shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "fix: Traefik | remove custom tls option"

Browse Source 
This reverts commit 5b76226801.
This commit is contained in:
Shahab Dogar
2025-12-11 21:03:39 +05:00
parent 8b206f005b
commit afb071bcbe
4 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
network-security/index.ts
View File

@@ -7,6 +7,7 @@ import {
RateLimitMiddleware, RateLimitMiddleware,
IpAllowListMiddleware, IpAllowListMiddleware,
IpAllowListMiddlewareTCP, IpAllowListMiddlewareTCP,
TLSOptions,
} from "./traefik"; } from "./traefik";
import { ValkeyCluster } from "./valkey"; import { ValkeyCluster } from "./valkey";
import { InternalIngressRoute, PrivateCertificate } from "../utils"; import { InternalIngressRoute, PrivateCertificate } from "../utils";
@@ -67,6 +68,11 @@ export class NetworkSecurity extends TerraformStack {
name: "rate-limit", name: "rate-limit",
}); });
new TLSOptions(this, "tls-options", {
provider: kubernetes,
namespace,
});
new IpAllowListMiddleware(this, "internal-ip-allow-list", { new IpAllowListMiddleware(this, "internal-ip-allow-list", {
provider: kubernetes, provider: kubernetes,
namespace, namespace,

1
network-security/traefik/index.ts
View File

@@ -1,2 +1,3 @@
export { RateLimitMiddleware } from "./rateLimit"; export { RateLimitMiddleware } from "./rateLimit";
export { IpAllowListMiddleware, IpAllowListMiddlewareTCP } from "./ipAllowList"; export { IpAllowListMiddleware, IpAllowListMiddlewareTCP } from "./ipAllowList";
export { TLSOptions } from "./tlsOpts";

31
network-security/traefik/tlsOpts.ts Normal file
View File

@@ -0,0 +1,31 @@
import { Construct } from "constructs";
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
export class TLSOptions extends Construct {
constructor(
scope: Construct,
id: string,
opts: { provider: KubernetesProvider; namespace: string },
) {
super(scope, id);
const { provider, namespace } = opts;
new Manifest(this, "traefik-tls-options", {
provider,
manifest: {
apiVersion: "traefik.io/v1alpha1",
kind: "TLSOption",
metadata: {
namespace,
name: "tls-options",
},
spec: {
minVersion: "VersionTLS13",
sniStrict: true,
},
},
});
}
}

4
utils/traefik/ingress/ingress.ts
View File

@@ -110,6 +110,10 @@ export class IngressRoute extends Construct {
if (opts.tlsSecretName) { if (opts.tlsSecretName) {
spec.tls = { spec.tls = {
secretName: opts.tlsSecretName, secretName: opts.tlsSecretName,
options: {
name: "tls-options",
namespace: "homelab",
},
}; };
} }