argocd and cert-manager

argocd/ingress.yaml

@@ -0,0 +1,25 @@
+# argocd-ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - argocd.rogi.casa
+    secretName: argocd-tls
+  rules:
+  - host: argocd.rogi.casa
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80

cert-manager/cluster-issuer.yaml

@@ -0,0 +1,15 @@
+# cluster-issuer.yaml
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: roger@ruxu.dev
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+    - http01:
+        ingress:
+          ingressClassName: traefik

cert-manager/install.sh

@@ -0,0 +1,2 @@
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
+kubectl wait --for=condition=available --timeout=120s deployment/cert-manager -n cert-manager

gitea/gitea-ingress.yaml

@@ -0,0 +1,25 @@
+# gitea-ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - git.rogi.casa
+    secretName: gitea-tls
+  rules:
+  - host: git.rogi.casa
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea
+            port:
+              number: 80

pihole/pihole.yaml

@@ -113,7 +113,7 @@ metadata:
   labels:
     app: pihole
 spec:
-  type: LoadBalancer  # Change to NodePort or ClusterIP as needed
+  type: LoadBalancer
   ports:
   - port: 53
     targetPort: 53