Use explicit Certificate resource with dnsNames for multi-domain TLS
ci/woodpecker/pr/kubeconform Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful

This commit is contained in:
2026-06-28 12:28:05 +10:00
parent 1b9b8cb033
commit 1c187f4cae
3 changed files with 19 additions and 3 deletions
+18
View File
@@ -0,0 +1,18 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: authentik-tls
namespace: authentik
spec:
secretName: authentik-tls
issuerRef:
kind: ClusterIssuer
name: vault-issuer
commonName: identity.unkin.net
dnsNames:
- identity.unkin.net
- identity.k8s.syd1.au.unkin.net
privateKey:
algorithm: RSA
size: 4096
-3
View File
@@ -5,9 +5,6 @@ metadata:
labels:
traefik.io/instance: internal
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: identity.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: identity.unkin.net,identity.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
name: authentik
+1
View File
@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- certificate.yaml
- cnpg_cluster.yaml
- cnpg_pooler.yaml
- gateway.yaml