Set cert-manager issuer for all ingresses

cluster/apps/authentik/helm-release.yaml

@@ -55,6 +55,7 @@ spec:
     ingress:
       enabled: true
       annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-production
         traefik.ingress.kubernetes.io/router.entrypoints: websecure
       hosts:
         - host: &host "auth.${SECRET_NEW_DOMAIN}"

cluster/apps/database/postgresql/pgadmin4/helm-release.yaml

@@ -19,6 +19,7 @@ spec:
     ingress:
       enabled: true
       annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-production
         traefik.ingress.kubernetes.io/router.entrypoints: websecure
       hosts:
         - host: &host pgsql.database.${SECRET_DOMAIN}

cluster/apps/download/bazarr/helm-release.yaml

@@ -32,6 +32,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:

cluster/apps/download/mylar3/helm-release.yaml

@@ -36,6 +36,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:

cluster/apps/download/prowlarr/helm-release.yaml

@@ -43,6 +43,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:

cluster/apps/download/qbittorrent/ingress.yaml

@@ -4,6 +4,7 @@ metadata:
   name: qbittorrent-ingress
   namespace: download
   annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
 spec:

cluster/apps/download/radarr/helm-release.yaml

@@ -45,6 +45,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:

cluster/apps/download/readarr/audiobook-helm.yaml

@@ -43,6 +43,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:

cluster/apps/download/readarr/ebook-helm.yaml

@@ -43,6 +43,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:

cluster/apps/download/sonarr/helm-release.yaml

@@ -45,6 +45,7 @@ spec:
       main:
         enabled: true
         annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:

cluster/apps/irc/thelounge/helm-release.yaml

@@ -37,6 +37,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "lounge.${SECRET_NEW_DOMAIN}"

cluster/apps/irc/znc/helm-release.yaml

@@ -48,8 +48,8 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
-#          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
           - host: &host "znc.${SECRET_NEW_DOMAIN}"
             paths:

cluster/apps/management/guacamole/helm-release.yaml

@@ -44,6 +44,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "remote.${SECRET_NEW_DOMAIN}"

cluster/apps/media/audiobookshelf/helm-release.yaml

@@ -33,6 +33,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "audiobooks.${SECRET_NEW_DOMAIN}"

cluster/apps/media/jellyfin/helm-release.yaml

@@ -36,6 +36,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "watch.${SECRET_NEW_DOMAIN}"

cluster/apps/media/jellyseerr/helm-release.yaml

@@ -39,6 +39,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "request.${SECRET_NEW_DOMAIN}"

cluster/apps/media/kavita/helm-release.yaml

@@ -30,6 +30,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "books.${SECRET_NEW_DOMAIN}"

cluster/apps/media/komga/helm-release.yaml

@@ -32,6 +32,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "comics.${SECRET_NEW_DOMAIN}"

cluster/apps/media/plex/helm-release.yaml

@@ -47,6 +47,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "plex.${SECRET_NEW_DOMAIN}"

cluster/apps/tools/gotify/helm-release.yaml

@@ -36,6 +36,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "notif.${SECRET_NEW_DOMAIN}"

cluster/apps/tools/hastebin/helm-release.yaml

@@ -50,6 +50,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "paste.${SECRET_NEW_DOMAIN}"

cluster/apps/tools/transfersh/helm-release.yaml

@@ -50,6 +50,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "upload.${SECRET_NEW_DOMAIN}"

cluster/apps/tools/vaultwarden/helm-release.yaml

@@ -33,6 +33,7 @@ spec:
       main:
         enabled: true
         annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
         hosts:
           - host: &host "bitwarden.${SECRET_NEW_DOMAIN}"

cluster/core/cert-manager/wildcard-cert.yaml

@@ -8,7 +8,7 @@ spec:
 
   secretTemplate:
     annotations:
-      replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik,database"
+      replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik,database,monitoring"
 
   duration: 2160h # 90d
   renewBefore: 360h # 15d

cluster/core/networking/traefik/dashboard-ingress.yaml

@@ -4,6 +4,7 @@ metadata:
   name: traefik-dash-ingress
   namespace: traefik
   annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
 spec:

cluster/core/storage/longhorn/ingress.yaml

@@ -4,6 +4,7 @@ metadata:
   name: longhorn-ingress
   namespace: longhorn-system
   annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
   rules: