ai-workspace-infra/gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(gitops): clarify cert-manager ownership

Browse Source
This commit is contained in:
Haitao Pan 2026-04-04 11:25:22 +08:00
parent dffcda8063
commit c5ff556e48
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
services/database/postgresql/README.md
View File

@ -30,3 +30,10 @@ Default certificate issuance uses ACME HTTP-01 through the `caddy` ingress
class. A DNS-01 Cloudflare issuer is predeclared for future wildcard and
additional subdomain certificates, and `selfSigned` remains available for
internal temporary or fallback use.
The boundary is intentionally narrow:
- `cert-manager` owns the TLS Secret lifecycle
- `Caddy` provides ingress routing and HTTP-01 challenge reachability
- `external-dns` only reconciles DNS records
- `external-secrets` continues to manage Vault-backed runtime secrets