Aktualisiere Installationsanweisungen und entferne nicht benötigte TLS-Zertifikatdefinitionen für Gateways

05_base_apps_and_tools/installation_instructions.md

@@ -1,28 +1,28 @@
-# Basic requirements
-
-In diesem Schritt installieren wir
-- phase-secrets-operator
-- cert-manager
-- external-DNS mit Webhook Provider für Unifi
-
-## Phase-Secrets-Operator
+# Phase-Secrets-Operator
 
 helm repo add phase https://helm.phase.dev && helm repo update
 
 helm install phase-secrets-operator phase/phase-kubernetes-operator --set image.tag=v1.3.0
 
 kubectl create secret generic phase-service-token \
-  --from-literal=token=pss_service:v2:XXXXXXXXXXXXXXXXXXXXX \
+  --from-literal=token=<TOKEN> \
   --type=Opaque \
   --namespace=default
 
-## Cert-Manager und Cluster-Issuer
+# Cert-Manager installieren
+# 1. Repository hinzufügen und updaten
+helm repo add jetstack https://charts.jetstack.io && helm repo update
 
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.19.2/cert-manager.yaml
+# 2. Installation mit Gateway API Support
+helm install cert-manager jetstack/cert-manager \
+  --namespace cert-manager \
+  --create-namespace \
+  --set installCRDs=true \
+  --set "config.enableGatewayAPI=true"
 
-k apply -f manifests
+kubectl apply -f manifests
 
-## External-DNS
+# External DNS installieren
 
 helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
 

06_argocd_installation/argo-prepare.yaml

@@ -39,16 +39,3 @@ spec:
           - kind: GRPCRoute
         namespaces:
           from: All
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: argocd-gateway-tls
-  namespace: argocd
-spec:
-  secretName: argocd-gateway-tls
-  dnsNames:
-  - argocd.k8s.hnrx.net
-  issuerRef:
-    name: cloudflare-cluster-issuer
-    kind: ClusterIssuer

07_bootstrap_argocd/shared-gateway.yaml

@@ -24,17 +24,3 @@ spec:
         mode: Terminate
         certificateRefs:
           - name: shared-gateway-tls
-
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: shared-gateway-tls
-  namespace: default
-spec:
-  secretName: shared-gateway-tls
-  dnsNames:
-  - '*.k8s.hnrx.net'
-  issuerRef:
-    name: cloudflare-cluster-issuer
-    kind: ClusterIssuer