66433ff0b1
The ingresses referenced a Cloudflare OriginIssuer 'prod-issuer' whose CRD and controller are not installed in the cluster, so cert-manager could not issue certs and Traefik served a default cert (invalid SSL). Switch to the existing letsencrypt-prod ClusterIssuer with specific hostnames + per-app secrets, matching the working ingresses (http-01 cannot issue wildcards).
27 lines
571 B
YAML
27 lines
571 B
YAML
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: fava-ingress
|
|
namespace: fava
|
|
annotations:
|
|
kubernetes.io/ingress.class: "traefik"
|
|
traefik.ingress.kubernetes.io/redirect-entry-point: https
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- fava.rogi.casa
|
|
secretName: fava-tls
|
|
rules:
|
|
- host: fava.rogi.casa
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: fava-service
|
|
port:
|
|
number: 80
|