Johannes Kastl3d ago

As Hetzner is deprecating dns configuration via the dns-console, I migrated my domains to the new Cloud API. Last piece of the puzzle was to create new tokens and move from the old cert-manager-webhook-hetzner (by vadimkim) to the official chart maintained by Hetzner.

Migrated my 7 kubernetes clusters (k3s, rke2, OpenShift) without major hiccups, only had to do some cleanup due to old acme challenge entries being leftover after the migration (as cert-manager could not remove them without the new webhook and API token).

Only things left are the machines without k3s using lego.

#homelab #hetzner #certmanager #dns #hellyeah #kubernetes #k3s #rke2

HabrMar 2

Как сделать релизы скучными: production baseline на Kubernetes и GitLab CI/CD

Монолит без тестов. Деплой только ночью. Пять минут гарантированного простоя на каждом релизе. Логи — в файле. О проблемах узнаём от клиента. Малый/средний бизнес МФО, без отдельного DevOps-инженера. “Специально обученный тимлид”, который знает, какие костыли подпирают систему. Рассказываю, как из этого получился production baseline: Kubernetes, GitLab CI/CD и наблюдаемость, после которых релизы стали скучными.

https://habr.com/ru/articles/1004956/

#cicd #yandexcloud #kubernetes #gitlab #prometheus #devops #certmanager #helm #logging #deployment

Как сделать релизы скучными: production baseline на Kubernetes и GitLab CI/CD

Несмотря на то, что я себя позиционирую больше как системный архитектор и CTO, порой важно спуститься и на самый низ абстракции — на инфраструктурный уровень. Полагаю, что хорошей архитектуре весьма...

Хабр
Simon Foster 🖖Feb 26
Effortlessly manage SSL certs with Let's Encrypt & Cert Manager in Kubernetes! 🌐🔒 https://www.funkysi1701.com/posts/2025/kubernetes-and-letsencrypt/ #Kubernetes #LetsEncrypt #SSL #CertManager #Helm #Cloudflare #DevOps #Security #Automation
Automating SSL for Kubernetes with Let's Encrypt and Cert Manager

How to automate SSL certificates for Kubernetes services using Let's Encrypt, Cert Manager, Helm, and Cloudflare for secure, hassle-free deployments.

Funky Si's Blog
Show threadSam Lehman Jan 17

@Larvitz How is Step CA? Are you coming from another CA solution?

Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI

MikaDec 1
Updated #Orked, my collection of scripts to help set up a production-ready #RKE2 #Kubernetes cluster in your #homelab. This update brings general improvements to the scripts, improved documentation, #HAProxy load balancer support for load balancing multiple Master nodes, and upgraded all components including RKE2, #Longhorn, #Nginx Ingress, #Cert-manager, #MetalLB, #Rancher, etc. to their latest versions.

I still hope someday to support more Kubernetes distributions like #k3s, but haven't gotten around to it. I've also been planning to support more #Linux distros as the base too, instead of only #RockyLinux/#RHEL, but that'll have to wait as well for now. Regardless, I am quite happy with how mature and stable these scripts have turned out to be. If you'd like to set up a cluster of your own, maybe check it out!

🔗 https://github.com/irfanhakim-as/orked

🔗 https://github.com/irfanhakim-as/orked/pull/41
HabrNov 29

Инструкция по настройке Удостоверяющего Центра (CA) на базе HashiCorp Vault и OpenSSL в Kubernetes

Эта инструкция представляет собой полное руководство по развертыванию отказоустойчивого кластера HashiCorp Vault в Kubernetes и настройке двухуровневой Public Key Infrastructure (PKI). Корневой сертификат и промежуточный CA создаются через OpenSSL, но промежуточный импортируется и настраивается в Vault для повседневного выпуска сертификатов. Инфраструктура интегрируется с cert-manager для автоматического управления жизненным циклом TLS-сертификатов.

https://habr.com/ru/articles/971494/

#сертификат #vault #kubernetes #certmanager

Инструкция по настройке Удостоверяющего Центра (CA) на базе HashiCorp Vault и OpenSSL в Kubernetes

Цель: Автоматическое получение сертификатов от Certificate Autority c самоподписанный сертификатом используя vault и cert-manager в Kubernetes Обзор Эта инструкция представляет собой ��олное...

Хабр
MikaNov 20
Hmm my services are running fine as far as I can tell, but my #Rancher/#RKE2 #Kubernetes cluster is acting up - possibly #etcd related?

Biggest tell being how the control plane/API server not being the most responsive, and some essential pods failing/restarting including #cert-manager, cloud-controller-manager, csi-smb-controller, kube-apiserver, kube-scheduler, rke2-snapshot-controller, csi-provisioner + -resizer, -snapshotter, yadda yadda.

Not sure what could be causing it just yet.
Mauricio Teixeira🐧Aug 7, 2025

Oh wow! I had some weird stuff in the GatewayAPI config for HTTP to HTTPS redirect which was blocking ACME.

Now I have CertManager correctly issuing certificates from my private StepCA, using the http01 solver behind GatewayAPI! Blog coming (eventually). 🎉

#HomeLab #GatewayAPI #Kubernetes #CertManager #StepCA #TalosLinux

Janik   Aug 5, 2025
I tinkered with #arm64 #Docker #RaspberryPi #K3s #dyndns #FritzBox #pironman5 #certmanager #ingressnginx and got this https://janikvonrotz.k3s.raspberrypi.build/ running 
Janik von Rotz

Curious, Dedicated, Humble

adminJul 28, 2025

Solved: HTTP 525/526 CloudFlare Errors

https://raynix.info/archives/4926