about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--kubernetes/letsencrypt.yaml14
-rw-r--r--third-party/grafana/values.yaml7
2 files changed, 20 insertions, 1 deletions
diff --git a/kubernetes/letsencrypt.yaml b/kubernetes/letsencrypt.yaml
new file mode 100644
index 0000000..8e018db
--- /dev/null
+++ b/kubernetes/letsencrypt.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: [email protected]
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - http01:
+          ingress:
+            class: traefik
diff --git a/third-party/grafana/values.yaml b/third-party/grafana/values.yaml
index fb6a2e0..7c8815b 100644
--- a/third-party/grafana/values.yaml
+++ b/third-party/grafana/values.yaml
@@ -18,10 +18,11 @@ service:
 ingress:
   enabled: true
   annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
     traefik.ingress.kubernetes.io/redirect-entry-point: https
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernete.io/router.tls.certresolver: default
+    traefik.ingress.kubernetes.io/router.tls.certresolver: default
     traefik.ingress.kubernetes.io/router.tls.domains.0.main: topkek.cloud
     traefik.ingress.kubernetes.io/router.tls.domains.0.sans: grafana.topkek.cloud
   labels: {}
@@ -29,3 +30,7 @@ ingress:
     - grafana.topkek.cloud
   path: /
   pathType: Prefix
+  tls:
+    - hosts:
+        - grafana.topkek.cloud
+      secretName: grafana-topkek-cloud-tls