1️⃣ Updated ClusterIssuer.yaml → Remove vendor email
2️⃣ Updated Ingress YAML for all 3 apps (add Sparsh domains)
3️⃣ Guide: How to check CI/CD (ArgoCD) from K9s
✅ Part-1 — Updated ClusterIssuer
👉 Replace the email from vendor → Sparsh team 👉 No change in validation type (HTTP01 still working)
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
spec:
acme:
email: devops@sparshhospital.com # UPDATED EMAIL
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: metabase-cert
solvers:
- http01:
ingress:
ingressClassName: haproxyTo apply:
kubectl apply -f clusterissuer-updated.yamlNo downtime.
🚀 Part-2 — Updated Ingress YAMLs for Sparsh Domains
⚠ We are adding Sparsh hosts — NOT removing medblocks (yet)
(A) Trino — trino-ingress.yaml (namespace: trino)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: trino-ingress
namespace: trino
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
ingressClassName: haproxy
tls:
- hosts:
- trino.medblocks.sparshhospital.com
- trino.sparshhospital.com
secretName: trino-cert
rules:
- host: trino.medblocks.sparshhospital.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: trino
port:
number: 8080
- host: trino.sparshhospital.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: trino
port:
number: 8080(B) Orchestration — orchestration-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: orchestration-ingress
namespace: trino
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
ingressClassName: haproxy
tls:
- hosts:
- orchestration.medblocks.sparshhospital.com
- orchestration.sparshhospital.com
secretName: orchestration-cert
rules:
- host: orchestration.medblocks.sparshhospital.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: orchestration
port:
number: 8080
- host: orchestration.sparshhospital.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: orchestration
port:
number: 8080(C) Prefect — prefect-ingress.yaml (namespace: prefect)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prefect-ingress
namespace: prefect
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
ingressClassName: haproxy
tls:
- hosts:
- prefect.medblocks.sparshhospital.com
- prefect.sparshhospital.com
secretName: prefect-cert
rules:
- host: prefect.medblocks.sparshhospital.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prefect-svc
port:
number: 4200
- host: prefect.sparshhospital.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prefect-svc
port:
number: 4200Apply all updates:
kubectl apply -f clusterissuer-updated.yaml
kubectl apply -f trino-ingress.yaml
kubectl apply -f orchestration-ingress.yaml
kubectl apply -f prefect-ingress.yaml➡ Cert-manager will automatically request updated certificates ➡ No restart required ➡ No downtime 🚀
🔎 Part-3 — How to Check CI/CD & App Sync in K9s
Since ArgoCD is your deployment controller:
In K9s UI
1️⃣ Press :
2️⃣ Type:
ns argocd3️⃣ Press Shift + : then type:
applicationsYou will see:
| Application | SYNC STATUS | HEALTH STATUS |
|---|
Example:
NAME SYNC STATUS HEALTH STATUS
apps-root Synced Healthy
trino Synced Healthy
prefect Synced Healthy📌 View sync details
Select → press:
dShows commit, repo, auto-sync status, errors if any.
📌 Force re-sync
Highlight → press:
r📌 Logs
Select a pod → press:
l🎯 Execution Summary
| Task | Status |
|---|---|
| ClusterIssuer updated | Ready to apply |
| Ingress updated to Sparsh domains | Ready to apply |
| DNS changes | 🔜 Next step |
| CI/CD Check instructions | ✔ Provided |
| Vendor dependency removal | 🎯 In-progress |
What I need from you next
Please proceed to:
1️⃣ Create DNS records
trino.sparshhospital.com → 13.200.177.89
orchestration.sparshhospital.com → 13.200.177.89
prefect.sparshhospital.com → 13.200.177.89After DNS propagation:
2️⃣ Test HTTPS
curl -I https://trino.sparshhospital.comIf response = HTTP/2 200, then 🎉 success