feat(network): add cloudflared

encrypted tunnel to cloudflare
2025-10-31 09:57:59 +00:00 · 2024-07-15 14:31:51 +02:00
parent f65eb23cc5
commit 127290d99b
6 changed files with 37 additions and 20 deletions
--- a/remodel/k8s/apps/media/arr/kustomization.yaml
+++ b/remodel/k8s/apps/media/arr/kustomization.yaml
@@ -8,5 +8,5 @@ configMapGenerator:
      - TZ="Europe/Oslo"

 resources:
-  - pvc.yaml
-  - deployment.yaml
+  - sonarr/pvc.yaml
+  - sonarr/deployment.yaml
--- a/remodel/k8s/apps/media/arr/sonarr/deployment.yaml
+++ b/remodel/k8s/apps/media/arr/sonarr/deployment.yaml
@@ -19,8 +19,7 @@ spec:
        app: sonarr
    spec:
      nodeSelector:
-        kubernetes.io/hostname: ctrl-02
-        #topology.kubernetes.io/zone: cantor
+        topology.kubernetes.io/zone: cantor
      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
@@ -31,7 +30,7 @@ spec:
          type: RuntimeDefault
      containers:
        - name: sonarr
-          image: ghcr.io/onedr0p/sonarr:4.0.6
+          image: ghcr.io/onedr0p/sonarr:4.0.7
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
@@ -46,8 +45,8 @@ spec:
          volumeMounts:
            - name: sonarr-config
              mountPath: /config
-            - name: backup
-              mountPath: /backup
+            - name: tmp
+              mountPath: /tmp
            - name: data
              mountPath: /app/data
          resources:
@@ -61,11 +60,9 @@ spec:
        - name: sonarr-config
          persistentVolumeClaim:
            claimName: sonarr-config
+        - name: tmp
+          emptyDir: { }
        - name: data
          nfs:
            server: 192.168.1.55
            path: /mnt/pool-0/data
-        - name: backup
-          nfs:
-            server: 192.168.1.55
-            path: /mnt/pool-0/backup
--- a/remodel/k8s/infra/network/cloudflared/daemon-set.yaml
+++ b/remodel/k8s/infra/network/cloudflared/daemon-set.yaml
@@ -1,12 +1,11 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
  labels:
    app: cloudflared
  name: cloudflared
  namespace: cloudflared
 spec:
-  replicas: 1
  selector:
    matchLabels:
      app: cloudflared
@@ -17,8 +16,8 @@ spec:
    spec:
      containers:
        - name: cloudflared
-          image: cloudflare/cloudflared:2024.2.1
-          imagePullPolicy: Always
+          image: cloudflare/cloudflared:2024.6.1
+          imagePullPolicy: IfNotPresent
          args:
            - tunnel
            - --config
--- a/remodel/k8s/infra/network/cloudflared/kustomization.yaml
+++ b/remodel/k8s/infra/network/cloudflared/kustomization.yaml
@@ -10,4 +10,4 @@ configMapGenerator:
 resources:
  - ns.yaml
  - tunnel-credentials.yaml
-  - deployment.yaml
+  - daemon-set.yaml
--- a/remodel/k8s/infra/network/cloudflared/tunnel-credentials.yaml
+++ b/remodel/k8s/infra/network/cloudflared/tunnel-credentials.yaml
@@ -1,15 +1,12 @@
---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
  name: tunnel-credentials
  namespace: cloudflared
 spec:
  encryptedData:
-    credentials.json: AgDa8Wgyu4nbMyc55U6kOOvDTpL6LT7wPM1T+JKgjBtO+IRplYpIW5wwaWGqQF8tj47CHLhDyEiNyk9Srk9IgDTNKOYOjyCUFj/vt/s5hiKFsFQdGiKrqXQB4WwH2P02pPUacJOzOhbtOltCRTYtUlmvikSM4XzeYOoS1i1ikb9TvFPeKQ6o8LqViDUv+s4xAr/TX6j+7DJge5/BgKNI6ntR93sN1aTerSUl1opNVhMOsfPz5WvAjuhNh1c4V1xTzk/xc9nq0uJ9MHD2O9o68vwBDwNystp4vOz4l/X1pi1ZsM4QQkmdX7LIH4fDdzPSf1f5SfDd5ssHmAGXkzGQtJfFCwAcFl0vm/0f2a3Ema6+jCibkuL0DKGh3ca+wjAJFxH7T1mqSP84djC54CqyR5cPXBzM29vWqSJG802YXf0J0pT78/3NW6chD9cQNiqQh4cslqc11Ye7VOkt4b5FWXLczcl9qqtpBmBIdmKmokO81vEGtt/P2rMeX02cQg500pW/WO+MrLq8LanKiJZuJfy1YSNO7hzeSLbN6O/Tkvl7GKV7h08sCDUJFwlFc8DrX8YfYdFSzL8rRzg5pMg434ECPxNnYN2EKAF0re4PeY3RvKiRkZxZ3KZMMX3EpiR+5joLBUeDGMbCfTFt8gVhaHZDBO69b+WrDtAYuIgM74qCPz3j30ToYAI1H0vprAI0NghnDb/IgF0m/ASlvQ0dqR/Y+OHZggLJI0hvu/MVYnwvJmUHK4NUl3V4BPg9SZp4bCZM0NF5QIZZBmG+DfSlrAMBWBbYZRfRSIoo/vfxblk8E9YKa2RMusiVep0Gs4FKDF4kG1YBK+u3XV/8ot7lih/EHKMk2DgczoQnqlCMbZzY4vKfaSVpmv66lbcVk7PXZIDrTdPef89C3VcJxA5kjmVW5w==
+    credentials.json: AgA3ZMK+kWB01TF5P9YSKFRPlOE24HQxCg5zSc7XZyB8hAn4inxHNqG6lH6A4SCzDylzNH2NMkpIxd3ihCdeV/4h/dJktqHKNbcabezrwKuM3i1Vv7891IHtFWj7tEcKpp4e1GTiRoBqV5XbGJCllo3ewTpq5ZEDolz6UgicAkBy9ttWAuMVZQSG9C/3HkDy2okLAAswltR9r5lppGSMQ4hZ8RIdHQSfaSeOyF67mch6kKAH+m0kmAmSLEghBWDFzYc4MxlPSzd3tuzWtsFc213m3mMjAbHZMeRXpHZLXqoZQ6mgFt8rT4RYxth7LL6Dd/OzN1RoSF8ULnWgBOlYHL+1JvOlSUTnnsgA/5M7l3xXAcGwrTPS1IxyR+Jv+PbeT/SFE1mQA5DRlf65waHdeyLZRXS7VplvtAs1IWOKZQkpA1dv9RPf79UDT5NSlz5jCzkMZnu/5thi/ADvgJ26iHl/04U1FnN1lj9SMSGllEim1xkIRCtx01vLPMcCnolB+Ft0RxElAYIhdQmjgtiGSaCfDV70LanghAkITASqBvj3EIsQg8p+oxvjZp/K/I3ys3HLj68neiJn9BH6uNzu7/MDJIwaCIiHbjuTFatClAAhDlZWAzOuCVNuD3iJIJqFGoUCWguwaQCZeyfDen+rhidN0Fnsu953eqwucA7/kIEcCn/okKk1dhHyjHHOK90e5/xuBhZEroxjkiJIYKuXWZW0/6mU8fH4JYdiUVEB8b4WGmD76gB+wbDiLbMdTRIVNXk9iXyxlxpJYeQxgLEMob00zt4W8LJ0mRekeDytHZpcgeJDgG1og9rDSG+CxsbpFYJhLMXEjWFm+jZ5YGKdRbB2kxe7CMAI2wOlUonsZJ4dwFXUsY7Mv3nwnzYy10kLHimqoJ/CTQty3LWIzX1q6OeHqw==
  template:
    metadata:
-      creationTimestamp: null
      name: tunnel-credentials
      namespace: cloudflared
--- a/remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/README.md
+++ b/remodel/tofu/kubernetes/bootstrap/volumes/proxmox-volume/README.md
@@ -15,4 +15,28 @@ curl --request POST \
  --data filename=vm-9999-pv-test \
  --data size=1G \
  --data format=raw
+```
+
+## rm state
+
+```shell
+tofu state rm "module.volumes.module.proxmox-volume[\"pv-lidarr-config\"].restapi_object.proxmox-volume" 
+tofu state rm "module.volumes.module.proxmox-volume[\"pv-radarr-config\"].restapi_object.proxmox-volume" 
+tofu state rm "module.volumes.module.proxmox-volume[\"pv-sonarr-config\"].restapi_object.proxmox-volume" 
+tofu state rm "module.volumes.module.proxmox-volume[\"pv-plex-config\"].restapi_object.proxmox-volume" 
+tofu state rm "module.volumes.module.proxmox-volume[\"pv-jellyfin-config\"].restapi_object.proxmox-volume" 
+tofu state rm "module.volumes.module.proxmox-volume[\"pv-qbittorrent-config\"].restapi_object.proxmox-volume" 
+```
+
+## import
+
+```shell
+tofu import "module.volumes.module.proxmox-volume[\"pv-lidarr-config\"].restapi_object.proxmox-volume" /api2/json/nodes/cantor/storage/local-zfs/content/local-zfs:vm-9999-pv-lidarr-config
+tofu import "module.volumes.module.proxmox-volume[\"pv-radarr-config\"].restapi_object.proxmox-volume" /api2/json/nodes/cantor/storage/local-zfs/content/local-zfs:vm-9999-pv-radarr-config
+tofu import "module.volumes.module.proxmox-volume[\"pv-sonarr-config\"].restapi_object.proxmox-volume" /api2/json/nodes/cantor/storage/local-zfs/content/local-zfs:vm-9999-pv-sonarr-config
+
+tofu import "module.volumes.module.proxmox-volume[\"pv-qbittorrent-config\"].restapi_object.proxmox-volume" /api2/json/nodes/euclid/storage/local-zfs/content/local-zfs:vm-9999-pv-qbittorrent-config
+ 
+tofu import "module.volumes.module.proxmox-volume[\"pv-plex-config\"].restapi_object.proxmox-volume" /api2/json/nodes/abel/storage/local-zfs/content/local-zfs:vm-9999-pv-plex-config
+tofu import "module.volumes.module.proxmox-volume[\"pv-jellyfin-config\"].restapi_object.proxmox-volume" /api2/json/nodes/abel/storage/local-zfs/content/local-zfs:vm-9999-pv-jellyfin-config
 ```