From 4af01f2d0ac6c12fd51e2f164464f58c3c9f879c Mon Sep 17 00:00:00 2001 From: HaimKortovich Date: Wed, 6 May 2026 17:03:36 -0500 Subject: [PATCH] add issuer --- clusters/k3s-dgx/infrastructure/gateway.yaml | 14 ++++++++++++++ clusters/k3s-dgx/infrastructure/issuer.yaml | 16 ++++++++++++++++ .../k3s-dgx/infrastructure/kustomization.yaml | 1 + 3 files changed, 31 insertions(+) create mode 100644 clusters/k3s-dgx/infrastructure/issuer.yaml diff --git a/clusters/k3s-dgx/infrastructure/gateway.yaml b/clusters/k3s-dgx/infrastructure/gateway.yaml index 0a219ba..cbbd6f1 100644 --- a/clusters/k3s-dgx/infrastructure/gateway.yaml +++ b/clusters/k3s-dgx/infrastructure/gateway.yaml @@ -3,6 +3,8 @@ kind: Gateway metadata: name: envoy-gateway namespace: default + annotations: + cert-manager.io/cluster-issuer: letsencrypt spec: gatewayClassName: envoy listeners: @@ -13,3 +15,15 @@ spec: allowedRoutes: namespaces: from: All + + - name: https + protocol: HTTPS + port: 443 + hostname: "mcp.corredorconect.com" + tls: + mode: Terminate + certificateRefs: + - name: mcp-tls + allowedRoutes: + namespaces: + from: All diff --git a/clusters/k3s-dgx/infrastructure/issuer.yaml b/clusters/k3s-dgx/infrastructure/issuer.yaml new file mode 100644 index 0000000..fe8193e --- /dev/null +++ b/clusters/k3s-dgx/infrastructure/issuer.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + email: haimkortovich88@gmail.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt + solvers: + - http01: + gatewayHTTPRoute: + parentRefs: + - name: envoy-gateway + namespace: default diff --git a/clusters/k3s-dgx/infrastructure/kustomization.yaml b/clusters/k3s-dgx/infrastructure/kustomization.yaml index 9a8c0da..4c0d274 100644 --- a/clusters/k3s-dgx/infrastructure/kustomization.yaml +++ b/clusters/k3s-dgx/infrastructure/kustomization.yaml @@ -6,3 +6,4 @@ resources: - envoy-gateway-class.yaml - metal-lb.yaml - gateway.yaml + - issuer.yaml