From 0811bc078bc209c2edd01962a4b6035ee7a52ef3 Mon Sep 17 00:00:00 2001
From: bluejay <admin@iamworkin.lan>
Date: Wed, 11 Mar 2026 02:45:15 +0000
Subject: [PATCH] Add cert-manager TLS certificate to agent-zero manifest

---
 apps/agent-zero/agent-zero.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/apps/agent-zero/agent-zero.yaml b/apps/agent-zero/agent-zero.yaml
index c4c2ecc..00de3c1 100644
--- a/apps/agent-zero/agent-zero.yaml
+++ b/apps/agent-zero/agent-zero.yaml
@@ -247,6 +247,26 @@ spec:
   tls:
     secretName: agent-zero-tls
 
+# =============================================================================
+# TLS Certificate via cert-manager (step-ca ACME)
+# =============================================================================
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: agent-zero-tls
+  namespace: agent-zero
+spec:
+  secretName: agent-zero-tls
+  issuerRef:
+    name: step-ca-acme
+    kind: ClusterIssuer
+  dnsNames:
+    - agent-zero.iamworkin.lan
+  duration: 720h
+  renewBefore: 240h
+
 # =============================================================================
 # NetworkPolicy — Restrict traffic
 # =============================================================================