From 2c57f8005d7f5fab22ec1033ab5ec441658e0a98 Mon Sep 17 00:00:00 2001 From: Shahab Dogar Date: Sat, 29 Nov 2025 13:20:31 +0500 Subject: [PATCH] feat: MediaServices | add ingress for arr services --- media-services/index.ts | 1 + media-services/jellyfin/index.ts | 15 ++++++++++++- media-services/prowlarr/index.ts | 35 +++++++++++++++++++++++++---- media-services/qbittorrent/index.ts | 22 +++++++++++++----- media-services/radarr/index.ts | 16 ++++++++++++- media-services/sonarr/index.ts | 16 ++++++++++++- 6 files changed, 92 insertions(+), 13 deletions(-) diff --git a/media-services/index.ts b/media-services/index.ts index 428224f..43451c9 100644 --- a/media-services/index.ts +++ b/media-services/index.ts @@ -76,6 +76,7 @@ export class MediaServices extends TerraformStack { new ProwlarrServer(this, "prowlarr", { provider, namespace, + host: "prowlarr.dogar.dev", }); } } diff --git a/media-services/jellyfin/index.ts b/media-services/jellyfin/index.ts index c4692e2..1f8fe81 100644 --- a/media-services/jellyfin/index.ts +++ b/media-services/jellyfin/index.ts @@ -2,7 +2,11 @@ import { Construct } from "constructs"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; -import { InternalIngressRoute, LonghornPvc } from "../../utils"; +import { + CloudflareCertificate, + InternalIngressRoute, + LonghornPvc, +} from "../../utils"; import { BaseMediaServiceOptions, getAamil3NodeSelector } from "../types"; type JellyfinServerOptions = BaseMediaServiceOptions & { @@ -137,6 +141,14 @@ export class JellyfinServer extends Construct { }, }); + new CloudflareCertificate(this, "certificate", { + provider, + namespace, + name, + secretName: "jellyfin-tls", + dnsNames: [host], + }); + // Ingress - using internal ingress for secure access new InternalIngressRoute(this, "ingress", { provider, @@ -145,6 +157,7 @@ export class JellyfinServer extends Construct { host, serviceName: name, servicePort: 80, + tlsSecretName: "jellyfin-tls", }); } } diff --git a/media-services/prowlarr/index.ts b/media-services/prowlarr/index.ts index 2955d59..73ff85b 100644 --- a/media-services/prowlarr/index.ts +++ b/media-services/prowlarr/index.ts @@ -2,18 +2,27 @@ import { Construct } from "constructs"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; -import { LonghornPvc } from "../../utils"; +import { + InternalIngressRoute, + LonghornPvc, + PrivateCertificate, +} from "../../utils"; import { BaseMediaServiceOptions, getWorkerNodeSelector, getCommonEnv, } from "../types"; +type ProwlarrOptions = BaseMediaServiceOptions & { + /** Hostname for the ingress */ + host: string; +}; + export class ProwlarrServer extends Construct { - constructor(scope: Construct, id: string, options: BaseMediaServiceOptions) { + constructor(scope: Construct, id: string, options: ProwlarrOptions) { super(scope, id); - const { provider, namespace } = options; + const { provider, namespace, host } = options; const name = "prowlarr"; // Config PVC with backup @@ -102,6 +111,24 @@ export class ProwlarrServer extends Construct { }, }); - // Note: No ingress - Prowlarr is for internal use only + new PrivateCertificate(this, "certificate", { + provider, + namespace, + name, + commonName: host, + dnsNames: [host], + secretName: `${name}-tls`, + }); + + // Ingress + new InternalIngressRoute(this, "ingress", { + provider, + namespace, + name, + host, + serviceName: name, + servicePort: 80, + tlsSecretName: `${name}-tls`, + }); } } diff --git a/media-services/qbittorrent/index.ts b/media-services/qbittorrent/index.ts index 2fd2f4c..d119449 100644 --- a/media-services/qbittorrent/index.ts +++ b/media-services/qbittorrent/index.ts @@ -2,7 +2,11 @@ import { Construct } from "constructs"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; -import { InternalIngressRoute, LonghornPvc } from "../../utils"; +import { + InternalIngressRoute, + LonghornPvc, + PrivateCertificate, +} from "../../utils"; import { BaseMediaServiceOptions, getAamil3NodeSelector, @@ -17,11 +21,7 @@ type QBittorrentServerOptions = BaseMediaServiceOptions & { }; export class QBittorrentServer extends Construct { - constructor( - scope: Construct, - id: string, - options: QBittorrentServerOptions, - ) { + constructor(scope: Construct, id: string, options: QBittorrentServerOptions) { super(scope, id); const { provider, namespace, downloadsPvcName, host } = options; @@ -137,6 +137,15 @@ export class QBittorrentServer extends Construct { }, }); + new PrivateCertificate(this, "certificate", { + provider, + namespace, + name, + commonName: host, + dnsNames: [host], + secretName: `${name}-tls`, + }); + // Ingress new InternalIngressRoute(this, "ingress", { provider, @@ -145,6 +154,7 @@ export class QBittorrentServer extends Construct { host, serviceName: name, servicePort: 80, + tlsSecretName: `${name}-tls`, }); } } diff --git a/media-services/radarr/index.ts b/media-services/radarr/index.ts index da139a5..1af60c4 100644 --- a/media-services/radarr/index.ts +++ b/media-services/radarr/index.ts @@ -2,7 +2,11 @@ import { Construct } from "constructs"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; -import { InternalIngressRoute, LonghornPvc } from "../../utils"; +import { + InternalIngressRoute, + LonghornPvc, + PrivateCertificate, +} from "../../utils"; import { BaseMediaServiceOptions, getAamil3NodeSelector, @@ -132,6 +136,15 @@ export class RadarrServer extends Construct { }, }); + new PrivateCertificate(this, "certificate", { + provider, + namespace, + name, + commonName: host, + dnsNames: [host], + secretName: `${name}-tls`, + }); + // Ingress new InternalIngressRoute(this, "ingress", { provider, @@ -140,6 +153,7 @@ export class RadarrServer extends Construct { host, serviceName: name, servicePort: 80, + tlsSecretName: `${name}-tls`, }); } } diff --git a/media-services/sonarr/index.ts b/media-services/sonarr/index.ts index eab90bf..49fc23c 100644 --- a/media-services/sonarr/index.ts +++ b/media-services/sonarr/index.ts @@ -2,7 +2,11 @@ import { Construct } from "constructs"; import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; -import { InternalIngressRoute, LonghornPvc } from "../../utils"; +import { + InternalIngressRoute, + LonghornPvc, + PrivateCertificate, +} from "../../utils"; import { BaseMediaServiceOptions, getAamil3NodeSelector, @@ -132,6 +136,15 @@ export class SonarrServer extends Construct { }, }); + new PrivateCertificate(this, "certificate", { + provider, + namespace, + name, + commonName: host, + dnsNames: [host], + secretName: `${name}-tls`, + }); + // Ingress new InternalIngressRoute(this, "ingress", { provider, @@ -140,6 +153,7 @@ export class SonarrServer extends Construct { host, serviceName: name, servicePort: 80, + tlsSecretName: `${name}-tls`, }); } }