From 33c2df9fa3e76008e6ec157ecdb8b1573ff08272 Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Sun, 7 Jan 2024 11:35:52 +0100
Subject: [PATCH] add external dns

---
 .../external-dns/cloudflare.sealedsecret.yaml | 17 +++++++++
 infrastructure/external-dns/deployment.yaml   | 36 +++++++++++++++++++
 .../external-dns/kustomization.yaml           | 14 ++++++++
 infrastructure/external-dns/namespace.yaml    |  4 +++
 infrastructure/traefik-system/configmap.yaml  | 20 +++++------
 .../traefik-system/kustomization.yaml         |  6 +---
 .../traefik-system/servicemonitor.yaml        | 13 +++++++
 .../external-dns/application.yaml             | 18 ++++++++++
 .../external-dns/kustomization.yaml           |  4 +++
 kluster-deployments/kustomization.yaml        |  3 +-
 10 files changed, 118 insertions(+), 17 deletions(-)
 create mode 100644 infrastructure/external-dns/cloudflare.sealedsecret.yaml
 create mode 100644 infrastructure/external-dns/deployment.yaml
 create mode 100644 infrastructure/external-dns/kustomization.yaml
 create mode 100644 infrastructure/external-dns/namespace.yaml
 create mode 100644 infrastructure/traefik-system/servicemonitor.yaml
 create mode 100644 kluster-deployments/external-dns/application.yaml
 create mode 100644 kluster-deployments/external-dns/kustomization.yaml

diff --git a/infrastructure/external-dns/cloudflare.sealedsecret.yaml b/infrastructure/external-dns/cloudflare.sealedsecret.yaml
new file mode 100644
index 0000000..bd0d443
--- /dev/null
+++ b/infrastructure/external-dns/cloudflare.sealedsecret.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-api
+  namespace: external-dns
+spec:
+  encryptedData:
+    api-email: AgCgzMMs78RneCUwm+94AdQuJ8vPyZzio1nQyxVinC9/GtNu17miRx3Tqgzd648ra+UTAG9/uZGKaCYCA6BvdVwYB+7T0msLwzy1I+hqJwKLvYVzXh67b1PN2oYEKzINV0qxPBoE5+yVqduevxRpb8Xs3f1TbR22j2bdjPV3PudLeLKM2RiUqL05MoORLd49J+G67Hf29wtiFmm7Kgslma+dKiLJTATMyFT6PUn6ELxNuTZAcFCeNK9XhH8kVD4lBQP9cO1QUy2I6mbQCadzPFEZBdTfcmisqHnVy7iE90oH7wUU+U3F3BE7dDVTsmfU+HxkYNKYbPDdlqPwNRlQ3s+TIImaPGuXWzPFoebMB3VCT/g56/RXeqPzroF633+73S8v/mex7To259xSQ2AFmrl9+NMu4LZsdEhoTvV3j2K4v+1REp0PyPskMl7Ty7hS7+f79bJ4EuvrnWtcZL3LWwH0l5X11lQdoa3mYpF9W61x84/Jp9GoC4NGJb6kdy+lSf+zY2gYfxw54rWwgzdKwAyeszyxty7fIPbJzo+BHIAqnaqyDL2Mx/NfaVb4hxA1kODq0XymUAoTfTBIYmmbM6EsJzmXwji1LVlOfvir1EzhG9P7R9xvxCqGy3XL7Tu/A6413Iq+UfeJGfqfIXYBk1VNcVvZTK0D0ZPptF3kderGIng6gbLYn2o6847vBgpnUCvo+IDKi/qYuSqueLozX9146zfW
+    api-key: AgARzqN8QGUma9+Ay0pv/KW8kZ7Y/6iyD97nvhn5UIpb0tcTtSKx6l2l6JlI1z+LlAxD6+kXfBSUoHTLiSyzIH9iUeznEbb3I5xlTJ7uyR4REQl8mVAG0hQbpv+pLTp9hqaoTOgzk4UwRhjnro9m8hb1yBysS0/S5RIDisM/3ckDdPA0LUj0c+fRrwuIjmkg6IpAjNKL8fdcBRWhSPXcfP4C0QTJwbgFPuE6j4ogJIpR5IrkR7rT/Pc3IkRcg3IN6Sg6hqDDEbWx53yjGa1AYAuLyZIh9lEuzWsLhgHpiB7IjDZGevptwB3Xxth3RoN2wAuusNe2kTu7+9ALEhib+p8Lg5BztKP8HV/V65knS52zk6xon3Er5nJRY+zzbllbxKIASqDjDRzga4A48ZTp1yGXx8QPe3EOQDEPOs9X8kTKNO/0ecWBBvxe7rn2oqDHOMbC/PJW884oMarx2Pq3bnST/eAwK6ErpdWxuc2F5Y6VcnM2T9VFmpdTJxPELIj2TCIzxlmZeeplAmVU9wc/2uWzBMUQ7fBf5fFryni0uunzmahmfbMsRXIaB2Co1KYoIKNJ11OcN/n2oGed4sMNSTlU7b4pFNMojBOFEYqwgWATzYw0q9JAZH/oPdmpC9Y3Jm/mSra1ptt7+ccrkF0QvgziO6bZsgTter2J+oKHPhD1hBE+3Gwhxiod3cWOStiqz87vCzc+bnyRfdQ7PKxuSkJaGO//uY+byl8iK922KlHoIQVZmvAyK5Ry
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-api
+      namespace: external-dns
+    type: Opaque
diff --git a/infrastructure/external-dns/deployment.yaml b/infrastructure/external-dns/deployment.yaml
new file mode 100644
index 0000000..064b648
--- /dev/null
+++ b/infrastructure/external-dns/deployment.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      containers:
+      - name: external-dns
+        image: external-dns
+        args:
+        - --source=service # ingress is also possible
+        - --domain-filter=moll.re # (optional) limit to only example.com domains; change to match the zone created above.
+        # - --zone-id-filter=023e105f4ecef8ad9ca31a8372d0c353 # (optional) limit to a specific zone.
+        - --provider=cloudflare
+        # - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...)
+        - --cloudflare-dns-records-per-page=5000 # (optional) configure how many DNS records to fetch per request
+        env:
+        - name: CF_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-api
+              key: api-key
+        - name: CF_API_EMAIL
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-api
+              key: api-email
diff --git a/infrastructure/external-dns/kustomization.yaml b/infrastructure/external-dns/kustomization.yaml
new file mode 100644
index 0000000..7540a17
--- /dev/null
+++ b/infrastructure/external-dns/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: external-dns
+
+resources:
+  - namespace.yaml
+  - cloudflare.sealedsecret.yaml
+  - deployment.yaml
+
+images:
+  - name: external-dns
+    newName: registry.k8s.io/external-dns/external-dns
+    newTag: v0.14.0
diff --git a/infrastructure/external-dns/namespace.yaml b/infrastructure/external-dns/namespace.yaml
new file mode 100644
index 0000000..0a074bd
--- /dev/null
+++ b/infrastructure/external-dns/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
diff --git a/infrastructure/traefik-system/configmap.yaml b/infrastructure/traefik-system/configmap.yaml
index 35b0220..66ff657 100644
--- a/infrastructure/traefik-system/configmap.yaml
+++ b/infrastructure/traefik-system/configmap.yaml
@@ -48,8 +48,10 @@ data:
         allowCrossNamespace = true
       [providers.kubernetesIngress]
         allowExternalNameServices = true
-        ingressClass = "traefik"
-    
+        ingressClass = "traefik"    
+        [providers.kubernetesIngress.ingressEndpoint]
+          hostname = "moll.re"
+
     [serversTransport]
       insecureSkipVerify = true
  
@@ -72,17 +74,13 @@ data:
         address = ":853"
 
     [metrics]
-      [metrics.influxDB2]
-      address = "http://influxdb-influxdb2.monitoring:80"
-      token = "N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ=="
-      org = "influxdata"
-      bucket = "kluster"
+      [metrics.prometheus]
+      entryPoint = "metrics"
+      addEntryPointsLabels = true
+      addServicesLabels = true
+
 
     [certificatesResolvers.default-tls.acme]
       email = "me@moll.re"
       storage = "/certs/acme.json"
       [certificatesResolvers.default-tls.acme.tlsChallenge]
-
-    [experimental.plugins.traefik-plugin-geoblock]
-      moduleName = "github.com/nscuro/traefik-plugin-geoblock"
-      version = "v0.10.0"
\ No newline at end of file
diff --git a/infrastructure/traefik-system/kustomization.yaml b/infrastructure/traefik-system/kustomization.yaml
index 5782bb4..98faf1a 100644
--- a/infrastructure/traefik-system/kustomization.yaml
+++ b/infrastructure/traefik-system/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
   - namespace.yaml
   - pvc.yaml
   - configmap.yaml
+  - servicemonitor.yaml
 
 namespace: traefik-system
 
@@ -13,8 +14,3 @@ helmCharts:
     version: 26.0.0
     valuesFile: values.yaml
     repo: https://helm.traefik.io/traefik
-  # - name: telegraf
-  #   releaseName: telegraf?
-  #   version: "?"
-  #   valuesFile: telegraf.values.yaml
-  #   repo: https://helm.influxdata.com/
diff --git a/infrastructure/traefik-system/servicemonitor.yaml b/infrastructure/traefik-system/servicemonitor.yaml
new file mode 100644
index 0000000..784c7cf
--- /dev/null
+++ b/infrastructure/traefik-system/servicemonitor.yaml
@@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: traefik-servicemonitor
+  labels:
+    app: traefik
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+  endpoints:
+    - port: metrics
+      path: /metrics
diff --git a/kluster-deployments/external-dns/application.yaml b/kluster-deployments/external-dns/application.yaml
new file mode 100644
index 0000000..b809960
--- /dev/null
+++ b/kluster-deployments/external-dns/application.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-dns-application
+  namespace: argocd
+spec:
+  project: infrastructure
+  source:
+    repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
+    targetRevision: main
+    path: infrastructure/external-dns
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: external-dns
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/kluster-deployments/external-dns/kustomization.yaml b/kluster-deployments/external-dns/kustomization.yaml
new file mode 100644
index 0000000..0b082ba
--- /dev/null
+++ b/kluster-deployments/external-dns/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml
\ No newline at end of file
diff --git a/kluster-deployments/kustomization.yaml b/kluster-deployments/kustomization.yaml
index 4ca45a0..a37be02 100644
--- a/kluster-deployments/kustomization.yaml
+++ b/kluster-deployments/kustomization.yaml
@@ -18,6 +18,7 @@ resources:
   - gitea/
   - renovate/
   - traefik/
+  - external-dns/
 
 
   # simple apps
@@ -32,4 +33,4 @@ resources:
   - adguard/
   - media/
   - nextcloud/
-  - syncthing/
\ No newline at end of file
+  - syncthing/