add external dns

infrastructure/external-dns/cloudflare.sealedsecret.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-api
+  namespace: external-dns
+spec:
+  encryptedData:
+    api-email: AgCgzMMs78RneCUwm+94AdQuJ8vPyZzio1nQyxVinC9/GtNu17miRx3Tqgzd648ra+UTAG9/uZGKaCYCA6BvdVwYB+7T0msLwzy1I+hqJwKLvYVzXh67b1PN2oYEKzINV0qxPBoE5+yVqduevxRpb8Xs3f1TbR22j2bdjPV3PudLeLKM2RiUqL05MoORLd49J+G67Hf29wtiFmm7Kgslma+dKiLJTATMyFT6PUn6ELxNuTZAcFCeNK9XhH8kVD4lBQP9cO1QUy2I6mbQCadzPFEZBdTfcmisqHnVy7iE90oH7wUU+U3F3BE7dDVTsmfU+HxkYNKYbPDdlqPwNRlQ3s+TIImaPGuXWzPFoebMB3VCT/g56/RXeqPzroF633+73S8v/mex7To259xSQ2AFmrl9+NMu4LZsdEhoTvV3j2K4v+1REp0PyPskMl7Ty7hS7+f79bJ4EuvrnWtcZL3LWwH0l5X11lQdoa3mYpF9W61x84/Jp9GoC4NGJb6kdy+lSf+zY2gYfxw54rWwgzdKwAyeszyxty7fIPbJzo+BHIAqnaqyDL2Mx/NfaVb4hxA1kODq0XymUAoTfTBIYmmbM6EsJzmXwji1LVlOfvir1EzhG9P7R9xvxCqGy3XL7Tu/A6413Iq+UfeJGfqfIXYBk1VNcVvZTK0D0ZPptF3kderGIng6gbLYn2o6847vBgpnUCvo+IDKi/qYuSqueLozX9146zfW
+    api-key: AgARzqN8QGUma9+Ay0pv/KW8kZ7Y/6iyD97nvhn5UIpb0tcTtSKx6l2l6JlI1z+LlAxD6+kXfBSUoHTLiSyzIH9iUeznEbb3I5xlTJ7uyR4REQl8mVAG0hQbpv+pLTp9hqaoTOgzk4UwRhjnro9m8hb1yBysS0/S5RIDisM/3ckDdPA0LUj0c+fRrwuIjmkg6IpAjNKL8fdcBRWhSPXcfP4C0QTJwbgFPuE6j4ogJIpR5IrkR7rT/Pc3IkRcg3IN6Sg6hqDDEbWx53yjGa1AYAuLyZIh9lEuzWsLhgHpiB7IjDZGevptwB3Xxth3RoN2wAuusNe2kTu7+9ALEhib+p8Lg5BztKP8HV/V65knS52zk6xon3Er5nJRY+zzbllbxKIASqDjDRzga4A48ZTp1yGXx8QPe3EOQDEPOs9X8kTKNO/0ecWBBvxe7rn2oqDHOMbC/PJW884oMarx2Pq3bnST/eAwK6ErpdWxuc2F5Y6VcnM2T9VFmpdTJxPELIj2TCIzxlmZeeplAmVU9wc/2uWzBMUQ7fBf5fFryni0uunzmahmfbMsRXIaB2Co1KYoIKNJ11OcN/n2oGed4sMNSTlU7b4pFNMojBOFEYqwgWATzYw0q9JAZH/oPdmpC9Y3Jm/mSra1ptt7+ccrkF0QvgziO6bZsgTter2J+oKHPhD1hBE+3Gwhxiod3cWOStiqz87vCzc+bnyRfdQ7PKxuSkJaGO//uY+byl8iK922KlHoIQVZmvAyK5Ry
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-api
+      namespace: external-dns
+    type: Opaque

infrastructure/external-dns/deployment.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      containers:
+      - name: external-dns
+        image: external-dns
+        args:
+        - --source=service # ingress is also possible
+        - --domain-filter=moll.re # (optional) limit to only example.com domains; change to match the zone created above.
+        # - --zone-id-filter=023e105f4ecef8ad9ca31a8372d0c353 # (optional) limit to a specific zone.
+        - --provider=cloudflare
+        # - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...)
+        - --cloudflare-dns-records-per-page=5000 # (optional) configure how many DNS records to fetch per request
+        env:
+        - name: CF_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-api
+              key: api-key
+        - name: CF_API_EMAIL
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-api
+              key: api-email

infrastructure/external-dns/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: external-dns
+
+resources:
+  - namespace.yaml
+  - cloudflare.sealedsecret.yaml
+  - deployment.yaml
+
+images:
+  - name: external-dns
+    newName: registry.k8s.io/external-dns/external-dns
+    newTag: v0.14.0

infrastructure/external-dns/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

infrastructure/traefik-system/configmap.yaml

@@ -48,8 +48,10 @@ data:
         allowCrossNamespace = true
       [providers.kubernetesIngress]
         allowExternalNameServices = true
-        ingressClass = "traefik"
-    
+        ingressClass = "traefik"    
+        [providers.kubernetesIngress.ingressEndpoint]
+          hostname = "moll.re"
+
     [serversTransport]
       insecureSkipVerify = true
  
@@ -72,17 +74,13 @@ data:
         address = ":853"
 
     [metrics]
-      [metrics.influxDB2]
-      address = "http://influxdb-influxdb2.monitoring:80"
-      token = "N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ=="
-      org = "influxdata"
-      bucket = "kluster"
+      [metrics.prometheus]
+      entryPoint = "metrics"
+      addEntryPointsLabels = true
+      addServicesLabels = true
+
 
     [certificatesResolvers.default-tls.acme]
       email = "me@moll.re"
       storage = "/certs/acme.json"
       [certificatesResolvers.default-tls.acme.tlsChallenge]
-
-    [experimental.plugins.traefik-plugin-geoblock]
-      moduleName = "github.com/nscuro/traefik-plugin-geoblock"
-      version = "v0.10.0"

infrastructure/traefik-system/kustomization.yaml

@@ -4,6 +4,7 @@ resources:
   - namespace.yaml
   - pvc.yaml
   - configmap.yaml
+  - servicemonitor.yaml
 
 namespace: traefik-system
 
@@ -13,8 +14,3 @@ helmCharts:
     version: 26.0.0
     valuesFile: values.yaml
     repo: https://helm.traefik.io/traefik
-  # - name: telegraf
-  #   releaseName: telegraf?
-  #   version: "?"
-  #   valuesFile: telegraf.values.yaml
-  #   repo: https://helm.influxdata.com/

infrastructure/traefik-system/servicemonitor.yaml

@@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: traefik-servicemonitor
+  labels:
+    app: traefik
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+  endpoints:
+    - port: metrics
+      path: /metrics