luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ingress: TLS via cert-manager (letsencrypt-prod) for onelab.k8s.selair.it

Browse Source 
Made-with: Cursor
This commit is contained in:
timotheereausanofi
2026-03-20 10:29:50 +01:00
parent 279829cfee
commit 9cb1b10d6c
4 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gitops/README.md
View File

@@ -54,6 +54,8 @@ Helm 3.19 may return empty content for `.Files.Get` on Windows; this chart uses
Enable `ingress.enabled` and set `ingress.host` (and optional TLS). Traffic is sent to Service **`revproxy`** (internal nginx). On k3s, `ingress.className: traefik` matches the default controller.
For **cert-manager**, set `ingress.tls: true`, `ingress.tlsSecretName`, and `ingress.certManager.clusterIssuer` (e.g. `letsencrypt-prod`). Ensure a **DNS A/CNAME** for `ingress.host` points to your ingress before the ACME challenge runs.
## Not migrated in this chart
- **Edge proxy stack** (`app/proxy/docker-compose.yml`, host 80/443 Swarm mode) — replaced for K8s by this **Ingress** + `revproxy`; optional **cert-manager** for TLS at the Ingress.