Goals + Recap

  • Trying to do a tiny bit today
  • Got secrets to work yesterday. Now to get certs working
  • The plan is to redo the cluster again and do my own instance of
    • K3s
    • Sealed Secrets
    • Certmanager
    • Letsencrypt (using pre existing certs)
    • Get Traefik Ingress to work
  • And once that is done, do kanboard again
  • Begin by moving (lifting and shifting in popular parlance) Kanboard to the cluster
    • Cert will probably be needed
    • Learn how to configure an app with code
    • Figure out secrets, if there are any (for now sealed secrets ok, figure out vault and vault injection later)
    • Learn how to tunnel through and reverse proxy
    • Learn how to store data and back it up
  • Move Miniflux next, followed by Hedgedoc

2025-11-30 11:15

  • Funky Penguin has an External DNS guide, but I’d rather point to the services manually. They don’t change that often.
  • I already have a wild card certificate going with Lego. Web+LLM searches tell me I can have two different sources request wild card certs. Let’s see how this goes
  • I, sort of like the idea, that the Funky Penguin guide is a little out of date. So while I get at the principles and the big ideas, the execution of everything is now up to me
  • And now that I know what I am doing, it’s easier to go search for and adapt things. Cert Manager, for example has a page that does exactly what I want with Flux. I would not have know earlier though
  • 2025-11-30 13:40: Did my first app deploy with zero errors! Hopefully more practice will lend me speed

2025-11-30 14:30

  • Back after a short break
  • Now to move on to configuring Letsencrypt as a certificate issuer with Cert Manager
  • 2025-11-30 16:00: Hiccough! Porkbun isn’t natively supported as a DNS challenge solver. Need to figure out what to do next. Get Porkbun challenges working somehow? Or change my domain’s DNS to a cert-manager supported DNS provider? Or can it use my existing lego generated certs? Pondering hat on …
  • 2025-11-30 18:00: Break

2025-11-30 18:50

  • Back
  • Think I won’t touch cert-manager for now. Will probably use it for inter app communication if needed later
  • Will just use the existing lego wildcard certs, use sealed secrets to post them to git, and then have flux pull it in as a tls secret for use by traefik. Ok this is the big idea. Now to put it into practice
  • 2025-11-30 20:15: Was still reading up. Rubber hits the road tomorrow morn

Feedback on this post?
Mail me at feedback at this domain.