state(monitoring): update encrypted state

2026-03-29 01:04:11 +02:00 · 2026-03-29 01:04:11 +02:00 · 878b556179
commit 878b556179
parent d41211ddd5
4 changed files with 48 additions and 7 deletions
--- a/stacks/traefik/modules/traefik/error-pages.tf
+++ b/stacks/traefik/modules/traefik/error-pages.tf
@ -139,6 +139,25 @@ resource "kubernetes_manifest" "middleware_error_pages" {
  depends_on = [helm_release.traefik, kubernetes_service.error_pages]
 }

+# Default TLSStore — serves wildcard cert for unknown hosts instead of self-signed fallback
+resource "kubernetes_manifest" "tlsstore_default" {
+  manifest = {
+    apiVersion = "traefik.io/v1alpha1"
+    kind       = "TLSStore"
+    metadata = {
+      name      = "default"
+      namespace = kubernetes_namespace.traefik.metadata[0].name
+    }
+    spec = {
+      defaultCertificate = {
+        secretName = var.tls_secret_name
+      }
+    }
+  }
+
+  depends_on = [helm_release.traefik, module.tls_secret]
+}
+
 # Catch-all IngressRoute — serves 404 for unknown hosts (lowest priority)
 resource "kubernetes_manifest" "ingressroute_catchall" {
  manifest = {