Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

new tls wildcard

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-05-29 21:58:34 +02:00
parent 6d874111da
commit a7106bc8f4
3 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
infra/overlays/upc-dev/kustomization.yaml
View File

@@ -4,6 +4,7 @@ resources:
- ../../base - ../../base
- vaultwarden-postgresql - vaultwarden-postgresql
- vaultwarden - vaultwarden
- wildcard-tls-certificate.yaml
# No patches needed — base already has "upc-dev" paths # No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster # upc-dev is the default/base cluster

38
infra/overlays/upc-dev/wildcard-tls-certificate.yaml Normal file
View File

@@ -0,0 +1,38 @@
---
# Wildcard Certificate for *.forteapps.net
# This creates a certificate that covers ALL subdomains of forteapps.net
# Once created, you can use it for any app like:
# - myapp.forteapps.net
# - api.forteapps.net
# - git.forteapps.net
# - vaultwarden.forteapps.net
# - etc.
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-forteapps-net
namespace: cert-manager # Can be in any namespace, cert-manager namespace is common
spec:
# The secret where the TLS certificate will be stored
# This secret can be referenced by IngressRoutes in any namespace
secretName: wildcard-forteapps-net-tls
# Use the production issuer (use letsencrypt-staging for testing)
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
# DNS names this certificate will cover
# Both wildcard AND apex domain are recommended
dnsNames:
- '*.forteapps.net' # Covers: myapp.forteapps.net, api.forteapps.net, etc.
- 'forteapps.net' # Also include apex domain explicitly
# Optional: Configure certificate duration and renewal
duration: 2160h0m0s # 90 days (Let's Encrypt default)
renewBefore: 720h0m0s # Renew 30 days before expiry
# Optional: Private key settings
privateKey:
algorithm: RSA
encoding: PKCS1
size: 4096

3
infra/values/base/databunker-values.yaml
View File

@@ -22,7 +22,8 @@ ingress:
# TLS configuration # TLS configuration
tls: tls:
enabled: true # Set to true to enable TLS enabled: true # Set to true to enable TLS
secretName: "databunker-tls" # Name of the secret containing TLS certificate # secretName: "databunker-tls" # Name of the secret containing TLS certificate
secretName: "wildcard-forteapps-net-tls" # Name of the secret containing TLS certificate
# Pin PostgreSQL password — chart uses randAlphaNum without lookup, # Pin PostgreSQL password — chart uses randAlphaNum without lookup,
# so each ArgoCD sync would regenerate the password while PVC keeps the old one. # so each ArgoCD sync would regenerate the password while PVC keeps the old one.