@crossdelta/infrastructure 0.12.0 → 0.12.2

package/dist/index.cjs

@@ -1170,11 +1170,8 @@ var generateHandleBlock = (handle, level, basicAuth) => {
 ${inner}
 }`, level);
 };
-var generateRouteBlock = (route, encode, useOnDemandTls) => {
+var generateRouteBlock = (route, encode) => {
   const body = [];
-  if (useOnDemandTls) {
-    body.push("  tls {", "    on_demand", "  }");
-  }
   if (!route.redirect && encode?.length) {
     body.push(`  encode ${encode.join(" ")}`);
   }
@@ -1233,10 +1230,9 @@ var generateCaddyfile = (config) => {
   const healthCheckBlock = `:${healthCheck.port} {
   respond ${healthCheck.path} 200
 }`;
-  const useOnDemandTls = config.onDemandTls != null;
   const blocks = [
     generateGlobalBlock(config),
-    ...config.routes.map((route) => generateRouteBlock(route, config.encode, useOnDemandTls)),
+    ...config.routes.map((route) => generateRouteBlock(route, config.encode)),
     healthCheckBlock,
     ...config.catchAllUpstream && config.onDemandTls ? [generateCatchAllBlock(config.catchAllUpstream, config.encode)] : []
   ];
@@ -1325,7 +1321,7 @@ var deployCaddy = (provider, namespace, config) => {
       namespace,
       labels,
       annotations: {
-        "service.beta.kubernetes.io/do-loadbalancer-tls-passthrough": "true",
+        ...config.tlsPassthrough && { "service.beta.kubernetes.io/do-loadbalancer-tls-passthrough": "true" },
         "service.beta.kubernetes.io/do-loadbalancer-healthcheck-path": healthCheck.path,
         "service.beta.kubernetes.io/do-loadbalancer-healthcheck-protocol": "http",
         "service.beta.kubernetes.io/do-loadbalancer-healthcheck-port": String(healthCheck.port),

package/dist/index.js

@@ -1074,11 +1074,8 @@ var generateHandleBlock = (handle, level, basicAuth) => {
 ${inner}
 }`, level);
 };
-var generateRouteBlock = (route, encode, useOnDemandTls) => {
+var generateRouteBlock = (route, encode) => {
   const body = [];
-  if (useOnDemandTls) {
-    body.push("  tls {", "    on_demand", "  }");
-  }
   if (!route.redirect && encode?.length) {
     body.push(`  encode ${encode.join(" ")}`);
   }
@@ -1137,10 +1134,9 @@ var generateCaddyfile = (config) => {
   const healthCheckBlock = `:${healthCheck.port} {
   respond ${healthCheck.path} 200
 }`;
-  const useOnDemandTls = config.onDemandTls != null;
   const blocks = [
     generateGlobalBlock(config),
-    ...config.routes.map((route) => generateRouteBlock(route, config.encode, useOnDemandTls)),
+    ...config.routes.map((route) => generateRouteBlock(route, config.encode)),
     healthCheckBlock,
     ...config.catchAllUpstream && config.onDemandTls ? [generateCatchAllBlock(config.catchAllUpstream, config.encode)] : []
   ];
@@ -1229,7 +1225,7 @@ var deployCaddy = (provider, namespace, config) => {
       namespace,
       labels,
       annotations: {
-        "service.beta.kubernetes.io/do-loadbalancer-tls-passthrough": "true",
+        ...config.tlsPassthrough && { "service.beta.kubernetes.io/do-loadbalancer-tls-passthrough": "true" },
         "service.beta.kubernetes.io/do-loadbalancer-healthcheck-path": healthCheck.path,
         "service.beta.kubernetes.io/do-loadbalancer-healthcheck-protocol": "http",
         "service.beta.kubernetes.io/do-loadbalancer-healthcheck-port": String(healthCheck.port),

package/dist/runtimes/doks/types.d.ts

@@ -461,6 +461,8 @@ export interface CaddyConfig {
     };
     /** Response encoding (e.g., ['zstd', 'gzip']). Omit to disable. */
     encode?: string[];
+    /** Pass raw TLS to the backend without LB termination. Only needed when the LB itself manages HTTPS. Defaults to false. */
+    tlsPassthrough?: boolean;
 }
 export interface CaddyResult {
     /** The Kubernetes Deployment */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crossdelta/infrastructure",
-  "version": "0.12.0",
+  "version": "0.12.2",
   "type": "module",
   "license": "MIT",
   "publishConfig": {