Oh wow! I had some weird stuff in the GatewayAPI config for HTTP to HTTPS redirect which was blocking ACME.
Now I have CertManager correctly issuing certificates from my private StepCA, using the http01 solver behind GatewayAPI! Blog coming (eventually). 
I spent probably a weeks worth of hours learning more #kubernetes so I could save $60 a month.
I have a nice 3 node kube cluster with a 2 node #keepalived #haproxy TCP load balancer. All on #ARM VPS.
Haproxy ingress
#ExternalDNS operator
#CertManager
#RookCeph
#ArgoCD
#KeyCloak
#ValKey
#Mastodon
#CloudNativePG #Postgresql
openDesk läuft ausschließlich auf Kubernetes und nutzt über 35 Helm-Charts für den produktiven Betrieb. Voraussetzungen: K8s >=1.24, Ingress-NGINX, cert-manager, Helm, Helmfile, RWO-Volumes & externe Dienste wie Redis, Postfix & Co.
Details: https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/develop/docs/requirements.md
#Kubernetes #Helm #DevOps #OpenSource #openDesk #GovTech #CloudNative #Ingress #certManager #DigitalSovereignty
I'm going to be at #kubecon. At the maintainers summit beforehand, at the contribfest, and at the #headlamp project pavilion.
Contribfest session: https://kccnceu2025.sched.com/event/1td0n
I'm looking forward to connecting with folks working on different projects. People have been quite busy building out Headlamp Kubernetes UIs for ecosystem tooling and standards like #gatewayapi #prometheus #keda #flux #minikube #backstage #inspektorgadget #flagger and #certmanager
Those who've been reading my toots, might have picked up on the fact that I'm building a #kubernetes cluster from scratch (yes, I like pain). After figuring out #cri_o #calico #certmanager #metallb #traefik and #cloudnativepg I finally deployed my first actual application: #nextcloud ! Wueeh! Extremely stocked! Now I need to figure out how I rope in my ZFS box for persistence, and then I'm ready for a deployment in testing! #k8s #selfhosting
Managed to migrate my first #Truecharts app from #TrueNAS to #Talos.
Do this only if you need another hobby. It is definitely nothing like the comfort the TrueNAS App Catalogue and UI provided.
But i like #Kubernetes and so it is fine for me, to play around with #CertManager, #RenovateBot, #FluxCD and #VolSync. Just have to compare resource consumption now 
#CertManager can now be rolled out with GOP. We're planning to extend the support to automatically provision #TLS certs via #letsencrypt / #ACME for all tools with a single parameter 
This release also contains contributions of our new maintainer Thomas Michael. Welcome to the team 
Isn't there a decent alternative to #certmanager in #kubernetes ?
I need a tool that support #powerdns api.
kube-lego sadly is deprecated
An alle #CertManager Profis:
Lassen sich mit der DNS-Challenge und #Webhook auf einem anderen Server, als auf dem die #Domain und Website gehostet ist, #Zertifikate für die Hauptdomain wie z.B. meinedomain.de erzeugen?
Hintergrund: mein #ejabberd läuft bei mir zuhause auf meiner Hauptdomain, für mein Domain-/Webhoster gibts aber keinen Webhook... Daher erwäge ich zu wechseln falls das möglich wäre...
Evtl. kann auch @CertManager, @netcup oder @team was dazu sagen 
So I've managed to finally get #Traefik working with #CertManager.
It took lots of frustration, a sidequest around attempting replace Traefik with the #Cilium Gateway API implementation, to lots of annoyance and frustration, broken iptables, but we finally got back to pretty much where we started and things started to fall in place from here.
So the good news is by separating certificates from Traefik, we can now get Traefik doing HA. Why you ask? Just cause.
Cert-Manager es DIOS y quien diga lo contrario tendrá que verselas conmigo.
I had the rare opportunity to need to send a physical mail, a form. There used to be a SAM machine near my place where you can print out a stamp but they removed it recently.
I search for the nearest SAM machines near me, Google Maps showed the nearest one and along with the business info, included is the URL https://mysam.sg.
Ha, funktioniert: LoadBalancer für #dovecot wird automatisch erzeugt, automatisch in DNS eingetragen und automatisch ein TLS-Zertifikat erzeugt. Langsam nimmt mein Mail-auf-Kubernetes-Setup Form an.
