feat: Media | use single certificate for all services
This commit is contained in:
@@ -3,7 +3,7 @@ import { TerraformStack } from "cdktf";
|
||||
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
|
||||
import { NamespaceV1 } from "@cdktf/provider-kubernetes/lib/namespace-v1";
|
||||
|
||||
import { LonghornPvc } from "../utils";
|
||||
import { CloudflareCertificate, LonghornPvc } from "../utils";
|
||||
import { JellyfinServer } from "./jellyfin";
|
||||
import { SonarrServer } from "./sonarr";
|
||||
import { RadarrServer } from "./radarr";
|
||||
@@ -42,10 +42,28 @@ export class MediaServices extends TerraformStack {
|
||||
size: "450Gi",
|
||||
});
|
||||
|
||||
const certificateSecretName = "media-services-tls";
|
||||
|
||||
new CloudflareCertificate(this, "cloudflare-certificate", {
|
||||
provider,
|
||||
namespace,
|
||||
name: "media-services",
|
||||
dnsNames: [
|
||||
"media.dogar.dev",
|
||||
"sonarr.dogar.dev",
|
||||
"radarr.dogar.dev",
|
||||
"torrent.dogar.dev",
|
||||
"prowlarr.dogar.dev",
|
||||
],
|
||||
secretName: certificateSecretName,
|
||||
commonName: "media.dogar.dev",
|
||||
});
|
||||
|
||||
// Deploy media services
|
||||
new JellyfinServer(this, "jellyfin", {
|
||||
provider,
|
||||
namespace,
|
||||
certificateSecretName,
|
||||
mediaPvcName: mediaPvc.name,
|
||||
host: "media.dogar.dev",
|
||||
});
|
||||
@@ -53,6 +71,7 @@ export class MediaServices extends TerraformStack {
|
||||
new SonarrServer(this, "sonarr", {
|
||||
provider,
|
||||
namespace,
|
||||
certificateSecretName,
|
||||
mediaPvcName: mediaPvc.name,
|
||||
downloadsPvcName: downloadsPvc.name,
|
||||
host: "sonarr.dogar.dev",
|
||||
@@ -61,6 +80,7 @@ export class MediaServices extends TerraformStack {
|
||||
new RadarrServer(this, "radarr", {
|
||||
provider,
|
||||
namespace,
|
||||
certificateSecretName,
|
||||
mediaPvcName: mediaPvc.name,
|
||||
downloadsPvcName: downloadsPvc.name,
|
||||
host: "radarr.dogar.dev",
|
||||
@@ -69,6 +89,7 @@ export class MediaServices extends TerraformStack {
|
||||
new QBittorrentServer(this, "qbittorrent", {
|
||||
provider,
|
||||
namespace,
|
||||
certificateSecretName,
|
||||
downloadsPvcName: downloadsPvc.name,
|
||||
host: "torrent.dogar.dev",
|
||||
});
|
||||
@@ -76,6 +97,7 @@ export class MediaServices extends TerraformStack {
|
||||
new ProwlarrServer(this, "prowlarr", {
|
||||
provider,
|
||||
namespace,
|
||||
certificateSecretName,
|
||||
host: "prowlarr.dogar.dev",
|
||||
});
|
||||
}
|
||||
|
||||
@@ -2,11 +2,7 @@ import { Construct } from "constructs";
|
||||
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
|
||||
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
|
||||
|
||||
import {
|
||||
CloudflareCertificate,
|
||||
InternalIngressRoute,
|
||||
LonghornPvc,
|
||||
} from "../../utils";
|
||||
import { InternalIngressRoute, LonghornPvc } from "../../utils";
|
||||
import { BaseMediaServiceOptions, getAamil3NodeSelector } from "../types";
|
||||
|
||||
type JellyfinServerOptions = BaseMediaServiceOptions & {
|
||||
@@ -14,6 +10,8 @@ type JellyfinServerOptions = BaseMediaServiceOptions & {
|
||||
mediaPvcName: string;
|
||||
/** Hostname for the ingress */
|
||||
host: string;
|
||||
/** Secret name for the TLS certificate */
|
||||
certificateSecretName: string;
|
||||
};
|
||||
|
||||
export class JellyfinServer extends Construct {
|
||||
@@ -140,14 +138,6 @@ export class JellyfinServer extends Construct {
|
||||
},
|
||||
});
|
||||
|
||||
new CloudflareCertificate(this, "certificate", {
|
||||
provider,
|
||||
namespace,
|
||||
name,
|
||||
secretName: "jellyfin-tls",
|
||||
dnsNames: [host],
|
||||
});
|
||||
|
||||
// Ingress - using internal ingress for secure access
|
||||
new InternalIngressRoute(this, "ingress", {
|
||||
provider,
|
||||
@@ -156,7 +146,7 @@ export class JellyfinServer extends Construct {
|
||||
host,
|
||||
serviceName: name,
|
||||
servicePort: 80,
|
||||
tlsSecretName: "jellyfin-tls",
|
||||
tlsSecretName: options.certificateSecretName,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,11 +2,7 @@ import { Construct } from "constructs";
|
||||
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
|
||||
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
|
||||
|
||||
import {
|
||||
InternalIngressRoute,
|
||||
LonghornPvc,
|
||||
PrivateCertificate,
|
||||
} from "../../utils";
|
||||
import { InternalIngressRoute, LonghornPvc } from "../../utils";
|
||||
import {
|
||||
BaseMediaServiceOptions,
|
||||
getWorkerNodeSelector,
|
||||
@@ -16,6 +12,8 @@ import {
|
||||
type ProwlarrOptions = BaseMediaServiceOptions & {
|
||||
/** Hostname for the ingress */
|
||||
host: string;
|
||||
/** Secret name for the TLS certificate */
|
||||
certificateSecretName: string;
|
||||
};
|
||||
|
||||
export class ProwlarrServer extends Construct {
|
||||
@@ -111,15 +109,6 @@ export class ProwlarrServer extends Construct {
|
||||
},
|
||||
});
|
||||
|
||||
new PrivateCertificate(this, "certificate", {
|
||||
provider,
|
||||
namespace,
|
||||
name,
|
||||
commonName: host,
|
||||
dnsNames: [host],
|
||||
secretName: `${name}-tls`,
|
||||
});
|
||||
|
||||
// Ingress
|
||||
new InternalIngressRoute(this, "ingress", {
|
||||
provider,
|
||||
@@ -128,7 +117,7 @@ export class ProwlarrServer extends Construct {
|
||||
host,
|
||||
serviceName: name,
|
||||
servicePort: 80,
|
||||
tlsSecretName: `${name}-tls`,
|
||||
tlsSecretName: options.certificateSecretName,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,11 +2,7 @@ import { Construct } from "constructs";
|
||||
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
|
||||
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
|
||||
|
||||
import {
|
||||
InternalIngressRoute,
|
||||
LonghornPvc,
|
||||
PrivateCertificate,
|
||||
} from "../../utils";
|
||||
import { InternalIngressRoute, LonghornPvc } from "../../utils";
|
||||
import {
|
||||
BaseMediaServiceOptions,
|
||||
getAamil3NodeSelector,
|
||||
@@ -18,6 +14,8 @@ type QBittorrentServerOptions = BaseMediaServiceOptions & {
|
||||
downloadsPvcName: string;
|
||||
/** Hostname for the ingress */
|
||||
host: string;
|
||||
/** Secret name for the TLS certificate */
|
||||
certificateSecretName: string;
|
||||
};
|
||||
|
||||
export class QBittorrentServer extends Construct {
|
||||
@@ -137,15 +135,6 @@ export class QBittorrentServer extends Construct {
|
||||
},
|
||||
});
|
||||
|
||||
new PrivateCertificate(this, "certificate", {
|
||||
provider,
|
||||
namespace,
|
||||
name,
|
||||
commonName: host,
|
||||
dnsNames: [host],
|
||||
secretName: `${name}-tls`,
|
||||
});
|
||||
|
||||
// Ingress
|
||||
new InternalIngressRoute(this, "ingress", {
|
||||
provider,
|
||||
@@ -154,7 +143,7 @@ export class QBittorrentServer extends Construct {
|
||||
host,
|
||||
serviceName: name,
|
||||
servicePort: 80,
|
||||
tlsSecretName: `${name}-tls`,
|
||||
tlsSecretName: options.certificateSecretName,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,11 +2,7 @@ import { Construct } from "constructs";
|
||||
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
|
||||
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
|
||||
|
||||
import {
|
||||
InternalIngressRoute,
|
||||
LonghornPvc,
|
||||
PrivateCertificate,
|
||||
} from "../../utils";
|
||||
import { InternalIngressRoute, LonghornPvc } from "../../utils";
|
||||
import {
|
||||
BaseMediaServiceOptions,
|
||||
getAamil3NodeSelector,
|
||||
@@ -20,6 +16,8 @@ type RadarrServerOptions = BaseMediaServiceOptions & {
|
||||
downloadsPvcName: string;
|
||||
/** Hostname for the ingress */
|
||||
host: string;
|
||||
/** Secret name for the TLS certificate */
|
||||
certificateSecretName: string;
|
||||
};
|
||||
|
||||
export class RadarrServer extends Construct {
|
||||
@@ -136,15 +134,6 @@ export class RadarrServer extends Construct {
|
||||
},
|
||||
});
|
||||
|
||||
new PrivateCertificate(this, "certificate", {
|
||||
provider,
|
||||
namespace,
|
||||
name,
|
||||
commonName: host,
|
||||
dnsNames: [host],
|
||||
secretName: `${name}-tls`,
|
||||
});
|
||||
|
||||
// Ingress
|
||||
new InternalIngressRoute(this, "ingress", {
|
||||
provider,
|
||||
@@ -153,7 +142,7 @@ export class RadarrServer extends Construct {
|
||||
host,
|
||||
serviceName: name,
|
||||
servicePort: 80,
|
||||
tlsSecretName: `${name}-tls`,
|
||||
tlsSecretName: options.certificateSecretName,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,11 +2,7 @@ import { Construct } from "constructs";
|
||||
import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
|
||||
import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
|
||||
|
||||
import {
|
||||
InternalIngressRoute,
|
||||
LonghornPvc,
|
||||
PrivateCertificate,
|
||||
} from "../../utils";
|
||||
import { InternalIngressRoute, LonghornPvc } from "../../utils";
|
||||
import {
|
||||
BaseMediaServiceOptions,
|
||||
getAamil3NodeSelector,
|
||||
@@ -20,6 +16,8 @@ type SonarrServerOptions = BaseMediaServiceOptions & {
|
||||
downloadsPvcName: string;
|
||||
/** Hostname for the ingress */
|
||||
host: string;
|
||||
/** Secret name for the TLS certificate */
|
||||
certificateSecretName: string;
|
||||
};
|
||||
|
||||
export class SonarrServer extends Construct {
|
||||
@@ -136,15 +134,6 @@ export class SonarrServer extends Construct {
|
||||
},
|
||||
});
|
||||
|
||||
new PrivateCertificate(this, "certificate", {
|
||||
provider,
|
||||
namespace,
|
||||
name,
|
||||
commonName: host,
|
||||
dnsNames: [host],
|
||||
secretName: `${name}-tls`,
|
||||
});
|
||||
|
||||
// Ingress
|
||||
new InternalIngressRoute(this, "ingress", {
|
||||
provider,
|
||||
@@ -153,7 +142,7 @@ export class SonarrServer extends Construct {
|
||||
host,
|
||||
serviceName: name,
|
||||
servicePort: 80,
|
||||
tlsSecretName: `${name}-tls`,
|
||||
tlsSecretName: options.certificateSecretName,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user