#certmanager — Public Fediverse posts on home.social

Saustrup @[email protected] · 2026-04-25 · 20:55 UTC

Numerous technical and security improvements on the infrastructure that supports https://mstdn.dk

DNS simplified extensively by migrating public facing secondary nameservers to #NSD using #CatalogZones from PowerDNS + DNSDist.
#DNSSEC reenabled
#ExternalDNS and #CertManager configuration vastly simplified.
#Ingress controller migrated from #Nginx to #Traefik

Bottom line: https://sikkerpånettet.dk/ now gives the site a 100% #security score. There are still improvements to be made (weirdly enough) - specifically I'm looking into supporting DANE for #TLS certificate signatures in #DNS.

Now that's off the TODO-list :-)

#mstdndk

#nsd #dnssec #externaldns #certmanager #ingress #nginx

Sam Lehman :nixos: @[email protected] · 2026-01-17 · 18:44 UTC

@Larvitz How is Step CA? Are you coming from another CA solution?

Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI

#stepca #kubernetes #certmanager #tpm #auth #cryptography

Sam Lehman :nixos: @Lehmanator · 2026-01-17 · 18:44 UTC

@Larvitz How is Step CA? Are you coming from another CA solution?

Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI

#stepca #kubernetes #certmanager #tpm #auth #cryptography

Sam Lehman :nixos: @[email protected] · 2026-01-17 · 18:44 UTC

@Larvitz How is Step CA? Are you coming from another CA solution?

Been thinking about running #stepca in my #kubernetes cluster, but have been apprehensive because of how many features seem to be gated behind smallstep's proprietary version. Would love to have this integrated with #certmanager and using the #tpm on my nodes. Was going to do a rearchitecting of my entire #auth and #cryptography stack when I switch from the deprecated #Ingress API to the #GatewayAPI

#stepca #kubernetes #certmanager #tpm #auth #cryptography

René Dudfield @renedudfield · 2025-03-26 · 06:51 UTC

I'm going to be at #kubecon. At the maintainers summit beforehand, at the contribfest, and at the #headlamp project pavilion.

Contribfest session: https://kccnceu2025.sched.com/event/1td0n

I'm looking forward to connecting with folks working on different projects. People have been quite busy building out Headlamp Kubernetes UIs for ecosystem tooling and standards like #gatewayapi #prometheus #keda #flux #minikube #backstage #inspektorgadget #flagger and #certmanager

#Kubernetes #cncf #cloudnativecon

#kubecon #headlamp #gatewayapi #prometheus #keda #flux