.michaelthomson.dev - authentik.michaelthomson.dev
tls: tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev - secretName: authentik-tls
hosts: hosts:
- authentik.michaelthomson.dev - authentik.michaelthomson.dev
volumes: volumes:

3
apps/baikal/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: baikal name: baikal
namespace: baikal namespace: baikal
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- baikal.michaelthomson.dev - baikal.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: baikal-tls

3
apps/booklore/release.yaml
View File

@@ -24,6 +24,7 @@ spec:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -36,7 +37,7 @@ spec:
tls: tls:
- hosts: - hosts:
- booklore.michaelthomson.dev - booklore.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: booklore-tls
# If you want to bring your own persistence (such as a hostPath), # If you want to bring your own persistence (such as a hostPath),
# disable these and do so in extraVolumes/extraVolumeMounts # disable these and do so in extraVolumes/extraVolumeMounts

3
apps/gitea/release.yaml
View File

@@ -31,6 +31,7 @@ spec:
enabled: true enabled: true
className: traefik className: traefik
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false" external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -43,7 +44,7 @@ spec:
tls: tls:
- hosts: - hosts:
- gitea.michaelthomson.dev - gitea.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: gitea-tls
persistence: persistence:
claimName: gitea-shared-storage claimName: gitea-shared-storage

3
apps/homeassistant/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: homeassistant name: homeassistant
namespace: homeassistant namespace: homeassistant
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
spec: spec:
@@ -21,4 +22,4 @@ spec:
tls: tls:
- hosts: - hosts:
- ha.michaelthomson.dev - ha.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: homeassistant-tls

3
apps/immich/release.yaml
View File

@@ -63,6 +63,7 @@ spec:
main: main:
enabled: true enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -74,7 +75,7 @@ spec:
tls: tls:
- hosts: - hosts:
- immich.michaelthomson.dev - immich.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: immich-tls
machine-learning: machine-learning:
enabled: true enabled: true

3
apps/karakeep/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: karakeep-web-ingress name: karakeep-web-ingress
namespace: karakeep namespace: karakeep
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- karakeep.michaelthomson.dev - karakeep.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: karakeep-web-ingress-tls

6
apps/kube-prometheus-stack/release.yaml
View File

@@ -18,25 +18,27 @@ spec:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts: hosts:
- grafana.michaelthomson.dev - grafana.michaelthomson.dev
path: / path: /
tls: tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev - secretName: grafana-tls
hosts: hosts:
- grafana.michaelthomson.dev - grafana.michaelthomson.dev
prometheus: prometheus:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts: hosts:
- prometheus.michaelthomson.dev - prometheus.michaelthomson.dev
path: / path: /
tls: tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev - secretName: prometheus-tls
hosts: hosts:
- prometheus.michaelthomson.dev - prometheus.michaelthomson.dev

3
apps/media/bazarr/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: bazarr name: bazarr
namespace: media namespace: media
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
# traefik.ingress.kubernetes.io/router.middlewares: authentik-bazarr@kubernetescrd # traefik.ingress.kubernetes.io/router.middlewares: authentik-bazarr@kubernetescrd
@@ -22,4 +23,4 @@ spec:
tls: tls:
- hosts: - hosts:
- bazarr.michaelthomson.dev - bazarr.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: bazarr-tls

3
apps/media/jellyfin/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: jellyfin name: jellyfin
namespace: media namespace: media
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- jellyfin.michaelthomson.dev - jellyfin.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: jellyfin-tls

3
apps/media/jellyseerr/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: jellyseerr name: jellyseerr
namespace: media namespace: media
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- jellyseerr.michaelthomson.dev - jellyseerr.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: jellyseerr-tls

3
apps/media/prowlarr/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: prowlarr name: prowlarr
namespace: media namespace: media
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
# traefik.ingress.kubernetes.io/router.middlewares: authentik-prowlarr@kubernetescrd # traefik.ingress.kubernetes.io/router.middlewares: authentik-prowlarr@kubernetescrd
@@ -22,4 +23,4 @@ spec:
tls: tls:
- hosts: - hosts:
- prowlarr.michaelthomson.dev - prowlarr.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: prowlarr-tls

3
apps/media/radarr/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: radarr name: radarr
namespace: media namespace: media
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
# traefik.ingress.kubernetes.io/router.middlewares: authentik-radarr@kubernetescrd # traefik.ingress.kubernetes.io/router.middlewares: authentik-radarr@kubernetescrd
@@ -22,4 +23,4 @@ spec:
tls: tls:
- hosts: - hosts:
- radarr.michaelthomson.dev - radarr.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: radarr-tls

3
apps/media/sabnzbd/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: sabnzbd name: sabnzbd
namespace: media namespace: media
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
spec: spec:
@@ -21,4 +22,4 @@ spec:
tls: tls:
- hosts: - hosts:
- sabnzbd.michaelthomson.dev - sabnzbd.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: sabnzbd-tls

3
apps/media/sonarr/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: sonarr name: sonarr
namespace: media namespace: media
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
# traefik.ingress.kubernetes.io/router.middlewares: authentik-sonarr@kubernetescrd # traefik.ingress.kubernetes.io/router.middlewares: authentik-sonarr@kubernetescrd
@@ -22,4 +23,4 @@ spec:
tls: tls:
- hosts: - hosts:
- sonarr.michaelthomson.dev - sonarr.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: sonarr-tls

6
apps/nextcloud/release.yaml
View File

@@ -21,6 +21,7 @@ spec:
enabled: true enabled: true
className: traefik className: traefik
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -28,7 +29,7 @@ spec:
tls: tls:
- hosts: - hosts:
- nextcloud.michaelthomson.dev - nextcloud.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: nextclout-tls
labels: {} labels: {}
path: / path: /
pathType: Prefix pathType: Prefix
@@ -151,6 +152,7 @@ spec:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -163,7 +165,7 @@ spec:
tls: tls:
- hosts: - hosts:
- collabora.michaelthomson.dev - collabora.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: collabora-tls
cronjob: cronjob:
enabled: true enabled: true

3
apps/ntfy/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: ntfy name: ntfy
namespace: ntfy namespace: ntfy
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- ntfy.michaelthomson.dev - ntfy.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: ntfy-tls

3
apps/pihole/release.yaml
View File

@@ -31,6 +31,7 @@ spec:
# -- Annotations for the ingress # -- Annotations for the ingress
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
path: / path: /
@@ -39,7 +40,7 @@ spec:
tls: tls:
- hosts: - hosts:
- pihole.michaelthomson.dev - pihole.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: pihole-tls
# -- `spec.PersitentVolumeClaim` configuration # -- `spec.PersitentVolumeClaim` configuration
persistentVolumeClaim: persistentVolumeClaim:

31
apps/stirling-pdf/release.yaml
View File

@@ -1,31 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: stirling-pdf
namespace: stirling-pdf
spec:
chart:
spec:
chart: stirling-pdf-chart
version: 2.x
sourceRef:
kind: HelmRepository
name: stirling-pdf
interval: 15m
releaseName: stirling-pdf
values:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: pdf.michaelthomson.dev
paths:
- path: "/"
pathType: ImplementationSpecific
tls:
- hosts:
- pdf.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev
ingressClassName: traefik

8
apps/stirling-pdf/repository.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: stirling-pdf
namespace: stirling-pdf
spec:
interval: 15m
url: https://stirling-tools.github.io/Stirling-PDF-chart

3
apps/syncthing/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: syncthing name: syncthing
namespace: syncthing namespace: syncthing
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- syncthing.michaelthomson.dev - syncthing.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: syncthing-tls

3
apps/uptime-kuma/uptime-kuma-ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: uptime-kuma name: uptime-kuma
namespace: uptime-kuma namespace: uptime-kuma
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- kuma.michaelthomson.dev - kuma.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: uptime-kuma-tls

3
apps/vaultwarden/release.yaml
View File

@@ -43,6 +43,7 @@ spec:
enabled: true enabled: true
class: "traefik" class: "traefik"
additionalAnnotations: additionalAnnotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -50,4 +51,4 @@ spec:
labels: {} labels: {}
tls: true tls: true
hostname: "vaultwarden.michaelthomson.dev" hostname: "vaultwarden.michaelthomson.dev"
tlsSecret: "letsencrypt-wildcard-cert-michaelthomson.dev" tlsSecret: vaultwarden-tls

3
apps/wg-easy/ingress.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: wg-easy name: wg-easy
namespace: wg-easy namespace: wg-easy
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net external-dns.alpha.kubernetes.io/target: michaelthomson.ddns.net
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@@ -23,4 +24,4 @@ spec:
tls: tls:
- hosts: - hosts:
- wireguard.michaelthomson.dev - wireguard.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev secretName: wg-easy-tls

19
bootstrap/apps/kustomization-stirling-pdf.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: stirling-pdf
namespace: flux-system
spec:
interval: 15m
path: ./apps/stirling-pdf
prune: true # remove any elements later removed from the above path
wait: true
sourceRef:
kind: GitRepository
name: flux-system
decryption:
provider: sops
secretRef:
name: sops-age
dependsOn:
- name: infra-configs

4
infrastructure/namespaces/namespace-stirling-pdf.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: stirling-pdf