scottk/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-03-21 23:39:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add CloudFlare tunnel

Browse Source 
Signed-off-by: JJGadgets <git@jjgadgets.tech>
This commit is contained in:
JJGadgets
2023-04-25 07:29:06 +08:00
parent 042d64cdef
commit 6ccb71ec63
7 changed files with 112 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kube/1-clusters/Biohazard/2-config/3-secrets.yaml
View File

@@ -22,8 +22,8 @@ sops:
UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT
k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-21T00:19:20Z"
mac: ENC[AES256_GCM,data:ou1EgST3yzaxe8vLLarKeeNgqeyXKivQMlLCzzcQVzYDAXca0RskpEPMfon6UPH3yiOo3P4r3lLjscsdvwAYkW1OpKokTEE7ZSyNDSuZmH+OU1DVaBG8SDO8y80mu8cWJrdjwbUC74+XfLSgGwgwwJzUHPKM2juzTYzxFzZdhVE=,iv:nOnLAFeJGnA1qS1MMOVM+1yU8tvo6xd2YsZBvRthWOU=,tag:2RyULufB+s/23CrVKZrSPw==,type:str]
lastmodified: "2023-04-24T23:17:14Z"
mac: ENC[AES256_GCM,data:KpAhbri6kN/jJJi83ZszUgMBMfowUB7cplsOpE8WnwZQV59I0o3frQefQACTF8GD0hnXxiHx4mXDd7gYoa4aRvSkyci7JNifrPRi5ueQtLxD/hShHgFqguMhl8adWmnReX8IO7h2qGpVRYbduFcjULnkuSMrduUEF2AQongIAxY=,iv:3Zk7t4NJO/sKCm8GLGutF3SmrtVgRs+Z8h2ecUl4Qdo=,tag:BpWk6LW3JJVpmup0m+bHyg==,type:str]
pgp:
- created_at: "2023-02-26T18:12:43Z"
enc: |
@@ -61,8 +61,8 @@ sops:
UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT
k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-21T00:19:20Z"
mac: ENC[AES256_GCM,data:ou1EgST3yzaxe8vLLarKeeNgqeyXKivQMlLCzzcQVzYDAXca0RskpEPMfon6UPH3yiOo3P4r3lLjscsdvwAYkW1OpKokTEE7ZSyNDSuZmH+OU1DVaBG8SDO8y80mu8cWJrdjwbUC74+XfLSgGwgwwJzUHPKM2juzTYzxFzZdhVE=,iv:nOnLAFeJGnA1qS1MMOVM+1yU8tvo6xd2YsZBvRthWOU=,tag:2RyULufB+s/23CrVKZrSPw==,type:str]
lastmodified: "2023-04-24T23:17:14Z"
mac: ENC[AES256_GCM,data:KpAhbri6kN/jJJi83ZszUgMBMfowUB7cplsOpE8WnwZQV59I0o3frQefQACTF8GD0hnXxiHx4mXDd7gYoa4aRvSkyci7JNifrPRi5ueQtLxD/hShHgFqguMhl8adWmnReX8IO7h2qGpVRYbduFcjULnkuSMrduUEF2AQongIAxY=,iv:3Zk7t4NJO/sKCm8GLGutF3SmrtVgRs+Z8h2ecUl4Qdo=,tag:BpWk6LW3JJVpmup0m+bHyg==,type:str]
pgp:
- created_at: "2023-02-26T18:12:43Z"
enc: |
@@ -88,6 +88,8 @@ stringData:
SECRET_SANDSTORM_ADMIN_PASSWORD: ENC[AES256_GCM,data:iYMzuIT3l8Na9R+ivzw/,iv:aSz/PDfnf5NjprFP0F/8MSCHbSNvW1jPKGO3OXM63wE=,tag:TXpMceEeEQMDpSpSwkihTA==,type:str]
CLOUDFLARE_EMAIL: ENC[AES256_GCM,data:/1LlGIvbc3FbsOQ6AJV5/BWoHGmijg==,iv:xmSF9Pbx4cc5iAe1kkmcEzggKOdzoQLTp1d5DkIfyTM=,tag:4LyeHbV+nThNfhwAf1fyxg==,type:str]
CLOUDFLARE_API_KEY: ENC[AES256_GCM,data:IjhX7PRvlOrAZHhld4eUTnk0U6e+26ddBvDAzskqal68OKDhnYNGcQ==,iv:Jh+AZONqsY3nlpdG+mgwQNkHFTB38DOPCUhMZVHNIqI=,tag:PWRooXwDuDWZ8/oRfxKslA==,type:str]
SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:yPjiPwCwax7XEipMsVxMAYqc9zAX1mmXgvGsBjuxGc0/mj5R,iv:66hgExptGr8MFGErctzTx1apJbVaXqF4HD/SSSifc0k=,tag:l36AHL7VDK1MC6rbxa0LFA==,type:str]
SECRET_CLOUDFLARE_TUNNEL_CREDS: ENC[AES256_GCM,data:2CKmTAuYGngYVQ7bwwbPOYqSfGc8hFWWrHdnSeq6iIM0Kp/TALhcLSpuSICp8K75kEBapLzC2K6qhJeDPqGBaMORVSYOTSnlvohv14G7AS7Z4R2ehv2xVFoB5wswRJjmh5lrHmNxFfeY4IXINcb8KK/Lmv80P4BEzyxO0cL1KlKZ7gGCcaxQQzkdHMUszdrWUhJ992wGyJnJhAsV50g0Umc=,iv:hpmfzax4tMf+9NLFHfRJSFumN6TdfjTtmqd2tI+pN7o=,tag:bAQeLqQj1cj/389Rp7cnqg==,type:str]
SECRET_AUTHENTIK_REMOTE_TOKEN: ENC[AES256_GCM,data:JJ/1cOCyXy87098S5TEEjh07t2oKRQ3iKdV5gFZYE5ijR50SYu0GuBT5282MLtDA8lfi0m1hdkJ1pWAB,iv:CdQCBYDRW/sosDoDu10LD2Hrsc6MPQ/upl+A2R0MuRY=,tag:+0e0w06ze085EMzuuErDzA==,type:str]
SECRET_AUTHENTIK_OIDC_URL_AUTHZ: ENC[AES256_GCM,data:RqG5PYN05DAMaAYRY/iIjX5cxhfDxXuIfAMxW3Q/BIYQJeyPNWQpstDs0cCh8nn6YKItWw==,iv:UpbF3TfOV7hn2cvo0eGOnctZ9Imta/g4MW+qp0gqpa4=,tag:2ICHiYgi6RH3IW4f9MBNcg==,type:str]
SECRET_AUTHENTIK_OIDC_URL_TOKEN: ENC[AES256_GCM,data:OWNANfS4KqphsIC0/o+Ax+7qn6E4B5J/a2JTdkGJdjr0N8bXznC5pq2NSHR7y9bR,iv:dKxvZSau2RnEMsyByGC9a47Ajzvs6cfSZpk3xOG4s6c=,tag:GEKvIA9rfoqgQPFL1H1qgA==,type:str]
@@ -117,8 +119,8 @@ sops:
UmFEd0UveklMeHpwYmJWcG91cU4xUUUKYKm5ZiuBX5d4oadXp8mNt+v0MASMRbqT
k6WGNihbkfA5z8aLnx4vR7tA4ORv70s7ALXvzZCD0m/fMnG8e9ssdA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-21T00:19:20Z"
mac: ENC[AES256_GCM,data:ou1EgST3yzaxe8vLLarKeeNgqeyXKivQMlLCzzcQVzYDAXca0RskpEPMfon6UPH3yiOo3P4r3lLjscsdvwAYkW1OpKokTEE7ZSyNDSuZmH+OU1DVaBG8SDO8y80mu8cWJrdjwbUC74+XfLSgGwgwwJzUHPKM2juzTYzxFzZdhVE=,iv:nOnLAFeJGnA1qS1MMOVM+1yU8tvo6xd2YsZBvRthWOU=,tag:2RyULufB+s/23CrVKZrSPw==,type:str]
lastmodified: "2023-04-24T23:17:14Z"
mac: ENC[AES256_GCM,data:KpAhbri6kN/jJJi83ZszUgMBMfowUB7cplsOpE8WnwZQV59I0o3frQefQACTF8GD0hnXxiHx4mXDd7gYoa4aRvSkyci7JNifrPRi5ueQtLxD/hShHgFqguMhl8adWmnReX8IO7h2qGpVRYbduFcjULnkuSMrduUEF2AQongIAxY=,iv:3Zk7t4NJO/sKCm8GLGutF3SmrtVgRs+Z8h2ecUl4Qdo=,tag:BpWk6LW3JJVpmup0m+bHyg==,type:str]
pgp:
- created_at: "2023-02-26T18:12:43Z"
enc: |

1
kube/1-clusters/Biohazard/2-config/kustomization.yaml
View File

@@ -8,6 +8,7 @@ resources:
- 4-vars.yaml
- 5-deploy.yaml
- ceph-rgw-ext-users.yaml
- ../../../3-deploy/1-core/05-ingress/cloudflare/
- ../../../3-deploy/1-core/06-monitoring/1-deps/
- ../../../3-deploy/1-core/06-monitoring/node-exporter/
- ../../../3-deploy/2-apps/default/

5
kube/3-deploy/1-core/05-ingress/cloudflare/deps/namespace.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cloudflare

24
kube/3-deploy/1-core/05-ingress/cloudflare/ks.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: cloudflare-deps
namespace: flux-system
spec:
path: ./kube/3-deploy/2-apps/cloudflare/deps
dependsOn: []
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: cloudflare-tunnel
namespace: flux-system
spec:
path: ./kube/3-deploy/2-apps/cloudflare/tunnel
dependsOn:
- name: cloudflare-deps
healthChecks:
- name: cloudflared
namespace: cloudflare
kind: HelmRelease
apiVersion: helm.toolkit.fluxcd.io/v2beta1

5
kube/3-deploy/1-core/05-ingress/cloudflare/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ks.yaml

60
kube/3-deploy/1-core/05-ingress/cloudflare/tunnel/hr.yaml Normal file
View File

@@ -0,0 +1,60 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cloudflared
namespace: cloudflare
spec:
chart:
spec:
chart: app-template
version: 1.4.0
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
values:
controller:
type: daemonset
image:
repository: cloudflare/cloudflared
tag: 2023.4.2
args: ['tunnel', '--config', '/etc/cloudflared/config.yaml', 'run']
service:
main:
enabled: false
persistence:
config:
enabled: true
type: configMap
name: cloudflared-config
mountPath: /etc/cloudflared/config.yaml
subPath: config.yaml
readOnly: true
credentials:
enabled: true
type: secret
name: cloudflared-credentials
mountPath: /etc/cloudflared/credentials.json
subPath: credentials.json
readOnly: true
configMaps:
config:
enabled: true
data:
config.yaml: |
tunnel: "${SECRET_CLOUDFLARE_TUNNEL_ID}"
credentials-file: /etc/cloudflared/credentials.json
no-autoupdate: true
ingress:
- hostname: "cftest.${DNS_SHORT}"
service: hello_world
- hostname: "home.${DNS_SHORT}"
service: https://ingress-nginx-controller.ingress.svc.cluster.local:443
originRequest:
originServerName: "https://ingress.${DNS_SHORT}"
- hostname: "home-cluster.${DNS_MAIN}"
service: https://ingress-nginx-controller.ingress.svc.cluster.local:443
originRequest:
originServerName: "https://ingress.${DNS_MAIN}"
- service: http_status:200

9
kube/3-deploy/1-core/05-ingress/cloudflare/tunnel/secret.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Secret
metadata:
name: cloudflared-credentials
namespace: cloudflare
stringData:
credentials.json: |-
${SECRET_CLOUDFLARE_TUNNEL_CREDS}