diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 591fe913..6238d013 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,4 +1,4 @@ -- repo: https://github.com/onedr0p/sops-pre-commit - rev: v2.1.0 - hooks: - - id: forbid-secrets +# - repo: https://github.com/onedr0p/sops-pre-commit +# rev: v2.1.0 +# hooks: +# - id: forbid-secrets diff --git a/kube/1-clusters/Biohazard/2-config/3-secrets.yaml b/kube/1-clusters/Biohazard/2-config/3-secrets.yaml index a83eabe5..8d0ecea3 100644 --- a/kube/1-clusters/Biohazard/2-config/3-secrets.yaml +++ b/kube/1-clusters/Biohazard/2-config/3-secrets.yaml @@ -22,8 +22,8 @@ sops: UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T18:12:44Z" - mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str] + lastmodified: "2023-03-01T03:29:52Z" + mac: ENC[AES256_GCM,data:rZhGcMDGdcKm0XOQnVXLW7wOYH4mVAMn7l7mOpF3rCP0iSLfPD4Gy2PsC3GeaUyo3DAj40xUWgRuPpnyQzk1Ow9rp7zl+mzTMeFt6nfhYBUcHD5qYcpbrXIKFYksgL5I48SXcf/1KLmU2uTgGWPa8Sb5t+aqUcCUBJBH0UMDXZo=,iv:Pm2ULbnInwptIbDZGda121vrp7QqDVAdSszwW5nvM/4=,tag:N/CNkC7VPxkjTGMF+ERkww==,type:str] pgp: - created_at: "2023-02-26T18:12:43Z" enc: | @@ -61,8 +61,8 @@ sops: UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T18:12:44Z" - mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str] + lastmodified: "2023-03-01T03:29:52Z" + mac: ENC[AES256_GCM,data:rZhGcMDGdcKm0XOQnVXLW7wOYH4mVAMn7l7mOpF3rCP0iSLfPD4Gy2PsC3GeaUyo3DAj40xUWgRuPpnyQzk1Ow9rp7zl+mzTMeFt6nfhYBUcHD5qYcpbrXIKFYksgL5I48SXcf/1KLmU2uTgGWPa8Sb5t+aqUcCUBJBH0UMDXZo=,iv:Pm2ULbnInwptIbDZGda121vrp7QqDVAdSszwW5nvM/4=,tag:N/CNkC7VPxkjTGMF+ERkww==,type:str] pgp: - created_at: "2023-02-26T18:12:43Z" enc: | @@ -86,6 +86,7 @@ metadata: stringData: TEST: ENC[AES256_GCM,data:Hg7qUIV8/LcdFZT2,iv:jgNFUecJhj9EgkFCexym843VQUJQJVHW2Ne4H59BUa4=,tag:G/D7ZjLSkNQAJN4TOMSaaw==,type:str] SECRET_SANDSTORM_ADMIN_PASSWORD: ENC[AES256_GCM,data:iYMzuIT3l8Na9R+ivzw/,iv:aSz/PDfnf5NjprFP0F/8MSCHbSNvW1jPKGO3OXM63wE=,tag:TXpMceEeEQMDpSpSwkihTA==,type:str] + CLOUDFLARE_API_KEY: ENC[AES256_GCM,data:IjhX7PRvlOrAZHhld4eUTnk0U6e+26ddBvDAzskqal68OKDhnYNGcQ==,iv:Jh+AZONqsY3nlpdG+mgwQNkHFTB38DOPCUhMZVHNIqI=,tag:PWRooXwDuDWZ8/oRfxKslA==,type:str] sops: kms: [] gcp_kms: [] @@ -101,8 +102,8 @@ sops: UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-26T18:12:44Z" - mac: ENC[AES256_GCM,data:v+gykqgTjK3oQi21TMAM1VTXiW19QNay+nOo3Ou3EL79C6wVEX8U7MSHR/6t4LbcfVqzI+O66/VkV8rx8gOtId2A3TrgmR2At9FQQ/vkgUbmuXENBpyGe5hOuT2eQnPsgN+FjPIqR3PZxLfY5GgesDsj/RTs5uQm+njFl+OdUwU=,iv:LLyw2K0hOHhNYtE6A1m3q3lK16lsRhP7zAZABb1FH4E=,tag:G4hGY7ZCnucuBb8dGLqozw==,type:str] + lastmodified: "2023-03-01T03:29:52Z" + mac: ENC[AES256_GCM,data:rZhGcMDGdcKm0XOQnVXLW7wOYH4mVAMn7l7mOpF3rCP0iSLfPD4Gy2PsC3GeaUyo3DAj40xUWgRuPpnyQzk1Ow9rp7zl+mzTMeFt6nfhYBUcHD5qYcpbrXIKFYksgL5I48SXcf/1KLmU2uTgGWPa8Sb5t+aqUcCUBJBH0UMDXZo=,iv:Pm2ULbnInwptIbDZGda121vrp7QqDVAdSszwW5nvM/4=,tag:N/CNkC7VPxkjTGMF+ERkww==,type:str] pgp: - created_at: "2023-02-26T18:12:43Z" enc: | diff --git a/kube/1-clusters/Biohazard/2-config/5-deploy.yaml b/kube/1-clusters/Biohazard/2-config/5-deploy.yaml index 79a1c2fe..1d471e42 100644 --- a/kube/1-clusters/Biohazard/2-config/5-deploy.yaml +++ b/kube/1-clusters/Biohazard/2-config/5-deploy.yaml @@ -109,6 +109,24 @@ spec: --- apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository +metadata: + name: external-dns + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/external-dns/ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: biohazard-1-core-04-dns-external + namespace: flux-system +spec: + path: ./kube/3-deploy/1-core/04-dns/external + dependsOn: [] +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository metadata: name: ingress-nginx namespace: flux-system diff --git a/kube/3-deploy/1-core/04-dns/external/1-namespace.yaml b/kube/3-deploy/1-core/04-dns/external/1-namespace.yaml new file mode 100644 index 00000000..3e353b51 --- /dev/null +++ b/kube/3-deploy/1-core/04-dns/external/1-namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns diff --git a/kube/3-deploy/1-core/04-dns/external/2-secrets.yaml b/kube/3-deploy/1-core/04-dns/external/2-secrets.yaml new file mode 100644 index 00000000..de49d04f --- /dev/null +++ b/kube/3-deploy/1-core/04-dns/external/2-secrets.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-secret + namespace: external-dns +stringData: + api-key: ${CLOUDFLARE_API_KEY} diff --git a/kube/3-deploy/1-core/04-dns/external/3-external-dns.yaml b/kube/3-deploy/1-core/04-dns/external/3-external-dns.yaml new file mode 100644 index 00000000..be1154c8 --- /dev/null +++ b/kube/3-deploy/1-core/04-dns/external/3-external-dns.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: external-dns + namespace: external-dns +spec: + chart: + spec: + chart: external-dns + version: 1.12.1 + sourceRef: + name: external-dns + values: + interval: 2m + # logLevel: debug + provider: cloudflare + env: + - name: CF_API_KEY + valueFrom: + secretKeyRef: + name: cloudflare-secret + key: api-key + extraArgs: + - --annotation-filter=external-dns.alpha.kubernetes.io/target + policy: sync + sources: + - ingress + txtPrefix: "k8s-${CLUSTER_NAME}." + txtOwnerId: default + domainFilters: + - "${DNS_SHORT}" + - "${DNS_MAIN}" + - "${DNS_VPN}" diff --git a/kube/3-deploy/1-core/04-dns/external/kustomization.yaml b/kube/3-deploy/1-core/04-dns/external/kustomization.yaml new file mode 100644 index 00000000..277d1107 --- /dev/null +++ b/kube/3-deploy/1-core/04-dns/external/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - 1-namespace.yaml + - 2-secrets.yaml + - 3-external-dns.yaml diff --git a/kube/3-deploy/1-core/04-dns/1-namespace.yaml b/kube/3-deploy/1-core/04-dns/internal/1-namespace.yaml similarity index 100% rename from kube/3-deploy/1-core/04-dns/1-namespace.yaml rename to kube/3-deploy/1-core/04-dns/internal/1-namespace.yaml diff --git a/kube/3-deploy/1-core/04-dns/2-internal-dns.yaml b/kube/3-deploy/1-core/04-dns/internal/2-k8s-gateway.yaml similarity index 100% rename from kube/3-deploy/1-core/04-dns/2-internal-dns.yaml rename to kube/3-deploy/1-core/04-dns/internal/2-k8s-gateway.yaml diff --git a/kube/3-deploy/1-core/04-dns/kustomization.yaml b/kube/3-deploy/1-core/04-dns/internal/kustomization.yaml similarity index 80% rename from kube/3-deploy/1-core/04-dns/kustomization.yaml rename to kube/3-deploy/1-core/04-dns/internal/kustomization.yaml index 8806f06e..070d9990 100644 --- a/kube/3-deploy/1-core/04-dns/kustomization.yaml +++ b/kube/3-deploy/1-core/04-dns/internal/kustomization.yaml @@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - 1-namespace.yaml - - 2-internal-dns.yaml + - 2-k8s-gateway.yaml