portfolio: use auto generate cert-manager secret

- use auto genereated cert manager secret and move away from wildcard cert
2025-05-14 18:59:30 +03:00
parent 1b8923afb1
commit 9731f466f0
2 changed files with 23 additions and 24 deletions
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@ -114,19 +114,17 @@ helm install registry docker-registry-helm-chart/ \

 # Deploy Portfolio Website from Private Docker Registry

-First, create a secret to access the private docker registry. Then copy the
-wildcard CA cert and deploy the portfolio webapp.
+First, create the namespace and create a secret to access the private docker
+registry.

 ```bash
 kubectl create namespace my-portfolio
-kubectl get secret wildcard-cert-secret --namespace=cert-manager -o yaml \
-  | sed 's/namespace: cert-manager/namespace: my-portfolio/' | kubectl apply -f -

 source .env
 kubectl create secret docker-registry my-registry-secret \
-  --docker-server="${DOCKER_REGISTRY_HOST}" \
-  --docker-username="${DOCKER_USER}" \
-  --docker-password="${DOCKER_PASSWORD}" \
+  --docker-server="$DOCKER_REGISTRY_HOST" \
+  --docker-username="$DOCKER_USER" \
+  --docker-password="$DOCKER_PASSWORD" \
  -n my-portfolio

 # use envsubst to substitute the environment variables in the manifest
@ -248,7 +246,6 @@ from the GUI.
     - LDAP Admin Bind DN: dc=homelab,dc=local
     - LDAP Admin Filter: (memberOf=CN=jellyfin_users,OU=groups,DC=homelab,DC=local)

-
 ## Transfer media files from one PVC to another (Optional)

 To transfer media files from one PVC to another, create a temporary pod to copy
@ -285,6 +282,7 @@ sudo mount /dev/sda4 /mnt/longhorn
 # Add entry to /etc/fstab to persist across reboot
 echo "/dev/sda4 /mnt/longhorn ext4 defaults 0 2" | sudo tee -a /etc/fstab
 ```
+
 Deploy the longhorn helm chart.
 Ref: https://github.com/longhorn/charts/tree/v1.8.x/charts/longhorn

@ -568,7 +566,7 @@ echo traefik_auth | base64

 source .env
 envsubst < traefik-middleware/auth_secret.yaml | kubectl apply -n my-portfolio -f -
-kubernetes apply -f traefik-middleware/auth.yaml -n my-portfolio
+kubectl apply -f traefik-middleware/auth.yaml -n my-portfolio
 ```

 Following middleware deployment, the authentication must be enabled by adding
--- a/kubernetes/my-portfolio/portfolioManifest.yaml
+++ b/kubernetes/my-portfolio/portfolioManifest.yaml
@ -44,11 +44,12 @@ metadata:
  name: portfolio
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    cert-manager.io/issuer: "letsencrypt-prod"
 spec:
  tls:
    - hosts:
-        - "${DNSNAME}"
-      secretName: wildcard-cert-secret
+        - "${PORTFOLIO_HOST}"
+      secretName: portfolio-tls
  rules:
    - host: "${PORTFOLIO_HOST}"
      http: