diff --git a/infrastructure/external-dns/cloudflare.sealedsecret.yaml b/infrastructure/external-dns/cloudflare.sealedsecret.yaml new file mode 100644 index 0000000..bd0d443 --- /dev/null +++ b/infrastructure/external-dns/cloudflare.sealedsecret.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: cloudflare-api + namespace: external-dns +spec: + encryptedData: + api-email: AgCgzMMs78RneCUwm+94AdQuJ8vPyZzio1nQyxVinC9/GtNu17miRx3Tqgzd648ra+UTAG9/uZGKaCYCA6BvdVwYB+7T0msLwzy1I+hqJwKLvYVzXh67b1PN2oYEKzINV0qxPBoE5+yVqduevxRpb8Xs3f1TbR22j2bdjPV3PudLeLKM2RiUqL05MoORLd49J+G67Hf29wtiFmm7Kgslma+dKiLJTATMyFT6PUn6ELxNuTZAcFCeNK9XhH8kVD4lBQP9cO1QUy2I6mbQCadzPFEZBdTfcmisqHnVy7iE90oH7wUU+U3F3BE7dDVTsmfU+HxkYNKYbPDdlqPwNRlQ3s+TIImaPGuXWzPFoebMB3VCT/g56/RXeqPzroF633+73S8v/mex7To259xSQ2AFmrl9+NMu4LZsdEhoTvV3j2K4v+1REp0PyPskMl7Ty7hS7+f79bJ4EuvrnWtcZL3LWwH0l5X11lQdoa3mYpF9W61x84/Jp9GoC4NGJb6kdy+lSf+zY2gYfxw54rWwgzdKwAyeszyxty7fIPbJzo+BHIAqnaqyDL2Mx/NfaVb4hxA1kODq0XymUAoTfTBIYmmbM6EsJzmXwji1LVlOfvir1EzhG9P7R9xvxCqGy3XL7Tu/A6413Iq+UfeJGfqfIXYBk1VNcVvZTK0D0ZPptF3kderGIng6gbLYn2o6847vBgpnUCvo+IDKi/qYuSqueLozX9146zfW + api-key: AgARzqN8QGUma9+Ay0pv/KW8kZ7Y/6iyD97nvhn5UIpb0tcTtSKx6l2l6JlI1z+LlAxD6+kXfBSUoHTLiSyzIH9iUeznEbb3I5xlTJ7uyR4REQl8mVAG0hQbpv+pLTp9hqaoTOgzk4UwRhjnro9m8hb1yBysS0/S5RIDisM/3ckDdPA0LUj0c+fRrwuIjmkg6IpAjNKL8fdcBRWhSPXcfP4C0QTJwbgFPuE6j4ogJIpR5IrkR7rT/Pc3IkRcg3IN6Sg6hqDDEbWx53yjGa1AYAuLyZIh9lEuzWsLhgHpiB7IjDZGevptwB3Xxth3RoN2wAuusNe2kTu7+9ALEhib+p8Lg5BztKP8HV/V65knS52zk6xon3Er5nJRY+zzbllbxKIASqDjDRzga4A48ZTp1yGXx8QPe3EOQDEPOs9X8kTKNO/0ecWBBvxe7rn2oqDHOMbC/PJW884oMarx2Pq3bnST/eAwK6ErpdWxuc2F5Y6VcnM2T9VFmpdTJxPELIj2TCIzxlmZeeplAmVU9wc/2uWzBMUQ7fBf5fFryni0uunzmahmfbMsRXIaB2Co1KYoIKNJ11OcN/n2oGed4sMNSTlU7b4pFNMojBOFEYqwgWATzYw0q9JAZH/oPdmpC9Y3Jm/mSra1ptt7+ccrkF0QvgziO6bZsgTter2J+oKHPhD1hBE+3Gwhxiod3cWOStiqz87vCzc+bnyRfdQ7PKxuSkJaGO//uY+byl8iK922KlHoIQVZmvAyK5Ry + template: + metadata: + creationTimestamp: null + name: cloudflare-api + namespace: external-dns + type: Opaque diff --git a/infrastructure/external-dns/deployment.yaml b/infrastructure/external-dns/deployment.yaml new file mode 100644 index 0000000..064b648 --- /dev/null +++ b/infrastructure/external-dns/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + containers: + - name: external-dns + image: external-dns + args: + - --source=service # ingress is also possible + - --domain-filter=moll.re # (optional) limit to only example.com domains; change to match the zone created above. + # - --zone-id-filter=023e105f4ecef8ad9ca31a8372d0c353 # (optional) limit to a specific zone. + - --provider=cloudflare + # - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...) + - --cloudflare-dns-records-per-page=5000 # (optional) configure how many DNS records to fetch per request + env: + - name: CF_API_KEY + valueFrom: + secretKeyRef: + name: cloudflare-api + key: api-key + - name: CF_API_EMAIL + valueFrom: + secretKeyRef: + name: cloudflare-api + key: api-email diff --git a/infrastructure/external-dns/kustomization.yaml b/infrastructure/external-dns/kustomization.yaml new file mode 100644 index 0000000..7540a17 --- /dev/null +++ b/infrastructure/external-dns/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: external-dns + +resources: + - namespace.yaml + - cloudflare.sealedsecret.yaml + - deployment.yaml + +images: + - name: external-dns + newName: registry.k8s.io/external-dns/external-dns + newTag: v0.14.0 diff --git a/infrastructure/external-dns/namespace.yaml b/infrastructure/external-dns/namespace.yaml new file mode 100644 index 0000000..0a074bd --- /dev/null +++ b/infrastructure/external-dns/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: placeholder diff --git a/infrastructure/traefik-system/configmap.yaml b/infrastructure/traefik-system/configmap.yaml index 35b0220..66ff657 100644 --- a/infrastructure/traefik-system/configmap.yaml +++ b/infrastructure/traefik-system/configmap.yaml @@ -48,8 +48,10 @@ data: allowCrossNamespace = true [providers.kubernetesIngress] allowExternalNameServices = true - ingressClass = "traefik" - + ingressClass = "traefik" + [providers.kubernetesIngress.ingressEndpoint] + hostname = "moll.re" + [serversTransport] insecureSkipVerify = true @@ -72,17 +74,13 @@ data: address = ":853" [metrics] - [metrics.influxDB2] - address = "http://influxdb-influxdb2.monitoring:80" - token = "N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ==" - org = "influxdata" - bucket = "kluster" + [metrics.prometheus] + entryPoint = "metrics" + addEntryPointsLabels = true + addServicesLabels = true + [certificatesResolvers.default-tls.acme] email = "me@moll.re" storage = "/certs/acme.json" [certificatesResolvers.default-tls.acme.tlsChallenge] - - [experimental.plugins.traefik-plugin-geoblock] - moduleName = "github.com/nscuro/traefik-plugin-geoblock" - version = "v0.10.0" \ No newline at end of file diff --git a/infrastructure/traefik-system/kustomization.yaml b/infrastructure/traefik-system/kustomization.yaml index 5782bb4..98faf1a 100644 --- a/infrastructure/traefik-system/kustomization.yaml +++ b/infrastructure/traefik-system/kustomization.yaml @@ -4,6 +4,7 @@ resources: - namespace.yaml - pvc.yaml - configmap.yaml + - servicemonitor.yaml namespace: traefik-system @@ -13,8 +14,3 @@ helmCharts: version: 26.0.0 valuesFile: values.yaml repo: https://helm.traefik.io/traefik - # - name: telegraf - # releaseName: telegraf? - # version: "?" - # valuesFile: telegraf.values.yaml - # repo: https://helm.influxdata.com/ diff --git a/infrastructure/traefik-system/servicemonitor.yaml b/infrastructure/traefik-system/servicemonitor.yaml new file mode 100644 index 0000000..784c7cf --- /dev/null +++ b/infrastructure/traefik-system/servicemonitor.yaml @@ -0,0 +1,13 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: traefik-servicemonitor + labels: + app: traefik +spec: + selector: + matchLabels: + app.kubernetes.io/name: traefik + endpoints: + - port: metrics + path: /metrics diff --git a/kluster-deployments/external-dns/application.yaml b/kluster-deployments/external-dns/application.yaml new file mode 100644 index 0000000..b809960 --- /dev/null +++ b/kluster-deployments/external-dns/application.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: external-dns-application + namespace: argocd +spec: + project: infrastructure + source: + repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git + targetRevision: main + path: infrastructure/external-dns + destination: + server: https://kubernetes.default.svc + namespace: external-dns + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/kluster-deployments/external-dns/kustomization.yaml b/kluster-deployments/external-dns/kustomization.yaml new file mode 100644 index 0000000..0b082ba --- /dev/null +++ b/kluster-deployments/external-dns/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application.yaml \ No newline at end of file diff --git a/kluster-deployments/kustomization.yaml b/kluster-deployments/kustomization.yaml index 4ca45a0..a37be02 100644 --- a/kluster-deployments/kustomization.yaml +++ b/kluster-deployments/kustomization.yaml @@ -18,6 +18,7 @@ resources: - gitea/ - renovate/ - traefik/ + - external-dns/ # simple apps @@ -32,4 +33,4 @@ resources: - adguard/ - media/ - nextcloud/ - - syncthing/ \ No newline at end of file + - syncthing/