From f3919cf72827e6a53f5131ca5fffceae44f4f899 Mon Sep 17 00:00:00 2001
From: Claude Code <noreply@anthropic.com>
Date: Sun, 5 Apr 2026 08:47:42 -0500
Subject: [PATCH] Add cert-manager Certificate for intranet ACME TLS
 auto-renewal

---
 apps/intranet/intranet.yaml | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/apps/intranet/intranet.yaml b/apps/intranet/intranet.yaml
index d712606..2201f5a 100644
--- a/apps/intranet/intranet.yaml
+++ b/apps/intranet/intranet.yaml
@@ -1,8 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  labels:
-    app.kubernetes.io/part-of: bluejay-infra
   name: intranet
 ---
 apiVersion: apps/v1
@@ -12,7 +10,6 @@ metadata:
   namespace: intranet
   labels:
     app: intranet-web
-    app.kubernetes.io/part-of: bluejay-infra
 spec:
   replicas: 1
   selector:
@@ -60,8 +57,6 @@ kind: Service
 metadata:
   name: intranet-web
   namespace: intranet
-  labels:
-    app.kubernetes.io/part-of: bluejay-infra
 spec:
   selector:
     app: intranet-web
@@ -70,13 +65,24 @@ spec:
       targetPort: 5300
       name: http
 ---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: intranet-tls
+  namespace: intranet
+spec:
+  secretName: intranet-tls
+  issuerRef:
+    name: step-ca-acme
+    kind: ClusterIssuer
+  dnsNames:
+    - intranet.iamworkin.lan
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: intranet
   namespace: intranet
-  labels:
-    app.kubernetes.io/part-of: bluejay-infra
 spec:
   entryPoints:
     - websecure
@@ -87,4 +93,4 @@ spec:
         - name: intranet-web
           port: 5300
   tls:
-    certResolver: step-ca
+    secretName: intranet-tls