taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

portfolio: use auto generate cert-manager secret

Browse Source 
- use auto genereated cert manager secret and move away from wildcard
  cert
This commit is contained in:
Taqi Tahmid
2025-05-14 18:59:30 +03:00
parent 1b8923afb1
commit 9731f466f0
2 changed files with 23 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
kubernetes/README.md
View File

@ -114,19 +114,17 @@ helm install registry docker-registry-helm-chart/ \
# Deploy Portfolio Website from Private Docker Registry # Deploy Portfolio Website from Private Docker Registry
First, create a secret to access the private docker registry. Then copy the First, create the namespace and create a secret to access the private docker
wildcard CA cert and deploy the portfolio webapp. registry.
```bash ```bash
kubectl create namespace my-portfolio kubectl create namespace my-portfolio
kubectl get secret wildcard-cert-secret --namespace=cert-manager -o yaml \
| sed 's/namespace: cert-manager/namespace: my-portfolio/' | kubectl apply -f -
source .env source .env
kubectl create secret docker-registry my-registry-secret \ kubectl create secret docker-registry my-registry-secret \
--docker-server="${DOCKER_REGISTRY_HOST}" \ --docker-server="$DOCKER_REGISTRY_HOST" \
--docker-username="${DOCKER_USER}" \ --docker-username="$DOCKER_USER" \
--docker-password="${DOCKER_PASSWORD}" \ --docker-password="$DOCKER_PASSWORD" \
-n my-portfolio -n my-portfolio
# use envsubst to substitute the environment variables in the manifest # use envsubst to substitute the environment variables in the manifest
@ -248,7 +246,6 @@ from the GUI.
- LDAP Admin Bind DN: dc=homelab,dc=local - LDAP Admin Bind DN: dc=homelab,dc=local
- LDAP Admin Filter: (memberOf=CN=jellyfin_users,OU=groups,DC=homelab,DC=local) - LDAP Admin Filter: (memberOf=CN=jellyfin_users,OU=groups,DC=homelab,DC=local)
## Transfer media files from one PVC to another (Optional) ## Transfer media files from one PVC to another (Optional)
To transfer media files from one PVC to another, create a temporary pod to copy To transfer media files from one PVC to another, create a temporary pod to copy
@ -285,6 +282,7 @@ sudo mount /dev/sda4 /mnt/longhorn
# Add entry to /etc/fstab to persist across reboot # Add entry to /etc/fstab to persist across reboot
echo "/dev/sda4 /mnt/longhorn ext4 defaults 0 2" | sudo tee -a /etc/fstab echo "/dev/sda4 /mnt/longhorn ext4 defaults 0 2" | sudo tee -a /etc/fstab
``` ```
Deploy the longhorn helm chart. Deploy the longhorn helm chart.
Ref: https://github.com/longhorn/charts/tree/v1.8.x/charts/longhorn Ref: https://github.com/longhorn/charts/tree/v1.8.x/charts/longhorn
@ -568,7 +566,7 @@ echo traefik_auth | base64
source .env source .env
envsubst < traefik-middleware/auth_secret.yaml | kubectl apply -n my-portfolio -f - envsubst < traefik-middleware/auth_secret.yaml | kubectl apply -n my-portfolio -f -
kubernetes apply -f traefik-middleware/auth.yaml -n my-portfolio kubectl apply -f traefik-middleware/auth.yaml -n my-portfolio
``` ```
Following middleware deployment, the authentication must be enabled by adding Following middleware deployment, the authentication must be enabled by adding

5
kubernetes/my-portfolio/portfolioManifest.yaml
View File

@ -44,11 +44,12 @@ metadata:
name: portfolio name: portfolio
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/issuer: "letsencrypt-prod"
spec: spec:
tls: tls:
- hosts: - hosts:
- "${DNSNAME}" - "${PORTFOLIO_HOST}"
secretName: wildcard-cert-secret secretName: portfolio-tls
rules: rules:
- host: "${PORTFOLIO_HOST}" - host: "${PORTFOLIO_HOST}"
http: http: