scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-31 09:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(network): add cloudflared

Browse Source 
encrypted tunnel to cloudflare
This commit is contained in:
Vegard Hagen
2024-07-15 14:31:51 +02:00
parent f65eb23cc5
commit 127290d99b
6 changed files with 37 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
remodel/k8s/apps/media/arr/kustomization.yaml
View File

@@ -8,5 +8,5 @@ configMapGenerator:
- TZ="Europe/Oslo" - TZ="Europe/Oslo"
resources: resources:
- pvc.yaml - sonarr/pvc.yaml
- deployment.yaml - sonarr/deployment.yaml

15
remodel/k8s/apps/media/arr/sonarr/deployment.yaml
View File

@@ -19,8 +19,7 @@ spec:
app: sonarr app: sonarr
spec: spec:
nodeSelector: nodeSelector:
kubernetes.io/hostname: ctrl-02 topology.kubernetes.io/zone: cantor
#topology.kubernetes.io/zone: cantor
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65534 runAsUser: 65534
@@ -31,7 +30,7 @@ spec:
type: RuntimeDefault type: RuntimeDefault
containers: containers:
- name: sonarr - name: sonarr
image: ghcr.io/onedr0p/sonarr:4.0.6 image: ghcr.io/onedr0p/sonarr:4.0.7
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
@@ -46,8 +45,8 @@ spec:
volumeMounts: volumeMounts:
- name: sonarr-config - name: sonarr-config
mountPath: /config mountPath: /config
- name: backup - name: tmp
mountPath: /backup mountPath: /tmp
- name: data - name: data
mountPath: /app/data mountPath: /app/data
resources: resources:
@@ -61,11 +60,9 @@ spec:
- name: sonarr-config - name: sonarr-config
persistentVolumeClaim: persistentVolumeClaim:
claimName: sonarr-config claimName: sonarr-config
- name: tmp
emptyDir: { }
- name: data - name: data
nfs: nfs:
server: 192.168.1.55 server: 192.168.1.55
path: /mnt/pool-0/data path: /mnt/pool-0/data
- name: backup
nfs:
server: 192.168.1.55
path: /mnt/pool-0/backup

7
remodel/k8s/infra/network/cloudflared/daemon-set.yaml
View File

@@ -1,12 +1,11 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: DaemonSet
metadata: metadata:
labels: labels:
app: cloudflared app: cloudflared
name: cloudflared name: cloudflared
namespace: cloudflared namespace: cloudflared
spec: spec:
replicas: 1
selector: selector:
matchLabels: matchLabels:
app: cloudflared app: cloudflared
@@ -17,8 +16,8 @@ spec:
spec: spec:
containers: containers:
- name: cloudflared - name: cloudflared
image: cloudflare/cloudflared:2024.2.1 image: cloudflare/cloudflared:2024.6.1
imagePullPolicy: Always imagePullPolicy: IfNotPresent
args: args:
- tunnel - tunnel
- --config - --config

2
remodel/k8s/infra/network/cloudflared/kustomization.yaml
View File

@@ -10,4 +10,4 @@ configMapGenerator:
resources: resources:
- ns.yaml - ns.yaml
- tunnel-credentials.yaml - tunnel-credentials.yaml
- deployment.yaml - daemon-set.yaml

5
remodel/k8s/infra/network/cloudflared/tunnel-credentials.yaml
View File

@@ -1,15 +1,12 @@
---
apiVersion: bitnami.com/v1alpha1 apiVersion: bitnami.com/v1alpha1
kind: SealedSecret kind: SealedSecret
metadata: metadata:
creationTimestamp: null
name: tunnel-credentials name: tunnel-credentials
namespace: cloudflared namespace: cloudflared
spec: spec:
encryptedData: encryptedData:
credentials.json: AgDa8Wgyu4nbMyc55U6kOOvDTpL6LT7wPM1T+JKgjBtO+IRplYpIW5wwaWGqQF8tj47CHLhDyEiNyk9Srk9IgDTNKOYOjyCUFj/vt/s5hiKFsFQdGiKrqXQB4WwH2P02pPUacJOzOhbtOltCRTYtUlmvikSM4XzeYOoS1i1ikb9TvFPeKQ6o8LqViDUv+s4xAr/TX6j+7DJge5/BgKNI6ntR93sN1aTerSUl1opNVhMOsfPz5WvAjuhNh1c4V1xTzk/xc9nq0uJ9MHD2O9o68vwBDwNystp4vOz4l/X1pi1ZsM4QQkmdX7LIH4fDdzPSf1f5SfDd5ssHmAGXkzGQtJfFCwAcFl0vm/0f2a3Ema6+jCibkuL0DKGh3ca+wjAJFxH7T1mqSP84djC54CqyR5cPXBzM29vWqSJG802YXf0J0pT78/3NW6chD9cQNiqQh4cslqc11Ye7VOkt4b5FWXLczcl9qqtpBmBIdmKmokO81vEGtt/P2rMeX02cQg500pW/WO+MrLq8LanKiJZuJfy1YSNO7hzeSLbN6O/Tkvl7GKV7h08sCDUJFwlFc8DrX8YfYdFSzL8rRzg5pMg434ECPxNnYN2EKAF0re4PeY3RvKiRkZxZ3KZMMX3EpiR+5joLBUeDGMbCfTFt8gVhaHZDBO69b+WrDtAYuIgM74qCPz3j30ToYAI1H0vprAI0NghnDb/IgF0m/ASlvQ0dqR/Y+OHZggLJI0hvu/MVYnwvJmUHK4NUl3V4BPg9SZp4bCZM0NF5QIZZBmG+DfSlrAMBWBbYZRfRSIoo/vfxblk8E9YKa2RMusiVep0Gs4FKDF4kG1YBK+u3XV/8ot7lih/EHKMk2DgczoQnqlCMbZzY4vKfaSVpmv66lbcVk7PXZIDrTdPef89C3VcJxA5kjmVW5w== credentials.json: AgA3ZMK+kWB01TF5P9YSKFRPlOE24HQxCg5zSc7XZyB8hAn4inxHNqG6lH6A4SCzDylzNH2NMkpIxd3ihCdeV/4h/dJktqHKNbcabezrwKuM3i1Vv7891IHtFWj7tEcKpp4e1GTiRoBqV5XbGJCllo3ewTpq5ZEDolz6UgicAkBy9ttWAuMVZQSG9C/3HkDy2okLAAswltR9r5lppGSMQ4hZ8RIdHQSfaSeOyF67mch6kKAH+m0kmAmSLEghBWDFzYc4MxlPSzd3tuzWtsFc213m3mMjAbHZMeRXpHZLXqoZQ6mgFt8rT4RYxth7LL6Dd/OzN1RoSF8ULnWgBOlYHL+1JvOlSUTnnsgA/5M7l3xXAcGwrTPS1IxyR+Jv+PbeT/SFE1mQA5DRlf65waHdeyLZRXS7VplvtAs1IWOKZQkpA1dv9RPf79UDT5NSlz5jCzkMZnu/5thi/ADvgJ26iHl/04U1FnN1lj9SMSGllEim1xkIRCtx01vLPMcCnolB+Ft0RxElAYIhdQmjgtiGSaCfDV70LanghAkITASqBvj3EIsQg8p+oxvjZp/K/I3ys3HLj68neiJn9BH6uNzu7/MDJIwaCIiHbjuTFatClAAhDlZWAzOuCVNuD3iJIJqFGoUCWguwaQCZeyfDen+rhidN0Fnsu953eqwucA7/kIEcCn/okKk1dhHyjHHOK90e5/xuBhZEroxjkiJIYKuXWZW0/6mU8fH4JYdiUVEB8b4WGmD76gB+wbDiLbMdTRIVNXk9iXyxlxpJYeQxgLEMob00zt4W8LJ0mRekeDytHZpcgeJDgG1og9rDSG+CxsbpFYJhLMXEjWFm+jZ5YGKdRbB2kxe7CMAI2wOlUonsZJ4dwFXUsY7Mv3nwnzYy10kLHimqoJ/CTQty3LWIzX1q6OeHqw==
template: template:
metadata: metadata:
creationTimestamp: null
name: tunnel-credentials name: tunnel-credentials
namespace: cloudflared namespace: cloudflared

24
remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/README.md
View File

@@ -15,4 +15,28 @@ curl --request POST \
--data filename=vm-9999-pv-test \ --data filename=vm-9999-pv-test \
--data size=1G \ --data size=1G \
--data format=raw --data format=raw
```
## rm state
```shell
tofu state rm "module.volumes.module.proxmox-volume[\"pv-lidarr-config\"].restapi_object.proxmox-volume"
tofu state rm "module.volumes.module.proxmox-volume[\"pv-radarr-config\"].restapi_object.proxmox-volume"
tofu state rm "module.volumes.module.proxmox-volume[\"pv-sonarr-config\"].restapi_object.proxmox-volume"
tofu state rm "module.volumes.module.proxmox-volume[\"pv-plex-config\"].restapi_object.proxmox-volume"
tofu state rm "module.volumes.module.proxmox-volume[\"pv-jellyfin-config\"].restapi_object.proxmox-volume"
tofu state rm "module.volumes.module.proxmox-volume[\"pv-qbittorrent-config\"].restapi_object.proxmox-volume"
```
## import
```shell
tofu import "module.volumes.module.proxmox-volume[\"pv-lidarr-config\"].restapi_object.proxmox-volume" /api2/json/nodes/cantor/storage/local-zfs/content/local-zfs:vm-9999-pv-lidarr-config
tofu import "module.volumes.module.proxmox-volume[\"pv-radarr-config\"].restapi_object.proxmox-volume" /api2/json/nodes/cantor/storage/local-zfs/content/local-zfs:vm-9999-pv-radarr-config
tofu import "module.volumes.module.proxmox-volume[\"pv-sonarr-config\"].restapi_object.proxmox-volume" /api2/json/nodes/cantor/storage/local-zfs/content/local-zfs:vm-9999-pv-sonarr-config
tofu import "module.volumes.module.proxmox-volume[\"pv-qbittorrent-config\"].restapi_object.proxmox-volume" /api2/json/nodes/euclid/storage/local-zfs/content/local-zfs:vm-9999-pv-qbittorrent-config
tofu import "module.volumes.module.proxmox-volume[\"pv-plex-config\"].restapi_object.proxmox-volume" /api2/json/nodes/abel/storage/local-zfs/content/local-zfs:vm-9999-pv-plex-config
tofu import "module.volumes.module.proxmox-volume[\"pv-jellyfin-config\"].restapi_object.proxmox-volume" /api2/json/nodes/abel/storage/local-zfs/content/local-zfs:vm-9999-pv-jellyfin-config
``` ```