From f2252bd6c8d0dc6e18e0aaecca0621a531272722 Mon Sep 17 00:00:00 2001
From: SeanOMik <seanomik@gmail.com>
Date: Thu, 13 Apr 2023 01:13:18 -0400
Subject: [PATCH] Use wildcard cert for everything in download

---
 cluster/apps/download/bazarr/helm-release.yaml    | 7 +++++--
 cluster/apps/download/mylar3/helm-release.yaml    | 7 +++++--
 cluster/apps/download/prowlarr/helm-release.yaml  | 7 +++++--
 cluster/apps/download/qbittorrent/ingress.yaml    | 6 +++---
 cluster/apps/download/radarr/helm-release.yaml    | 7 +++++--
 cluster/apps/download/readarr/audiobook-helm.yaml | 7 +++++--
 cluster/apps/download/readarr/ebook-helm.yaml     | 7 +++++--
 cluster/apps/download/sonarr/helm-release.yaml    | 1 -
 8 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/cluster/apps/download/bazarr/helm-release.yaml b/cluster/apps/download/bazarr/helm-release.yaml
index 75bb4c8..a9a4180 100644
--- a/cluster/apps/download/bazarr/helm-release.yaml
+++ b/cluster/apps/download/bazarr/helm-release.yaml
@@ -32,14 +32,17 @@ spec:
       main:
         enabled: true
         annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "subs.${SECRET_NEW_DOMAIN}"
+          - host: &host "subs.${SECRET_NEW_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
     persistence:
       config:
         enabled: true
diff --git a/cluster/apps/download/mylar3/helm-release.yaml b/cluster/apps/download/mylar3/helm-release.yaml
index 8e2837e..af93d31 100644
--- a/cluster/apps/download/mylar3/helm-release.yaml
+++ b/cluster/apps/download/mylar3/helm-release.yaml
@@ -36,14 +36,17 @@ spec:
       main:
         enabled: true
         annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "mylar.${SECRET_NEW_DOMAIN}"
+          - host: &host "mylar.${SECRET_NEW_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
     persistence:
       config:
         enabled: true
diff --git a/cluster/apps/download/prowlarr/helm-release.yaml b/cluster/apps/download/prowlarr/helm-release.yaml
index 3fe315e..77155e5 100644
--- a/cluster/apps/download/prowlarr/helm-release.yaml
+++ b/cluster/apps/download/prowlarr/helm-release.yaml
@@ -43,14 +43,17 @@ spec:
       main:
         enabled: true
         annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "prowlarr.${SECRET_NEW_DOMAIN}"
+          - host: &host "prowlarr.${SECRET_NEW_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
     persistence:
       config:
         enabled: true
diff --git a/cluster/apps/download/qbittorrent/ingress.yaml b/cluster/apps/download/qbittorrent/ingress.yaml
index 5d2ede7..6f760db 100644
--- a/cluster/apps/download/qbittorrent/ingress.yaml
+++ b/cluster/apps/download/qbittorrent/ingress.yaml
@@ -4,12 +4,11 @@ metadata:
   name: qbittorrent-ingress
   namespace: download
   annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-production"
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
 spec:
   rules:
-    - host: "qbit.${SECRET_NEW_DOMAIN}"
+    - host: &host "qbit.${SECRET_NEW_DOMAIN}"
       http:
         paths:
           - path: /
@@ -21,4 +20,5 @@ spec:
                   name: http
   tls:
   - hosts:
-    - ${SECRET_DOMAIN}
\ No newline at end of file
+    - *host
+    secretName: wildcard-main-tls
\ No newline at end of file
diff --git a/cluster/apps/download/radarr/helm-release.yaml b/cluster/apps/download/radarr/helm-release.yaml
index 79efe13..4e16f17 100644
--- a/cluster/apps/download/radarr/helm-release.yaml
+++ b/cluster/apps/download/radarr/helm-release.yaml
@@ -45,14 +45,17 @@ spec:
       main:
         enabled: true
         annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "radarr.${SECRET_NEW_DOMAIN}"
+          - host: &host "radarr.${SECRET_NEW_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
     persistence:
       config:
         enabled: true
diff --git a/cluster/apps/download/readarr/audiobook-helm.yaml b/cluster/apps/download/readarr/audiobook-helm.yaml
index 2371725..2cf1879 100644
--- a/cluster/apps/download/readarr/audiobook-helm.yaml
+++ b/cluster/apps/download/readarr/audiobook-helm.yaml
@@ -43,14 +43,17 @@ spec:
       main:
         enabled: true
         annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "readarr-audiobooks.${SECRET_NEW_DOMAIN}"
+          - host: &host "readarr-audiobooks.${SECRET_NEW_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
     persistence:
       config:
         enabled: true
diff --git a/cluster/apps/download/readarr/ebook-helm.yaml b/cluster/apps/download/readarr/ebook-helm.yaml
index acb16ac..42ed101 100644
--- a/cluster/apps/download/readarr/ebook-helm.yaml
+++ b/cluster/apps/download/readarr/ebook-helm.yaml
@@ -43,14 +43,17 @@ spec:
       main:
         enabled: true
         annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts:
-          - host: "readarr-ebooks.${SECRET_NEW_DOMAIN}"
+          - host: &host "readarr-ebooks.${SECRET_NEW_DOMAIN}"
             paths:
               - path: /
                 pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
     persistence:
       config:
         enabled: true
diff --git a/cluster/apps/download/sonarr/helm-release.yaml b/cluster/apps/download/sonarr/helm-release.yaml
index 688af89..dec1f2d 100644
--- a/cluster/apps/download/sonarr/helm-release.yaml
+++ b/cluster/apps/download/sonarr/helm-release.yaml
@@ -45,7 +45,6 @@ spec:
       main:
         enabled: true
         annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
           traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
         hosts: