From 84dd2b8c5de9c33aeaa878540074ce2225b5136e Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 19 Mar 2026 23:26:02 +1100 Subject: [PATCH] fix: external access to puppetdb (#53) - use vault cert for puppetdb ingress Reviewed-on: https://git.unkin.net/unkin/argocd-apps/pulls/53 --- apps/base/puppet/ingress_puppetdb.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/base/puppet/ingress_puppetdb.yaml b/apps/base/puppet/ingress_puppetdb.yaml index 55c8679..4f28a7f 100644 --- a/apps/base/puppet/ingress_puppetdb.yaml +++ b/apps/base/puppet/ingress_puppetdb.yaml @@ -6,7 +6,9 @@ metadata: kubernetes.io/ingress.class: nginx external-dns.alpha.kubernetes.io/hostname: puppetdb.k8s.syd1.au.unkin.net external-dns.alpha.kubernetes.io/target: 198.18.200.0 - nginx.ingress.kubernetes.io/ssl-passthrough: "true" + cert-manager.io/cluster-issuer: vault-issuer + cert-manager.io/common-name: puppetdb.k8s.syd1.au.unkin.net + cert-manager.io/private-key-size: "4096" labels: app.kubernetes.io/component: puppetdb app.kubernetes.io/instance: puppetserver @@ -26,3 +28,7 @@ spec: number: 8080 path: / pathType: Prefix + tls: + - hosts: + - puppetdb.k8s.syd1.au.unkin.net + secretName: puppetdb-tls