Common names now line up with hostnames in certificate through the 1 ingress (fire emoji)

2026-01-13 23:18:41 -08:00 · 2026-01-13 23:18:41 -08:00 · ee860c6e1f
commit ee860c6e1f
parent 1c11410c2d
1 changed files with 11 additions and 13 deletions
--- a/infra/vultr-kubernetes/ingress.tf
+++ b/infra/vultr-kubernetes/ingress.tf
@ -1,9 +1,9 @@
 locals {
  services = {
-    code    = kubernetes_service.gitea
-    sanity  = kubernetes_service_v1.health
-    uptime  = kubernetes_service.kuma
-    wiki    = kubernetes_service.otterwiki
+    "code.shockrah.xyz"    = kubernetes_service.gitea
+    "sanity.shockrah.xyz"  = kubernetes_service_v1.health
+    "uptime.shockrah.xyz"  = kubernetes_service.kuma
+    "wiki.shockrah.xyz"    = kubernetes_service.otterwiki
  }
 }
 resource kubernetes_ingress_v1 health {
@ -17,19 +17,17 @@ resource kubernetes_ingress_v1 health {
    }
    spec {
        ingress_class_name = "nginx"
-        tls {
-            hosts = [
-                "sanity.shockrah.xyz",
-                "uptime.shockrah.xyz",
-                "code.shockrah.xyz",
-                "wiki.shockrah.xyz"
-            ]
-            secret_name = "shockrah"
+        dynamic tls {
+          for_each = local.services
+          content {
+            hosts       = [tls.key]
+            secret_name = "${tls.value.metadata[0].name}-secret"
+          }
        }
        dynamic "rule" {
          for_each = local.services
          content {
-            host = "${rule.key}.shockrah.xyz"
+            host = "${rule.key}"
            http {
              path {
                path = "/"