Use wildcard cert for everything in download

2023-04-13 01:13:18 -04:00 · 2023-04-13 01:13:18 -04:00 · f2252bd6c8
parent 82a3d02cfe
commit f2252bd6c8
8 changed files with 33 additions and 16 deletions
--- a/cluster/apps/download/bazarr/helm-release.yaml
+++ b/cluster/apps/download/bazarr/helm-release.yaml
@ -32,14 +32,17 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
-          - host: "subs.${SECRET_NEW_DOMAIN}"
+          - host: &host "subs.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
    persistence:
      config:
        enabled: true
--- a/cluster/apps/download/mylar3/helm-release.yaml
+++ b/cluster/apps/download/mylar3/helm-release.yaml
@ -36,14 +36,17 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
-          - host: "mylar.${SECRET_NEW_DOMAIN}"
+          - host: &host "mylar.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
    persistence:
      config:
        enabled: true
--- a/cluster/apps/download/prowlarr/helm-release.yaml
+++ b/cluster/apps/download/prowlarr/helm-release.yaml
@ -43,14 +43,17 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
-          - host: "prowlarr.${SECRET_NEW_DOMAIN}"
+          - host: &host "prowlarr.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
    persistence:
      config:
        enabled: true
--- a/cluster/apps/download/qbittorrent/ingress.yaml
+++ b/cluster/apps/download/qbittorrent/ingress.yaml
@ -4,12 +4,11 @@ metadata:
  name: qbittorrent-ingress
  namespace: download
  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-production"
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
 spec:
  rules:
-    - host: "qbit.${SECRET_NEW_DOMAIN}"
+    - host: &host "qbit.${SECRET_NEW_DOMAIN}"
      http:
        paths:
          - path: /
@ -21,4 +20,5 @@ spec:
                  name: http
  tls:
  - hosts:
-    - ${SECRET_DOMAIN}
+    - *host
+    secretName: wildcard-main-tls
--- a/cluster/apps/download/radarr/helm-release.yaml
+++ b/cluster/apps/download/radarr/helm-release.yaml
@ -45,14 +45,17 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
-          - host: "radarr.${SECRET_NEW_DOMAIN}"
+          - host: &host "radarr.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
    persistence:
      config:
        enabled: true
--- a/cluster/apps/download/readarr/audiobook-helm.yaml
+++ b/cluster/apps/download/readarr/audiobook-helm.yaml
@ -43,14 +43,17 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
-          - host: "readarr-audiobooks.${SECRET_NEW_DOMAIN}"
+          - host: &host "readarr-audiobooks.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
    persistence:
      config:
        enabled: true
--- a/cluster/apps/download/readarr/ebook-helm.yaml
+++ b/cluster/apps/download/readarr/ebook-helm.yaml
@ -43,14 +43,17 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
-          - host: "readarr-ebooks.${SECRET_NEW_DOMAIN}"
+          - host: &host "readarr-ebooks.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
    persistence:
      config:
        enabled: true
--- a/cluster/apps/download/sonarr/helm-release.yaml
+++ b/cluster/apps/download/sonarr/helm-release.yaml
@ -45,7 +45,6 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts: