fix: Ingress | simplify https infrastructure

2025-11-24 11:29:27 +05:00
parent 497331e585
commit d75671f5dd
2 changed files with 15 additions and 17 deletions
--- a/utility-services/gitea/server/index.ts
+++ b/utility-services/gitea/server/index.ts
@@ -7,7 +7,6 @@ import {
  OnePasswordSecret,
  PublicIngressRoute,
  IngressRouteTcp,
-  PrivateCertificate,
 } from "../../../utils";
 import type { Providers } from "../../../types";

@@ -53,20 +52,6 @@ export class GiteaServer extends Construct {
      itemPath: "vaults/Lab/items/cloudflare",
    });

-    new PrivateCertificate(this, "internal-cert", {
-      provider: kubernetes,
-      namespace,
-      name: "gitea-tls-internal",
-      secretName: "gitea-tls-internal",
-      dnsNames: [
-        "git.dogar.dev",
-        "gitea",
-        "gitea.homelab.svc",
-        "gitea.homelab.svc.cluster.local",
-      ],
-      usages: ["digital signature", "key encipherment", "server auth"],
-    });
-
    new Release(this, id, {
      ...options,
      provider: helm,
--- a/utils/traefik/ingress/ingress.ts
+++ b/utils/traefik/ingress/ingress.ts
@@ -2,7 +2,7 @@ import { Construct } from "constructs";
 import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
 import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";

-import { CloudflareCertificate } from "../../cert-manager";
+import { CloudflareCertificate, PrivateCertificate } from "../../cert-manager";

 export type IngressRouteOptions = {
  provider: KubernetesProvider;
@@ -43,6 +43,19 @@ export class IngressRoute extends Construct {
    const { provider, namespace } = opts;

    if (opts.serviceProtocol === "https") {
+      new PrivateCertificate(this, "internal-cert", {
+        provider,
+        namespace,
+        name: `${opts.serviceName}-tls-internal`,
+        secretName: `${opts.serviceName}-tls-internal`,
+        dnsNames: [
+          opts.serviceName,
+          `${opts.serviceName}.${opts.namespace}.svc`,
+          `${opts.serviceName}.${opts.namespace}.svc.cluster.local`,
+        ],
+        usages: ["digital signature", "key encipherment", "server auth"],
+      });
+
      new Manifest(this, `${name}-https-transport`, {
        provider,
        manifest: {
@@ -53,7 +66,7 @@ export class IngressRoute extends Construct {
            namespace,
          },
          spec: {
-            serverName: `${opts.name}.${opts.namespace}.svc.cluster.local`,
+            serverName: `${opts.serviceName}.${opts.namespace}.svc.cluster.local`,
            rootCAs: [
              {
                secret: "root-secret",