feat: Network | enable internal TLS

2025-11-24 09:27:48 +05:00
parent bff4762e30
commit c53fe7b2d1
14 changed files with 621 additions and 204 deletions
--- a/pki/issuers/public.ts
+++ b/pki/issuers/public.ts
@@ -0,0 +1,59 @@
+import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
+import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
+import { Construct } from "constructs";
+import { OnePasswordSecret } from "../../utils";
+
+type PublicIssuerOptions = {
+  provider: KubernetesProvider;
+  apiVersion: string;
+  namespace: string;
+  server: string;
+};
+
+export class PublicIssuer extends Construct {
+  constructor(scope: Construct, id: string, options: PublicIssuerOptions) {
+    super(scope, id);
+
+    const { apiVersion, provider, namespace, server } = options;
+
+    new OnePasswordSecret(this, "cloudflare-token", {
+      provider,
+      namespace,
+      name: "public-issuer-cloudflare-token",
+      itemPath: "vaults/Lab/items/cloudflare",
+    });
+
+    // Cloudflare ACME ClusterIssuer
+    new Manifest(this, "cloudflare-issuer", {
+      provider,
+      manifest: {
+        apiVersion,
+        kind: "ClusterIssuer",
+        metadata: {
+          name: "cloudflare-issuer",
+        },
+        spec: {
+          acme: {
+            email: "shahab@dogar.dev",
+            server,
+            privateKeySecretRef: {
+              name: "cloudflare-cluster-issuer-account-key",
+            },
+            solvers: [
+              {
+                dns01: {
+                  cloudflare: {
+                    apiTokenSecretRef: {
+                      name: "public-issuer-cloudflare-token",
+                      key: "token",
+                    },
+                  },
+                },
+              },
+            ],
+          },
+        },
+      },
+    });
+  }
+}