Use cert-manager gateway integration for multi-SAN TLS
cert-manager automatically merges dnsNames from listeners sharing the same certificateRef, so an explicit Certificate resource is unnecessary.
This commit is contained in:
@@ -1,18 +0,0 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: authentik-tls
|
||||
namespace: authentik
|
||||
spec:
|
||||
secretName: authentik-tls
|
||||
issuerRef:
|
||||
kind: ClusterIssuer
|
||||
name: vault-issuer
|
||||
commonName: identity.unkin.net
|
||||
dnsNames:
|
||||
- identity.unkin.net
|
||||
- identity.k8s.syd1.au.unkin.net
|
||||
privateKey:
|
||||
algorithm: RSA
|
||||
size: 4096
|
||||
@@ -5,6 +5,9 @@ metadata:
|
||||
labels:
|
||||
traefik.io/instance: internal
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: vault-issuer
|
||||
cert-manager.io/common-name: identity.unkin.net
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
external-dns.alpha.kubernetes.io/hostname: identity.unkin.net,identity.k8s.syd1.au.unkin.net
|
||||
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
||||
name: authentik
|
||||
|
||||
@@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- certificate.yaml
|
||||
- cnpg_cluster.yaml
|
||||
- cnpg_pooler.yaml
|
||||
- gateway.yaml
|
||||
|
||||
Reference in New Issue
Block a user