diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml index abceff25..e962d475 100644 --- a/services/maintenance/kustomization.yaml +++ b/services/maintenance/kustomization.yaml @@ -35,6 +35,7 @@ resources: - node-image-sweeper-daemonset.yaml - image-sweeper-cronjob.yaml - metis-service.yaml + - metis-certificate.yaml - metis-ingress.yaml images: - name: registry.bstein.dev/bstein/ariadne diff --git a/services/maintenance/metis-certificate.yaml b/services/maintenance/metis-certificate.yaml new file mode 100644 index 00000000..88c6bec4 --- /dev/null +++ b/services/maintenance/metis-certificate.yaml @@ -0,0 +1,13 @@ +# services/maintenance/metis-certificate.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: sentinel-tls + namespace: maintenance +spec: + secretName: sentinel-tls + issuerRef: + kind: ClusterIssuer + name: letsencrypt + dnsNames: + - sentinel.bstein.dev diff --git a/services/maintenance/metis-ingress.yaml b/services/maintenance/metis-ingress.yaml index bde41717..40ff7705 100644 --- a/services/maintenance/metis-ingress.yaml +++ b/services/maintenance/metis-ingress.yaml @@ -6,26 +6,15 @@ metadata: namespace: maintenance annotations: kubernetes.io/ingress.class: traefik - cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.middlewares: sso-oauth2-proxy-errors@kubernetescrd,sso-oauth2-proxy-forward-auth@kubernetescrd spec: ingressClassName: traefik tls: - - hosts: ["metis.bstein.dev", "sentinel.bstein.dev"] - secretName: metis-tls + - hosts: ["sentinel.bstein.dev"] + secretName: sentinel-tls rules: - - host: metis.bstein.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: metis - port: - number: 80 - host: sentinel.bstein.dev http: paths: