gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2a64f40f936610397e7f15eb63f3b4703f255c25
home-server/clusters/noble/apps/cert-manager/README.md

38 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# cert-manager — noble
**Prerequisites:** **Traefik** (ingress class **`traefik`**), DNS for **`*.apps.noble.lab.pcenicni.dev`** → Traefik LB.
1. Create the namespace:
```bash
kubectl apply -f clusters/noble/apps/cert-manager/namespace.yaml
```
2. Install the chart (CRDs included via `values.yaml`):
```bash
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade --install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v1.20.0 \
-f clusters/noble/apps/cert-manager/values.yaml \
--wait
```
3. Optionally edit **`spec.acme.email`** in both ClusterIssuer manifests (default **`certificates@noble.lab.pcenicni.dev`**) — Lets Encrypt uses this for expiry and account notices. Do **not** use **`example.com`** (ACME rejects it).
4. Apply ClusterIssuers (staging then prod, or both):
```bash
kubectl apply -k clusters/noble/apps/cert-manager
```
5. Confirm:
```bash
kubectl get clusterissuer
```
Use **`cert-manager.io/cluster-issuer: letsencrypt-staging`** on Ingresses while testing; switch to **`letsencrypt-prod`** when ready.
Reference in New Issue View Git Blame Copy Permalink