fix: add per-service TLS and cert-manager annotations

2026-04-21 22:24:34 +02:00 · 2026-04-21 22:24:34 +02:00 · a21afd98b4
commit a21afd98b4
parent 16fe49a53e
1 changed files with 36 additions and 9 deletions
--- a/apps/production/element-server-suite.yaml
+++ b/apps/production/element-server-suite.yaml
@ -26,39 +26,66 @@ spec:
      enabled: true
      ingress:
        host: matrix.axion1337.chat
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        tls:
+          - secretName: matrix-axion1337-chat-tls
+            hosts:
+              - matrix.axion1337.chat

    # Matrix Authentication Service – braucht eine Subdomain
    matrixAuthenticationService:
      enabled: true
      ingress:
        host: account.axion1337.chat
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        tls:
+          - secretName: account-axion1337-chat-tls
+            hosts:
+              - account.axion1337.chat

    # Matrix RTC (Element Call) – braucht auch eine Subdomain
    matrixRTC:
      enabled: true
      ingress:
        host: mrtc.axion1337.chat
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        tls:
+          - secretName: mrtc-axion1337-chat-tls
+            hosts:
+              - mrtc.axion1337.chat

    # Element Web
    elementWeb:
      enabled: true
      ingress:
        host: axion1337.chat
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        tls:
+          - secretName: axion1337-chat-tls
+            hosts:
+              - axion1337.chat

    # Element Admin
    elementAdmin:
      enabled: true
      ingress:
        host: admin.axion1337.chat
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-prod
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        tls:
+          - secretName: admin-axion1337-chat-tls
+            hosts:
+              - admin.axion1337.chat

    # Well-Known auf der Apex-Domain (axion1337.chat/.well-known/matrix/*)
    wellKnownDelegation:
-      enabled: true
-
-    # Gemeinsame Ingress-Basis (wird von allen Komponenten geerbt)
-    ingress:
-      className: traefik
-      annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-prod
-        traefik.ingress.kubernetes.io/router.tls: "true"
-      tlsEnabled: true
+      enabled: true