websites: Manage dcow cert via Ingress annotation

Now that the reverse proxy for Internet-facing sites uses TLS passthrough, the certificate for the _darkchestofwonders.us_ Ingress needs to be correct. Since Ingress resources can only use either the default certificate (_*.pyrocufflink.blue_) or a certificate from their same namespace, we have to move the Certificate and its corresponding Secret into the _websites_ namespace. Fortunately, this is easy enoug to do, by setting the appropriate annotations on the Ingress. To keep the existing certificate (until it expires), I moved the Secret manually: ```sh kubectl get secret dcow-cert -o yaml | grep -v namespace | kubectl create -n websites -f - ```
2024-08-24 11:27:37 -05:00
parent 78afee9abc
commit a443929c0c
3 changed files with 7 additions and 24 deletions
--- a/cert-manager/cert-exporter.yaml
+++ b/cert-manager/cert-exporter.yaml
@@ -33,11 +33,6 @@ data:
      key: certificates/tabitha.biz.key
      cert: certificates/tabitha.biz.crt
      bundle: certificates/tabitha.biz.pem
-    - name: dcow-cert
-      namespace: default
-      key: certificates/darkchestofwonders.us.key
-      cert: certificates/darkchestofwonders.us.crt
-      bundle: certificates/darkchestofwonders.us.pem
    - name: chmod777-cert
      namespace: default
      key: certificates/chmod777.sh.key
@@ -71,7 +66,6 @@ rules:
  - dustinhatchname-cert
  - hatchchat-cert
  - tabitha-cert
-  - dcow-cert
  - chmod777-cert
  - dustinandtabitha-cert
  - hlc-cert