working on kubernetes with tls and tailscale

2025-01-13 22:45:14 -07:00
parent 92b2bb78c0
commit 7a8e17d79d
5 changed files with 15 additions and 11 deletions
--- a/kubernetes/cloudflare-issuer/issuer.yml
+++ b/kubernetes/cloudflare-issuer/issuer.yml
@@ -1,8 +1,8 @@
 # issuer.yml
 apiVersion: cert-manager.io/v1
-kind: Issuer
+kind: ClusterIssuer # global across namespaces
 metadata:
-  name: ca-issuer
+  name: cloudflare-issuer
 spec:
  acme:
    email: alexmickelson96@gmail.com
--- a/kubernetes/cloudflare-issuer/readme.md
+++ b/kubernetes/cloudflare-issuer/readme.md
@@ -15,7 +15,7 @@ helm install \
 <https://medium.com/@kevinlutzer9/managed-ssl-certs-for-a-private-kubernetes-cluster-with-cloudflare-cert-manager-and-lets-encrypt-7987ba19044f>

 ```bash
-kubectl create secret generic cloudflare-api-key-secret --from-literal=api-key=<TOKEN>
+kubectl create -n cert-manager secret generic cloudflare-api-key-secret --from-literal=api-key=<TOKEN>
 ```


--- a/kubernetes/gitea/web.yml
+++ b/kubernetes/gitea/web.yml
@@ -78,11 +78,14 @@ kind: Ingress
 metadata:
  name: gitea
  namespace: projects
+  annotations:
+    cert-manager.io/cluster-issuer: cloudflare-issuer
 spec:
  ingressClassName: tailscale
  tls:
  - hosts: 
-    - gitea
+    - gitea.alexmickelson.guru
+    secretName: gitea-tls-cert
  rules:
    - http:
        paths:
--- a/kubernetes/readme.md
+++ b/kubernetes/readme.md
--- a/nix/home-manager/desktop.home.nix
+++ b/nix/home-manager/desktop.home.nix
@@ -10,6 +10,7 @@
    # fira-code
    (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
    kubernetes-helm
+    busybox
  ];
  fonts.fontconfig.enable = true;
  dconf.enable = true;