fix: Ingress | simplify https infrastructure
This commit is contained in:
@@ -7,7 +7,6 @@ import {
|
|||||||
OnePasswordSecret,
|
OnePasswordSecret,
|
||||||
PublicIngressRoute,
|
PublicIngressRoute,
|
||||||
IngressRouteTcp,
|
IngressRouteTcp,
|
||||||
PrivateCertificate,
|
|
||||||
} from "../../../utils";
|
} from "../../../utils";
|
||||||
import type { Providers } from "../../../types";
|
import type { Providers } from "../../../types";
|
||||||
|
|
||||||
@@ -53,20 +52,6 @@ export class GiteaServer extends Construct {
|
|||||||
itemPath: "vaults/Lab/items/cloudflare",
|
itemPath: "vaults/Lab/items/cloudflare",
|
||||||
});
|
});
|
||||||
|
|
||||||
new PrivateCertificate(this, "internal-cert", {
|
|
||||||
provider: kubernetes,
|
|
||||||
namespace,
|
|
||||||
name: "gitea-tls-internal",
|
|
||||||
secretName: "gitea-tls-internal",
|
|
||||||
dnsNames: [
|
|
||||||
"git.dogar.dev",
|
|
||||||
"gitea",
|
|
||||||
"gitea.homelab.svc",
|
|
||||||
"gitea.homelab.svc.cluster.local",
|
|
||||||
],
|
|
||||||
usages: ["digital signature", "key encipherment", "server auth"],
|
|
||||||
});
|
|
||||||
|
|
||||||
new Release(this, id, {
|
new Release(this, id, {
|
||||||
...options,
|
...options,
|
||||||
provider: helm,
|
provider: helm,
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ import { Construct } from "constructs";
|
|||||||
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
||||||
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
|
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
|
||||||
|
|
||||||
import { CloudflareCertificate } from "../../cert-manager";
|
import { CloudflareCertificate, PrivateCertificate } from "../../cert-manager";
|
||||||
|
|
||||||
export type IngressRouteOptions = {
|
export type IngressRouteOptions = {
|
||||||
provider: KubernetesProvider;
|
provider: KubernetesProvider;
|
||||||
@@ -43,6 +43,19 @@ export class IngressRoute extends Construct {
|
|||||||
const { provider, namespace } = opts;
|
const { provider, namespace } = opts;
|
||||||
|
|
||||||
if (opts.serviceProtocol === "https") {
|
if (opts.serviceProtocol === "https") {
|
||||||
|
new PrivateCertificate(this, "internal-cert", {
|
||||||
|
provider,
|
||||||
|
namespace,
|
||||||
|
name: `${opts.serviceName}-tls-internal`,
|
||||||
|
secretName: `${opts.serviceName}-tls-internal`,
|
||||||
|
dnsNames: [
|
||||||
|
opts.serviceName,
|
||||||
|
`${opts.serviceName}.${opts.namespace}.svc`,
|
||||||
|
`${opts.serviceName}.${opts.namespace}.svc.cluster.local`,
|
||||||
|
],
|
||||||
|
usages: ["digital signature", "key encipherment", "server auth"],
|
||||||
|
});
|
||||||
|
|
||||||
new Manifest(this, `${name}-https-transport`, {
|
new Manifest(this, `${name}-https-transport`, {
|
||||||
provider,
|
provider,
|
||||||
manifest: {
|
manifest: {
|
||||||
@@ -53,7 +66,7 @@ export class IngressRoute extends Construct {
|
|||||||
namespace,
|
namespace,
|
||||||
},
|
},
|
||||||
spec: {
|
spec: {
|
||||||
serverName: `${opts.name}.${opts.namespace}.svc.cluster.local`,
|
serverName: `${opts.serviceName}.${opts.namespace}.svc.cluster.local`,
|
||||||
rootCAs: [
|
rootCAs: [
|
||||||
{
|
{
|
||||||
secret: "root-secret",
|
secret: "root-secret",
|
||||||
|
|||||||
Reference in New Issue
Block a user