add external dns

2024-01-07 11:35:52 +01:00 · 2024-01-07 11:35:52 +01:00 · 33c2df9fa3
commit 33c2df9fa3
parent 3d84d6bed1
10 changed files with 118 additions and 17 deletions
--- a/infrastructure/external-dns/cloudflare.sealedsecret.yaml
+++ b/infrastructure/external-dns/cloudflare.sealedsecret.yaml
@ -0,0 +1,17 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: cloudflare-api
  namespace: external-dns
 spec:
  encryptedData:
    api-email: AgCgzMMs78RneCUwm+94AdQuJ8vPyZzio1nQyxVinC9/GtNu17miRx3Tqgzd648ra+UTAG9/uZGKaCYCA6BvdVwYB+7T0msLwzy1I+hqJwKLvYVzXh67b1PN2oYEKzINV0qxPBoE5+yVqduevxRpb8Xs3f1TbR22j2bdjPV3PudLeLKM2RiUqL05MoORLd49J+G67Hf29wtiFmm7Kgslma+dKiLJTATMyFT6PUn6ELxNuTZAcFCeNK9XhH8kVD4lBQP9cO1QUy2I6mbQCadzPFEZBdTfcmisqHnVy7iE90oH7wUU+U3F3BE7dDVTsmfU+HxkYNKYbPDdlqPwNRlQ3s+TIImaPGuXWzPFoebMB3VCT/g56/RXeqPzroF633+73S8v/mex7To259xSQ2AFmrl9+NMu4LZsdEhoTvV3j2K4v+1REp0PyPskMl7Ty7hS7+f79bJ4EuvrnWtcZL3LWwH0l5X11lQdoa3mYpF9W61x84/Jp9GoC4NGJb6kdy+lSf+zY2gYfxw54rWwgzdKwAyeszyxty7fIPbJzo+BHIAqnaqyDL2Mx/NfaVb4hxA1kODq0XymUAoTfTBIYmmbM6EsJzmXwji1LVlOfvir1EzhG9P7R9xvxCqGy3XL7Tu/A6413Iq+UfeJGfqfIXYBk1VNcVvZTK0D0ZPptF3kderGIng6gbLYn2o6847vBgpnUCvo+IDKi/qYuSqueLozX9146zfW
    api-key: AgARzqN8QGUma9+Ay0pv/KW8kZ7Y/6iyD97nvhn5UIpb0tcTtSKx6l2l6JlI1z+LlAxD6+kXfBSUoHTLiSyzIH9iUeznEbb3I5xlTJ7uyR4REQl8mVAG0hQbpv+pLTp9hqaoTOgzk4UwRhjnro9m8hb1yBysS0/S5RIDisM/3ckDdPA0LUj0c+fRrwuIjmkg6IpAjNKL8fdcBRWhSPXcfP4C0QTJwbgFPuE6j4ogJIpR5IrkR7rT/Pc3IkRcg3IN6Sg6hqDDEbWx53yjGa1AYAuLyZIh9lEuzWsLhgHpiB7IjDZGevptwB3Xxth3RoN2wAuusNe2kTu7+9ALEhib+p8Lg5BztKP8HV/V65knS52zk6xon3Er5nJRY+zzbllbxKIASqDjDRzga4A48ZTp1yGXx8QPe3EOQDEPOs9X8kTKNO/0ecWBBvxe7rn2oqDHOMbC/PJW884oMarx2Pq3bnST/eAwK6ErpdWxuc2F5Y6VcnM2T9VFmpdTJxPELIj2TCIzxlmZeeplAmVU9wc/2uWzBMUQ7fBf5fFryni0uunzmahmfbMsRXIaB2Co1KYoIKNJ11OcN/n2oGed4sMNSTlU7b4pFNMojBOFEYqwgWATzYw0q9JAZH/oPdmpC9Y3Jm/mSra1ptt7+ccrkF0QvgziO6bZsgTter2J+oKHPhD1hBE+3Gwhxiod3cWOStiqz87vCzc+bnyRfdQ7PKxuSkJaGO//uY+byl8iK922KlHoIQVZmvAyK5Ry
  template:
    metadata:
      creationTimestamp: null
      name: cloudflare-api
      namespace: external-dns
    type: Opaque
--- a/infrastructure/external-dns/deployment.yaml
+++ b/infrastructure/external-dns/deployment.yaml
@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: external-dns
 spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      containers:
      - name: external-dns
        image: external-dns
        args:
        - --source=service # ingress is also possible
        - --domain-filter=moll.re # (optional) limit to only example.com domains; change to match the zone created above.
        # - --zone-id-filter=023e105f4ecef8ad9ca31a8372d0c353 # (optional) limit to a specific zone.
        - --provider=cloudflare
        # - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...)
        - --cloudflare-dns-records-per-page=5000 # (optional) configure how many DNS records to fetch per request
        env:
        - name: CF_API_KEY
          valueFrom:
            secretKeyRef:
              name: cloudflare-api
              key: api-key
        - name: CF_API_EMAIL
          valueFrom:
            secretKeyRef:
              name: cloudflare-api
              key: api-email
--- a/infrastructure/external-dns/kustomization.yaml
+++ b/infrastructure/external-dns/kustomization.yaml
@ -0,0 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: external-dns
 resources:
  - namespace.yaml
  - cloudflare.sealedsecret.yaml
  - deployment.yaml
 images:
  - name: external-dns
    newName: registry.k8s.io/external-dns/external-dns
    newTag: v0.14.0
--- a/infrastructure/external-dns/namespace.yaml
+++ b/infrastructure/external-dns/namespace.yaml
@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: placeholder
--- a/infrastructure/traefik-system/configmap.yaml
+++ b/infrastructure/traefik-system/configmap.yaml
@ -49,6 +49,8 @@ data:
      [providers.kubernetesIngress]
        allowExternalNameServices = true
        ingressClass = "traefik"    
        [providers.kubernetesIngress.ingressEndpoint]
          hostname = "moll.re"
    [serversTransport]
      insecureSkipVerify = true
@ -72,17 +74,13 @@ data:
        address = ":853"
    [metrics]
-      [metrics.influxDB2]
+      [metrics.prometheus]
-      address = "http://influxdb-influxdb2.monitoring:80"
+      entryPoint = "metrics"
-      token = "N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ=="
+      addEntryPointsLabels = true
-      org = "influxdata"
+      addServicesLabels = true
-      bucket = "kluster"
+
    [certificatesResolvers.default-tls.acme]
      email = "me@moll.re"
      storage = "/certs/acme.json"
      [certificatesResolvers.default-tls.acme.tlsChallenge]
    [experimental.plugins.traefik-plugin-geoblock]
      moduleName = "github.com/nscuro/traefik-plugin-geoblock"
      version = "v0.10.0"
--- a/infrastructure/traefik-system/kustomization.yaml
+++ b/infrastructure/traefik-system/kustomization.yaml
@ -4,6 +4,7 @@ resources:
  - namespace.yaml
  - pvc.yaml
  - configmap.yaml
  - servicemonitor.yaml
 namespace: traefik-system
@ -13,8 +14,3 @@ helmCharts:
    version: 26.0.0
    valuesFile: values.yaml
    repo: https://helm.traefik.io/traefik
  # - name: telegraf
  #   releaseName: telegraf?
  #   version: "?"
  #   valuesFile: telegraf.values.yaml
  #   repo: https://helm.influxdata.com/
--- a/infrastructure/traefik-system/servicemonitor.yaml
+++ b/infrastructure/traefik-system/servicemonitor.yaml
@ -0,0 +1,13 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: traefik-servicemonitor
  labels:
    app: traefik
 spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: traefik
  endpoints:
    - port: metrics
      path: /metrics
--- a/kluster-deployments/external-dns/application.yaml
+++ b/kluster-deployments/external-dns/application.yaml
@ -0,0 +1,18 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: external-dns-application
  namespace: argocd
 spec:
  project: infrastructure
  source:
    repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
    targetRevision: main
    path: infrastructure/external-dns
  destination:
    server: https://kubernetes.default.svc
    namespace: external-dns
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/kluster-deployments/external-dns/kustomization.yaml
+++ b/kluster-deployments/external-dns/kustomization.yaml
@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - application.yaml
--- a/kluster-deployments/kustomization.yaml
+++ b/kluster-deployments/kustomization.yaml
@ -18,6 +18,7 @@ resources:
  - gitea/
  - renovate/
  - traefik/
  - external-dns/
  # simple apps