add external dns

2024-01-07 11:35:52 +01:00 · 2024-01-07 11:35:52 +01:00 · 33c2df9fa3
commit 33c2df9fa3
parent 3d84d6bed1
10 changed files with 118 additions and 17 deletions
--- a/infrastructure/external-dns/cloudflare.sealedsecret.yaml
+++ b/infrastructure/external-dns/cloudflare.sealedsecret.yaml
@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-api
+  namespace: external-dns
+spec:
+  encryptedData:
+    api-email: AgCgzMMs78RneCUwm+94AdQuJ8vPyZzio1nQyxVinC9/GtNu17miRx3Tqgzd648ra+UTAG9/uZGKaCYCA6BvdVwYB+7T0msLwzy1I+hqJwKLvYVzXh67b1PN2oYEKzINV0qxPBoE5+yVqduevxRpb8Xs3f1TbR22j2bdjPV3PudLeLKM2RiUqL05MoORLd49J+G67Hf29wtiFmm7Kgslma+dKiLJTATMyFT6PUn6ELxNuTZAcFCeNK9XhH8kVD4lBQP9cO1QUy2I6mbQCadzPFEZBdTfcmisqHnVy7iE90oH7wUU+U3F3BE7dDVTsmfU+HxkYNKYbPDdlqPwNRlQ3s+TIImaPGuXWzPFoebMB3VCT/g56/RXeqPzroF633+73S8v/mex7To259xSQ2AFmrl9+NMu4LZsdEhoTvV3j2K4v+1REp0PyPskMl7Ty7hS7+f79bJ4EuvrnWtcZL3LWwH0l5X11lQdoa3mYpF9W61x84/Jp9GoC4NGJb6kdy+lSf+zY2gYfxw54rWwgzdKwAyeszyxty7fIPbJzo+BHIAqnaqyDL2Mx/NfaVb4hxA1kODq0XymUAoTfTBIYmmbM6EsJzmXwji1LVlOfvir1EzhG9P7R9xvxCqGy3XL7Tu/A6413Iq+UfeJGfqfIXYBk1VNcVvZTK0D0ZPptF3kderGIng6gbLYn2o6847vBgpnUCvo+IDKi/qYuSqueLozX9146zfW
+    api-key: AgARzqN8QGUma9+Ay0pv/KW8kZ7Y/6iyD97nvhn5UIpb0tcTtSKx6l2l6JlI1z+LlAxD6+kXfBSUoHTLiSyzIH9iUeznEbb3I5xlTJ7uyR4REQl8mVAG0hQbpv+pLTp9hqaoTOgzk4UwRhjnro9m8hb1yBysS0/S5RIDisM/3ckDdPA0LUj0c+fRrwuIjmkg6IpAjNKL8fdcBRWhSPXcfP4C0QTJwbgFPuE6j4ogJIpR5IrkR7rT/Pc3IkRcg3IN6Sg6hqDDEbWx53yjGa1AYAuLyZIh9lEuzWsLhgHpiB7IjDZGevptwB3Xxth3RoN2wAuusNe2kTu7+9ALEhib+p8Lg5BztKP8HV/V65knS52zk6xon3Er5nJRY+zzbllbxKIASqDjDRzga4A48ZTp1yGXx8QPe3EOQDEPOs9X8kTKNO/0ecWBBvxe7rn2oqDHOMbC/PJW884oMarx2Pq3bnST/eAwK6ErpdWxuc2F5Y6VcnM2T9VFmpdTJxPELIj2TCIzxlmZeeplAmVU9wc/2uWzBMUQ7fBf5fFryni0uunzmahmfbMsRXIaB2Co1KYoIKNJ11OcN/n2oGed4sMNSTlU7b4pFNMojBOFEYqwgWATzYw0q9JAZH/oPdmpC9Y3Jm/mSra1ptt7+ccrkF0QvgziO6bZsgTter2J+oKHPhD1hBE+3Gwhxiod3cWOStiqz87vCzc+bnyRfdQ7PKxuSkJaGO//uY+byl8iK922KlHoIQVZmvAyK5Ry
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-api
+      namespace: external-dns
+    type: Opaque
--- a/infrastructure/external-dns/deployment.yaml
+++ b/infrastructure/external-dns/deployment.yaml
@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      containers:
+      - name: external-dns
+        image: external-dns
+        args:
+        - --source=service # ingress is also possible
+        - --domain-filter=moll.re # (optional) limit to only example.com domains; change to match the zone created above.
+        # - --zone-id-filter=023e105f4ecef8ad9ca31a8372d0c353 # (optional) limit to a specific zone.
+        - --provider=cloudflare
+        # - --cloudflare-proxied # (optional) enable the proxy feature of Cloudflare (DDOS protection, CDN...)
+        - --cloudflare-dns-records-per-page=5000 # (optional) configure how many DNS records to fetch per request
+        env:
+        - name: CF_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-api
+              key: api-key
+        - name: CF_API_EMAIL
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-api
+              key: api-email
--- a/infrastructure/external-dns/kustomization.yaml
+++ b/infrastructure/external-dns/kustomization.yaml
@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: external-dns
+
+resources:
+  - namespace.yaml
+  - cloudflare.sealedsecret.yaml
+  - deployment.yaml
+
+images:
+  - name: external-dns
+    newName: registry.k8s.io/external-dns/external-dns
+    newTag: v0.14.0
--- a/infrastructure/external-dns/namespace.yaml
+++ b/infrastructure/external-dns/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
--- a/infrastructure/traefik-system/configmap.yaml
+++ b/infrastructure/traefik-system/configmap.yaml
@ -49,6 +49,8 @@ data:
      [providers.kubernetesIngress]
        allowExternalNameServices = true
        ingressClass = "traefik"    
+        [providers.kubernetesIngress.ingressEndpoint]
+          hostname = "moll.re"

    [serversTransport]
      insecureSkipVerify = true
@ -72,17 +74,13 @@ data:
        address = ":853"

    [metrics]
-      [metrics.influxDB2]
-      address = "http://influxdb-influxdb2.monitoring:80"
-      token = "N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ=="
-      org = "influxdata"
-      bucket = "kluster"
+      [metrics.prometheus]
+      entryPoint = "metrics"
+      addEntryPointsLabels = true
+      addServicesLabels = true
+

    [certificatesResolvers.default-tls.acme]
      email = "me@moll.re"
      storage = "/certs/acme.json"
      [certificatesResolvers.default-tls.acme.tlsChallenge]
-
-    [experimental.plugins.traefik-plugin-geoblock]
-      moduleName = "github.com/nscuro/traefik-plugin-geoblock"
-      version = "v0.10.0"
--- a/infrastructure/traefik-system/kustomization.yaml
+++ b/infrastructure/traefik-system/kustomization.yaml
@ -4,6 +4,7 @@ resources:
  - namespace.yaml
  - pvc.yaml
  - configmap.yaml
+  - servicemonitor.yaml

 namespace: traefik-system

@ -13,8 +14,3 @@ helmCharts:
    version: 26.0.0
    valuesFile: values.yaml
    repo: https://helm.traefik.io/traefik
-  # - name: telegraf
-  #   releaseName: telegraf?
-  #   version: "?"
-  #   valuesFile: telegraf.values.yaml
-  #   repo: https://helm.influxdata.com/
--- a/infrastructure/traefik-system/servicemonitor.yaml
+++ b/infrastructure/traefik-system/servicemonitor.yaml
@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: traefik-servicemonitor
+  labels:
+    app: traefik
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+  endpoints:
+    - port: metrics
+      path: /metrics
--- a/kluster-deployments/external-dns/application.yaml
+++ b/kluster-deployments/external-dns/application.yaml
@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-dns-application
+  namespace: argocd
+spec:
+  project: infrastructure
+  source:
+    repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
+    targetRevision: main
+    path: infrastructure/external-dns
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: external-dns
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
--- a/kluster-deployments/external-dns/kustomization.yaml
+++ b/kluster-deployments/external-dns/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml
--- a/kluster-deployments/kustomization.yaml
+++ b/kluster-deployments/kustomization.yaml
@ -18,6 +18,7 @@ resources:
  - gitea/
  - renovate/
  - traefik/
+  - external-dns/


  # simple apps