66433ff0b1
The ingresses referenced a Cloudflare OriginIssuer 'prod-issuer' whose CRD and controller are not installed in the cluster, so cert-manager could not issue certs and Traefik served a default cert (invalid SSL). Switch to the existing letsencrypt-prod ClusterIssuer with specific hostnames + per-app secrets, matching the working ingresses (http-01 cannot issue wildcards).
27 lines
652 B
YAML
27 lines
652 B
YAML
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: qbittorrent-ingress
|
|
namespace: qbittorrent
|
|
annotations:
|
|
kubernetes.io/ingress.class: "traefik"
|
|
traefik.ingress.kubernetes.io/redirect-entry-point: https
|
|
traefik.ingress.kubernetes.io/compress: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- qbittorrent.rogi.casa
|
|
secretName: qbittorrent-tls
|
|
rules:
|
|
- host: qbittorrent.rogi.casa
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: qbittorrent
|
|
port:
|
|
number: 80
|