websites: Manage dcow cert via Ingress annotation
Now that the reverse proxy for Internet-facing sites uses TLS passthrough, the certificate for the _darkchestofwonders.us_ Ingress needs to be correct. Since Ingress resources can only use either the default certificate (_*.pyrocufflink.blue_) or a certificate from their same namespace, we have to move the Certificate and its corresponding Secret into the _websites_ namespace. Fortunately, this is easy enoug to do, by setting the appropriate annotations on the Ingress. To keep the existing certificate (until it expires), I moved the Secret manually: ```sh kubectl get secret dcow-cert -o yaml | grep -v namespace | kubectl create -n websites -f - ```
This commit is contained in:
@@ -8,10 +8,17 @@ metadata:
|
||||
app.kubernetes.io/component: darkchestofwonders.us
|
||||
app.kubernetes.io/part-of: darkchestofwonders.us
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: zerossl
|
||||
cert-manager.io/private-key-algorithm: ECDSA
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- '*.darkchestofwonders.us'
|
||||
- darkchestofwonders.us
|
||||
secretName: dcow-cert
|
||||
rules:
|
||||
- host: darkchestofwonders.us
|
||||
http:
|
||||
|
||||
Reference in New Issue
Block a user