update

traefik_lempa/cert-manager-cluster-issuer.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-cluster-issuer
+spec:
+  acme:
+    email: cloudflare@schnorbus.net
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-acme-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token

traefik_lempa/cert-manager-issuer-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token-secret
+  namespace: cert-manager
+type: Opaque
+data:
+  api-token: UDk2TXk0dWlIdWRadGlDMnltalNHUTAxNzRDb1JCbkk5enRtQTBXaA==

traefik_lempa/cert-manager-values.yaml

@@ -0,0 +1,6 @@
+namespace: "cert-manager"
+crds:
+  enabled: true
+extraArgs:
+  - --dns01-recursive-nameservers-only
+  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53

traefik_lempa/nginx-certificate.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nginx-ingress-certificate
+  namespace: test
+spec:
+  secretName: nginx-certificate-secret
+  issuerRef:
+    name: cloudflare-cluster-issuer
+    kind: ClusterIssuer
+  dnsNames:
+    - nginx.k8s.internal.schnrbs.work

traefik_lempa/nginx-ingress.yaml

@@ -17,3 +17,7 @@ spec:
                 name: nginx
                 port:
                   number: 80
+  tls:
+    - hosts:
+        - nginx.k8s.internal.schnrbs.work
+      secretName: nginx-certificate-secret

traefik_lempa/traefik-values.yaml

@@ -2,4 +2,9 @@ ports:
   web:
     redirectTo: 
       port: websecure
+ingressRoute:
+  dashboard:
+    enabled: true
+    entryPoints: [web, websecure]
+    matchRule: Host(`traefik-dashboard.k8s.internal.schnrbs.work`)