update TLS config on ingresses

ansible-5/roles/prod.k3s/files/cert-manager/certificate.xai-corp.stg.yaml

@@ -14,10 +14,11 @@ spec:
   dnsNames:
     - xai-corp.net
     - www.xai-corp.net
-    - sql.xai-corp.net
+
   acme:
     config:
       - http01:
           ingressClass: traefik
         domains:
           - xai-corp.net
+          - www.xai-corp.net

ansible-5/roles/prod.k3s/files/funkwhale/values.yaml

@@ -14,6 +14,8 @@ ingress:
   #  protocol: https
   tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
     - secretName: xai-corp-production-tls
+      hosts:
+        - funkwhale.xai-corp.net
 
 replicaCount: 1
 

ansible-5/roles/prod.k3s/files/gitea/values.yaml

@@ -13,19 +13,23 @@ image:
   registry: ""
   repository: gitea/gitea
   # Overrides the image tag whose default is the chart appVersion.
-#  tag: "1.22.0"
+  tag: "1.24"
   pullPolicy: Always
   rootless: true # only possible when running 1.14 or later
 
 ingress:
   enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
   hosts:
     - host: git.xai-corp.net
       paths:
         - path: /
           pathType: Prefix
   tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
-    - secretName: xai-corp-production-tls
+    - secretName: xai-corp-production-tls-funkwhale
+      hosts:
+        - git.xai-corp.net
 
 persistence:
   enabled: true

ansible-5/roles/prod.k3s/files/nextcloud/values.yaml

@@ -3,7 +3,7 @@
 
 image:
   repository: nextcloud
-  tag: "29.0.6" #https://hub.docker.com/_/nextcloud/tags?page=1&name=28.
+  tag: "30.0.15" #https://hub.docker.com/_/nextcloud/tags?page=1&name=28.
   flavor: apache
 #  pullSecrets: regcred
 
@@ -14,9 +14,12 @@ ingress:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
     traefik.ingress.kubernetes.io/custom-response-headers: "Access-Control-Allow-Origin:*||Access-Control-Allow-Methods:GET,POST,OPTIONS||Access-Control-Allow-Headers:DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range||Access-Control-Expose-Headers:Content-Length,Content-Range"
+    cert-manager.io/cluster-issuer: letsencrypt-production
 
   tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
-    - secretName: xai-corp-production-tls
+    - secretName: xai-corp-production-tls-xaibox
+      hosts:
+        - xaibox.xai-corp.net
 
 nextcloud:
 #  image: xaicorp/nextcloud

ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml

@@ -33,6 +33,8 @@ ingress:
   # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
   tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
     - secretName: xai-corp-production-tls
+      hosts:
+        - stash.xai-corp.net
   annotations:
     ingress.kubernetes.io/force-hsts: "true"
     ingress.kubernetes.io/hsts-max-age: "315360000"

ansible-5/roles/prod.k3s/files/stash/values.yaml

@@ -9,10 +9,13 @@ image:
 
 ingress:
   main:
-    enabled: false
+    enabled: true
     hosts:
       - host: stash.xai-corp.net
         paths:
           - path: /
     tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
       - secretName: xai-corp-production-tls
+        hosts:
+          - stash.xai-corp.net
+