fix(cert): ask for cert for both *.stonegarden.dev and stonegarden.dev

try to bypass letsenrypt rate-limiting for exact set of domains

k8s/infra/network/gateway/cert-stonegarden.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: cert-stonegarden
+  namespace: gateway
+spec:
+  dnsNames:
+    - "*.stonegarden.dev"
+    - stonegarden.dev
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: cloudflare-cluster-issuer
+  secretName: cert-stonegarden
+  usages:
+    - digital signature
+    - key encipherment

k8s/infra/network/gateway/gw-stonegarden.yaml

@@ -3,8 +3,8 @@ kind: Gateway
 metadata:
   name: stonegarden
   namespace: gateway
-  annotations:
+#  annotations:
-    cert-manager.io/issuer: cloudflare-issuer
+#    cert-manager.io/issuer: cloudflare-issuer
 spec:
   gatewayClassName: cilium
   infrastructure:
@@ -29,7 +29,8 @@ spec:
       tls:
         certificateRefs:
           - kind: Secret
-            name: cloudflare-cert
+            name: cert-stonegarden
+            #name: cloudflare-cert
       allowedRoutes:
         namespaces:
           from: All

k8s/infra/network/gateway/kustomization.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - cert-stonegarden.yaml
   - gateway-class.yaml
   - ns.yaml
   - cloudflare-api-token.yaml