Christian Lawson-Perfect @christianp

1 post1 participant0 posts today

Replied in thread

**Yorgos Saslis** @yorgos@chaos.social · 1d

It is now already Tuesday morning but everything is back online.

#Pihole is back up so #DNS resolution works again and the rest of the family can use the internet!
NFS provisioners can provide persistent volumes,
#CertManager issues HTTPS certificates,
#Unifi controller is back up to allow me to actually make changes to my network config (such as, say, change DNS settings when pihole is down... )
#HomeAssistant automates away,
#Nextcloud is seeing sunnier days,
#Photoprism <3

Continued thread

**Harald Klinke** @HxxxKxxx@det.social · Apr 13

Apr 13

Harald Klinke @HxxxKxxx@det.social

openDesk läuft ausschließlich auf Kubernetes und nutzt über 35 Helm-Charts für den produktiven Betrieb. Voraussetzungen: K8s >=1.24, Ingress-NGINX, cert-manager, Helm, Helmfile, RWO-Volumes & externe Dienste wie Redis, Postfix & Co.
Details: https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/develop/docs/requirements.md
#Kubernetes #Helm #DevOps #OpenSource #openDesk #GovTech #CloudNative #Ingress #certManager #DigitalSovereignty

GitLabdocs/requirements.md · develop · BMI / openDesk / Deployment / openDesk · GitLabHelmfile / Helm chart-based deployment automation for openDesk Community and Enterprise Edition.

Continued thread

**René Dudfield** @renedudfield@fosstodon.org · Apr 1

Apr 1

René Dudfield @renedudfield@fosstodon.org

A new UI for cert-manager
https://headlamp.dev/blog/2025/02/27/simplifying-certificate-management-in-kubernetes-with-the-new-cert-manager-plugin-for-headlamp/

Your Kubernetes Experience · Feb 27Simplifying Certificate Management in Kubernetes with the new cert-manager plugin for Headlamp | HeadlampSimplifying Certificate Management in Kubernetes with the new cert-manager plugin for Headlamp

#kubernetes #kubecon #certmanager

**René Dudfield** @renedudfield@fosstodon.org · Mar 26 *

Mar 26 *

René Dudfield @renedudfield@fosstodon.org

I'm going to be at #kubecon. At the maintainers summit beforehand, at the contribfest, and at the #headlamp project pavilion.

Contribfest session: https://kccnceu2025.sched.com/event/1td0n

I'm looking forward to connecting with folks working on different projects. People have been quite busy building out Headlamp Kubernetes UIs for ecosystem tooling and standards like #gatewayapi #prometheus #keda #flux #minikube #backstage #inspektorgadget #flagger and #certmanager

kccnceu2025.sched.comKubeCon + CloudNativeCon Europe 2025: 🚨 Contribfest: Make Your Own UI for Kube...View more about this event at KubeCon + CloudNativeCon Europe 2025

#Kubernetes #cncf #cloudnativecon

**LavX News** @lavxnews@mastodon.cloud · Feb 3

Feb 3

LavX News @lavxnews@mastodon.cloud

Unlocking Efficiency: vCluster 0.22 Enhances TLS Management and Resource Optimization

The latest release of vCluster introduces groundbreaking features that simplify TLS certificate management and optimize resource usage in Kubernetes. With the integration of cert-manager and the innov...

https://news.lavx.hu/article/unlocking-efficiency-vcluster-0-22-enhances-tls-management-and-resource-optimization

#news #tech #Kubernetes

**Gilgwath** @gilgwath@social.tchncs.de · Jan 14

Jan 14

Gilgwath @gilgwath@social.tchncs.de

Those who've been reading my toots, might have picked up on the fact that I'm building a #kubernetes cluster from scratch (yes, I like pain). After figuring out #cri_o #calico #certmanager #metallb #traefik and #cloudnativepg I finally deployed my first actual application: #nextcloud ! Wueeh! Extremely stocked! Now I need to figure out how I rope in my ZFS box for persistence, and then I'm ready for a deployment in testing! #k8s #selfhosting

**Bob Dendry** @bobdendry@mstdn.games · Sep 21, 2024

Sep 21, 2024

Bob Dendry @bobdendry@mstdn.games

So I've managed to finally get #Traefik working with #CertManager.

It took lots of frustration, a sidequest around attempting replace Traefik with the #Cilium Gateway API implementation, to lots of annoyance and frustration, broken iptables, but we finally got back to pretty much where we started and things started to fall in place from here.

So the good news is by separating certificates from Traefik, we can now get Traefik doing HA. Why you ask? Just cause.

#Kubernetes #Docker #homelab

**Z3r0 ~** @z3r0@maverick-hq.org · Sep 19, 2024

Sep 19, 2024

Z3r0 ~ @z3r0@maverick-hq.org

Cert-Manager es DIOS y quien diga lo contrario tendrá que verselas conmigo.

#KubeCosas #CertManager

**Mika** @irfan@sakurajima.social · Jul 12, 2024

Jul 12, 2024

Mika @irfan@sakurajima.social

I've just merged a huge PR to my #Orked (O-tomated RKE Distribution - GREAT NAME I KNOW) that makes it easier than ever for anyone to set up a production-ready #RKE2 #Kubernetes cluster in their #homelab.

With this collection of scripts, all you need to do is just provision the nodes required, including a login/management node, and run the scripts right from the login node to configure all of the other nodes to make up the cluster. This setup includes:

- Configuring the Login node with any required or essential dependencies (such as #Helm, #Docker, #k9s, #kubens, #kubectx, etc.)

- Setup passwordless #SSH access from the Login node to the rest of the Kubernetes nodes

- Update the hosts file for strictly necessary name resolution on the Login node and between the Kubernetes nodes

- Necessary, best practice configurations for all of the Kubernetes nodes including networking configuration, disabling unnecessary services, disabling swap, loading required modules, etc.

- Installation and configuration of RKE2 on all the Kubernetes nodes and joining them together as a cluster

- Installation and configuration of #Longhorn storage, including formatting/configuring their virtual disks on the Worker nodes

- Deployment and configuration of #MetalLB as the cluster's load-balancer

- Deployment and configuration of #Ingress #NGINX as the ingress controller and reverse proxy for the cluster - this helps manage external access to the services in the cluster

- Setup and configuration of #cert-manager to obtain and renew #LetsEncrypt certs automatically - supports both #DNS and HTTP validation with #Cloudflare

- Installation and configuration of #csi-driver-smb which adds support for integrating your external SMB storage to the Kubernetes cluster

Besides these, there are also some other helper scripts to make certain related tasks easy such as a script to set a unique static IP address and hostname, and another to toggle #SELinux enforcement to on or off - should you need to turn it off (temporarily).

If you already have an existing RKE2 cluster, there's a step-by-step guide on how you could use it to easily configure and join additional nodes to your cluster if you're planning on expanding.

Orked currently expects and supports #RockyLinux 8+ (should also support any other #RHEL distros such as #AlmaLinux), but I am planning to improve the project over time by adding more #Linux distros, #IPv6 support, and possibly even #K3s for a more lightweight #RaspberryPi cluster for example.

I've used this exact setup to deploy and manage vital services to hundreds of unique clients/organisations that I've become obsessed with sharing it to everyone and making it easier to get started. If this is something that interests you, feel free to check it out!

If you're wondering what to deploy on a Kubernetes cluster - feel free to also check out my #mika helm chart repo

https://github.com/irfanhakim-as/orked

https://github.com/irfanhakim-as/charts

O-tomated RKE Distribution (Orked) is a collection of scripts that aims to easily and reliably set up a production-ready Kubernetes cluster based on RKE2, with Longhorn storage, that is highly perf...

GitHubGitHub - irfanhakim-as/orked at stop-clusterO-tomated RKE Distribution (Orked) is a collection of scripts that aims to easily and reliably set up a production-ready Kubernetes cluster based on RKE2, with Longhorn storage, that is highly perf...

#csidriversmb #certmanager

**bashfulrobot / Dustin Krysak** @bashfulrobot@hachyderm.io · Jul 1, 2024

Jul 1, 2024

bashfulrobot / Dustin Krysak @bashfulrobot@hachyderm.io

Can anyone recommend a free #dns provider that can be used with cert-manager? Besides Cloudflare? #kubernetes #certmanager

Replied in thread

**Scott Williams** @vwbusguy@mastodon.online · Mar 26, 2024

Mar 26, 2024

Scott Williams @vwbusguy@mastodon.online

@deathkitten So far, I'm able to reproduce it with #LetsEncrypt certs issued from #certbot, #caddy, and #certmanager, both fresh and a month or two old.

Firefox 123.0.1 doesn't trust any of them.

Again, it still works because the OS CA trust includes it, so most users won't notice anything broken (yet).

**Scott Williams** @vwbusguy@mastodon.online · Nov 15, 2023

Nov 15, 2023

Scott Williams @vwbusguy@mastodon.online

I really wish I could remember what I was talking about here.

If you do it initially by kubectl like the cert-manager docs say to do, it brings a curse upon the household of your cluster for helm chart generations to come

#certmanager #Kubernetes

**Mike Tougeron** @touge@hachyderm.io · Nov 4, 2023

Nov 4, 2023

Mike Tougeron @touge@hachyderm.io

At #Rejekts and so excited. I love this #conference. I've already had an awesome talk about #certmanager and the day has barely begun. cc @Rejekts

**Elan Hasson** @elan@publicsquare.global · Oct 30, 2023

Oct 30, 2023

Elan Hasson @elan@publicsquare.global

DNS01 and HTTP01 Solvers in a Single ClusterIssuer — Cert Manager | by Goutham Pilla
https://gouthampilla.medium.com/dns01-and-http01-solvers-in-a-single-clusterissuer-cert-manager-ef419c0a26

#certmanager #cert-manager #kubernetes

MediumMedium

**drmorr** @drmorr@hachyderm.io · Oct 10, 2023

Oct 10, 2023

drmorr @drmorr@hachyderm.io

As much as I don't want to be dealing with TLS/encryption nonsense right now, I will say that cert-manager is dope.

#kubernetes #k8s #certmanager

Continued thread

**Cees-Jan Kiewiet** @wyri@haxim.us · Oct 7, 2023

Oct 7, 2023

Cees-Jan Kiewiet @wyri@haxim.us

Kubernetes home lab using lego thread imported from Bird site

**Grant Limberg** @grant@social.zerotier.com · Oct 5, 2023 *

Oct 5, 2023 *

Grant Limberg @grant@social.zerotier.com

Has anyone out there managed to get @CertManager working with the Gateway API on Google Kubernetes Engine? I can't for the life of me get the ACME Solver’s HTTPRoute to attach to the gateway and actually issue the certificate. The route object creates just fine as far as I can see, but the endpoint is never served; even after waiting for hours.

#GKE #Kubernetes #k8s

**AZcoigreach** @azcoigreach@stranger.social · Jul 15, 2023

Jul 15, 2023

AZcoigreach @azcoigreach@stranger.social

Is anyone savvy on #Kubernetes #Nginx and #CertManager that can help me get my cert-manager to work through the proxy-protocol? My cert-manager can't renew certificates with the proxy. And I need the proxy on so I can see IP addresses outside the server.

Continued thread

**Lucas Roesler** @theaxer@floss.social · Apr 19, 2023

Apr 19, 2023

Lucas Roesler @theaxer@floss.social

So far it seems to be a spec for how to define and then use standard naming (and naturally tokens/certs) to identify and then of course authenticate workloads #KubeCon

Best of all, a quick Google shows that there are already people playing with #SPIFFE and #OpenPolicyAgent

https://github.com/spiffe/spire-tutorials/blob/main/k8s/envoy-opa/k8s/backend/config/opa-policy.rego

This session is showing off integration with #CertManager

GitHubspire-tutorials/opa-policy.rego at main · spiffe/spire-tutorialsContribute to spiffe/spire-tutorials development by creating an account on GitHub.