02959f1ac6
Adds a real README describing the 4-step deploy flow, with pfSense Unbound host overrides as step 1 (the prerequisite that, if skipped, silently breaks cert-manager HTTP-01 for ~2h per cert until manually diagnosed — root cause of the 2026-04-22 cluster-wide cert outage). Adds scripts/check-pfsense-dns.py: parses every apps/*/*.yaml, extracts hostnames from Certificate.spec.dnsNames and Traefik IngressRoute `Host(...)` match rules, and fails the check if any don't resolve via the system DNS (pfSense Unbound on this LAN). Ignores IRC server-link labels, image tags, comments — only checks hostnames cert-manager and Traefik will actually use. Run before `git push` or wire into pre-commit / Gitea Actions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3.7 KiB
3.7 KiB