gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee7669c78816bb5e34397db6500d6e5b11f33c57
home-server/clusters/noble/apps/cert-manager/README.md

1.1 KiB
Raw Blame History

cert-manager — noble

Prerequisites: Traefik (ingress class traefik), DNS for *.apps.noble.lab.pcenicni.dev → Traefik LB.

  1. Create the namespace:

    kubectl apply -f clusters/noble/apps/cert-manager/namespace.yaml

  2. Install the chart (CRDs included via values.yaml):

    helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade --install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v1.20.0 \
  -f clusters/noble/apps/cert-manager/values.yaml \
  --wait

  3. Optionally edit spec.acme.email in both ClusterIssuer manifests (default certificates@noble.lab.pcenicni.dev) — Lets Encrypt uses this for expiry and account notices. Do not use example.com (ACME rejects it).

  4. Apply ClusterIssuers (staging then prod, or both):

    kubectl apply -k clusters/noble/apps/cert-manager

  5. Confirm:

    kubectl get clusterissuer

Use cert-manager.io/cluster-issuer: letsencrypt-staging on Ingresses while testing; switch to letsencrypt-prod when ready.

Reference in New Issue View Git Blame Copy Permalink