Add cert-manager Certificate for intranet ACME TLS auto-renewal

apps/intranet/intranet.yaml

@@ -1,8 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  labels:
-    app.kubernetes.io/part-of: bluejay-infra
   name: intranet
 ---
 apiVersion: apps/v1
@@ -12,7 +10,6 @@ metadata:
   namespace: intranet
   labels:
     app: intranet-web
-    app.kubernetes.io/part-of: bluejay-infra
 spec:
   replicas: 1
   selector:
@@ -60,8 +57,6 @@ kind: Service
 metadata:
   name: intranet-web
   namespace: intranet
-  labels:
-    app.kubernetes.io/part-of: bluejay-infra
 spec:
   selector:
     app: intranet-web
@@ -70,13 +65,24 @@ spec:
       targetPort: 5300
       name: http
 ---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: intranet-tls
+  namespace: intranet
+spec:
+  secretName: intranet-tls
+  issuerRef:
+    name: step-ca-acme
+    kind: ClusterIssuer
+  dnsNames:
+    - intranet.iamworkin.lan
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: intranet
   namespace: intranet
-  labels:
-    app.kubernetes.io/part-of: bluejay-infra
 spec:
   entryPoints:
     - websecure
@@ -87,4 +93,4 @@ spec:
         - name: intranet-web
           port: 5300
   tls:
-    certResolver: step-ca
+    secretName: intranet-tls