From fae40d03328a48f6bebba4fa4ceb46051078d5c0 Mon Sep 17 00:00:00 2001
From: Taqi Tahmid <mdtaqitahmid@gmail.com>
Date: Wed, 14 May 2025 19:17:30 +0300
Subject: [PATCH] use auto generate cert-manager tls for external-services

---
 kubernetes/README.md                     | 2 --
 kubernetes/external-service/proxmox.yaml | 7 ++++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/kubernetes/README.md b/kubernetes/README.md
index 23422b1..73976f3 100644
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@@ -146,8 +146,6 @@ services running locally or remotely.
 ```bash
 source .env
 kubectl create namespace external-services
-kubectl get secret wildcard-cert-secret --namespace=cert-manager -o yaml \
-  | sed 's/namespace: cert-manager/namespace: external-services/' | kubectl apply -f -
 envsubst '${PROXMOX_IP} ${PROXMOX_HOST}' < external-service/proxmox.yaml | \
   kubectl apply -n external-services -f -
 ```
diff --git a/kubernetes/external-service/proxmox.yaml b/kubernetes/external-service/proxmox.yaml
index 09fed4f..df010ee 100644
--- a/kubernetes/external-service/proxmox.yaml
+++ b/kubernetes/external-service/proxmox.yaml
@@ -64,6 +64,8 @@ data:
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
   name: proxmox-route
   namespace: external-services
 spec:
@@ -76,4 +78,7 @@ spec:
         - name: proxmox-proxy
           port: 80
   tls:
-    secretName: wildcard-cert-secret
+    certResolver: cert-manager
+    secretName: proxmox-tls
+    domains:
+      - main: "${PROXMOX_HOST}"