ryan/lunarfront-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use Cloudflare origin cert for TLS instead of cert-manager

Browse Source
This commit is contained in:
Ryan Moon
2026-04-02 07:16:14 -05:00
parent ce503e6bdc
commit ca98dd2d91
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
charts/lunarfront/templates/ingress.yaml
View File

@@ -4,13 +4,14 @@ metadata:
name: lunarfront name: lunarfront
namespace: {{ .Values.customer.name }} namespace: {{ .Values.customer.name }}
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod # Cloudflare proxies TLS to the browser — origin cert handles CF → cluster
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec: spec:
ingressClassName: nginx ingressClassName: nginx
tls: tls:
- hosts: - hosts:
- {{ .Values.customer.domain }} - {{ .Values.customer.domain }}
secretName: lunarfront-tls secretName: {{ .Values.cloudflare.originCertSecret }}
rules: rules:
- host: {{ .Values.customer.domain }} - host: {{ .Values.customer.domain }}
http: http:

5
charts/lunarfront/values.yaml
View File

@@ -37,6 +37,11 @@ auth:
storage: storage:
secretName: lunarfront-storage-secret secretName: lunarfront-storage-secret
# Cloudflare origin cert — installed once as a cluster-wide secret
# See: https://developers.cloudflare.com/ssl/origin-configuration/origin-ca
cloudflare:
originCertSecret: cloudflare-origin-cert
replicaCount: 1 replicaCount: 1
resources: resources: