From 71bd6ef6da09b6a165518ec1fb0d7f494831edf7 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 28 Jun 2026 12:39:14 +1000 Subject: [PATCH] Use cert-manager gateway integration for multi-SAN TLS cert-manager automatically merges dnsNames from listeners sharing the same certificateRef, so an explicit Certificate resource is unnecessary. --- apps/base/authentik/certificate.yaml | 18 ------------------ apps/base/authentik/gateway.yaml | 3 +++ apps/base/authentik/kustomization.yaml | 1 - 3 files changed, 3 insertions(+), 19 deletions(-) delete mode 100644 apps/base/authentik/certificate.yaml diff --git a/apps/base/authentik/certificate.yaml b/apps/base/authentik/certificate.yaml deleted file mode 100644 index 1430751..0000000 --- a/apps/base/authentik/certificate.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: authentik-tls - namespace: authentik -spec: - secretName: authentik-tls - issuerRef: - kind: ClusterIssuer - name: vault-issuer - commonName: identity.unkin.net - dnsNames: - - identity.unkin.net - - identity.k8s.syd1.au.unkin.net - privateKey: - algorithm: RSA - size: 4096 diff --git a/apps/base/authentik/gateway.yaml b/apps/base/authentik/gateway.yaml index 4c6a633..bc13062 100644 --- a/apps/base/authentik/gateway.yaml +++ b/apps/base/authentik/gateway.yaml @@ -5,6 +5,9 @@ metadata: labels: traefik.io/instance: internal annotations: + cert-manager.io/cluster-issuer: vault-issuer + cert-manager.io/common-name: identity.unkin.net + cert-manager.io/private-key-size: "4096" external-dns.alpha.kubernetes.io/hostname: identity.unkin.net,identity.k8s.syd1.au.unkin.net external-dns.alpha.kubernetes.io/target: 198.18.200.4 name: authentik diff --git a/apps/base/authentik/kustomization.yaml b/apps/base/authentik/kustomization.yaml index 340420c..3c58eee 100644 --- a/apps/base/authentik/kustomization.yaml +++ b/apps/base/authentik/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - certificate.yaml - cnpg_cluster.yaml - cnpg_pooler.yaml - gateway.yaml