per-cluster differentiator SAN on tenants-wildcard cert (avoid LE Duplicate Cert rate limit)

2026-04-29 22:27:02 +02:00
parent 976c67afd1
commit 7ee9856e25
3 changed files with 21 additions and 2 deletions
--- a/values.yaml
+++ b/values.yaml
@@ -5,6 +5,15 @@

 namespace: odoosky-system

+
+# cluster — per-cluster identity passed by Tower as helm.values on each
+# per-cluster Application. The chart uses cluster.name to add a
+# differentiator SAN to the tenants-wildcard Certificate so Lets
+# Encrypts duplicate-cert rate limit doesnt collide across one
+# tenants multiple clusters.
+cluster:
+  name: ""
+
 # tenant — per-tenant identity injected by Tower as helm.values on
 # the per-cluster Argo Application. Empty defaults are safe to lint
 # but a real deploy MUST set domain + wildcardHost (the Certificate