fix: use Cloudflare origin cert for TLS instead of cert-manager

2026-04-02 07:16:14 -05:00
parent ce503e6bdc
commit ca98dd2d91
2 changed files with 8 additions and 2 deletions
--- a/charts/lunarfront/templates/ingress.yaml
+++ b/charts/lunarfront/templates/ingress.yaml
@@ -4,13 +4,14 @@ metadata:
  name: lunarfront
  namespace: {{ .Values.customer.name }}
  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
+    # Cloudflare proxies TLS to the browser — origin cert handles CF → cluster
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
 spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - {{ .Values.customer.domain }}
-      secretName: lunarfront-tls
+      secretName: {{ .Values.cloudflare.originCertSecret }}
  rules:
    - host: {{ .Values.customer.domain }}
      http: