fix(dns): restructure

Signed-off-by: JJGadgets <git@jjgadgets.tech>

.pre-commit-config.yaml

@@ -1,4 +1,4 @@
-- repo: https://github.com/onedr0p/sops-pre-commit
-  rev: v2.1.0
-  hooks:
-    - id: forbid-secrets
+# - repo: https://github.com/onedr0p/sops-pre-commit
+#   rev: v2.1.0
+#   hooks:
+#     - id: forbid-secrets

kube/1-clusters/Biohazard/2-config/3-secrets.yaml

@@ -22,8 +22,8 @@ sops:
             UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT
             k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-26T18:12:44Z"
-    mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str]
+    lastmodified: "2023-03-01T03:29:52Z"
+    mac: ENC[AES256_GCM,data:rZhGcMDGdcKm0XOQnVXLW7wOYH4mVAMn7l7mOpF3rCP0iSLfPD4Gy2PsC3GeaUyo3DAj40xUWgRuPpnyQzk1Ow9rp7zl+mzTMeFt6nfhYBUcHD5qYcpbrXIKFYksgL5I48SXcf/1KLmU2uTgGWPa8Sb5t+aqUcCUBJBH0UMDXZo=,iv:Pm2ULbnInwptIbDZGda121vrp7QqDVAdSszwW5nvM/4=,tag:N/CNkC7VPxkjTGMF+ERkww==,type:str]
     pgp:
         - created_at: "2023-02-26T18:12:43Z"
           enc: |
@@ -61,8 +61,8 @@ sops:
             UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT
             k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-26T18:12:44Z"
-    mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str]
+    lastmodified: "2023-03-01T03:29:52Z"
+    mac: ENC[AES256_GCM,data:rZhGcMDGdcKm0XOQnVXLW7wOYH4mVAMn7l7mOpF3rCP0iSLfPD4Gy2PsC3GeaUyo3DAj40xUWgRuPpnyQzk1Ow9rp7zl+mzTMeFt6nfhYBUcHD5qYcpbrXIKFYksgL5I48SXcf/1KLmU2uTgGWPa8Sb5t+aqUcCUBJBH0UMDXZo=,iv:Pm2ULbnInwptIbDZGda121vrp7QqDVAdSszwW5nvM/4=,tag:N/CNkC7VPxkjTGMF+ERkww==,type:str]
     pgp:
         - created_at: "2023-02-26T18:12:43Z"
           enc: |
@@ -86,6 +86,7 @@ metadata:
 stringData:
     TEST: ENC[AES256_GCM,data:Hg7qUIV8/LcdFZT2,iv:jgNFUecJhj9EgkFCexym843VQUJQJVHW2Ne4H59BUa4=,tag:G/D7ZjLSkNQAJN4TOMSaaw==,type:str]
     SECRET_SANDSTORM_ADMIN_PASSWORD: ENC[AES256_GCM,data:iYMzuIT3l8Na9R+ivzw/,iv:aSz/PDfnf5NjprFP0F/8MSCHbSNvW1jPKGO3OXM63wE=,tag:TXpMceEeEQMDpSpSwkihTA==,type:str]
+    CLOUDFLARE_API_KEY: ENC[AES256_GCM,data:IjhX7PRvlOrAZHhld4eUTnk0U6e+26ddBvDAzskqal68OKDhnYNGcQ==,iv:Jh+AZONqsY3nlpdG+mgwQNkHFTB38DOPCUhMZVHNIqI=,tag:PWRooXwDuDWZ8/oRfxKslA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -101,8 +102,8 @@ sops:
             UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT
             k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-26T18:12:44Z"
-    mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str]
+    lastmodified: "2023-03-01T03:29:52Z"
+    mac: ENC[AES256_GCM,data:rZhGcMDGdcKm0XOQnVXLW7wOYH4mVAMn7l7mOpF3rCP0iSLfPD4Gy2PsC3GeaUyo3DAj40xUWgRuPpnyQzk1Ow9rp7zl+mzTMeFt6nfhYBUcHD5qYcpbrXIKFYksgL5I48SXcf/1KLmU2uTgGWPa8Sb5t+aqUcCUBJBH0UMDXZo=,iv:Pm2ULbnInwptIbDZGda121vrp7QqDVAdSszwW5nvM/4=,tag:N/CNkC7VPxkjTGMF+ERkww==,type:str]
     pgp:
         - created_at: "2023-02-26T18:12:43Z"
           enc: |

kube/1-clusters/Biohazard/2-config/5-deploy.yaml

@@ -109,6 +109,24 @@ spec:
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
+metadata:
+  name: external-dns
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kubernetes-sigs.github.io/external-dns/
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: biohazard-1-core-04-dns-external
+  namespace: flux-system
+spec:
+  path: ./kube/3-deploy/1-core/04-dns/external
+  dependsOn: []
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
 metadata:
   name: ingress-nginx
   namespace: flux-system

kube/3-deploy/1-core/04-dns/external/1-namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-dns

kube/3-deploy/1-core/04-dns/external/2-secrets.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-secret
+  namespace: external-dns
+stringData:
+  api-key: ${CLOUDFLARE_API_KEY}

kube/3-deploy/1-core/04-dns/external/3-external-dns.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: external-dns
+  namespace: external-dns
+spec:
+  chart:
+    spec:
+      chart: external-dns
+      version: 1.12.1
+      sourceRef:
+        name: external-dns
+  values:
+    interval: 2m
+    # logLevel: debug
+    provider: cloudflare
+    env:
+      - name: CF_API_KEY
+        valueFrom:
+          secretKeyRef:
+            name: cloudflare-secret
+            key: api-key
+    extraArgs:
+      - --annotation-filter=external-dns.alpha.kubernetes.io/target
+    policy: sync
+    sources:
+      - ingress
+    txtPrefix: "k8s-${CLUSTER_NAME}."
+    txtOwnerId: default
+    domainFilters:
+      - "${DNS_SHORT}"
+      - "${DNS_MAIN}"
+      - "${DNS_VPN}"

kube/3-deploy/1-core/04-dns/external/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - 1-namespace.yaml
+  - 2-secrets.yaml
+  - 3-external-dns.yaml

kube/3-deploy/1-core/04-dns/internal/kustomization.yaml

@@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - 1-namespace.yaml
-  - 2-internal-dns.yaml
+  - 2-k8s-gateway.yaml