wip(cloudflared): Configuring cloudflared for tunneling

infra/cloudflared/config-map.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloudflared
+data:
+  config.yaml: |
+    metrics: 0.0.0.0:2000
+    no-autoupdate: true

infra/cloudflared/deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cloudflared
+  namespace: cloudflared
+spec:
+  selector:
+    matchLabels:
+      app: cloudflared
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: cloudflared
+    spec:
+      containers:
+        - name: cloudflared
+          image: cloudflare/cloudflared:latest
+          args:
+            - tunnel
+            - --config
+            - /etc/cloudflared/config/config.yaml
+            - run
+          livenessProbe:
+            httpGet:
+              path: /ready
+              port: 2000
+            failureThreshold: 1
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          env:
+            - name: TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: tunnel-token
+                  name: tunnel-token
+          volumeMounts:
+            - name: config
+              mountPath: /etc/cloudflared/config
+              readOnly: true
+      volumes:
+        - name: config
+          configMap:
+            name: cloudflared
+            items:
+              - key: config.yaml
+                path: config.yaml
+        - name: tunnel-token
+          secret:
+            secretName: tunnel-token

infra/cloudflared/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cloudflared
+
+resources:
+  - namespace.yaml
+  - config-map.yaml
+  - tunnel-token.yaml
+#  - deployment.yaml

infra/cloudflared/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cloudflared

infra/cloudflared/tunnel-token.yaml

@@ -0,0 +1,12 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: tunnel-token
+  namespace: cloudflared
+spec:
+  encryptedData:
+    tunnel-token: AgCD0EVPfDDgsUEm4GyjGbC1WtpwPHHZpMF2KuonW5fXWWQMM4ju/0sZT7hMdi4SP8oGjRKQ/l844i3F/dlWzOoKZHXxH8QjMoHUjFWzPW50Kk+U7bplwNAZylvz2Ng9jCujgQUEXSeOTwM9Zc5ssBzS0DpiNkXxy4aNroCFScW6w8WcGCxGyHUXB4iy0QP6XGDLbElJryhqqOrPoS9BlTvycSKShYGD+9dNyw4ZyLvfGX14ijZgRWR6imCUwirm8teMMu2hlyNVfhO/quBtfA86GQGYivTrofR+yTN++4t5FBmJ87HqkkW/E1gGG5x8G1EI5VYggs2jTXXPgH3ckw+fKA7vgTHTzbEVjPKW1Tn+W85CWOqfLnQbxvqqhahNwZ96GX2KAgfNbqdLpeBJvvG6Li7esluxkOW6hrWLlaoPtz4E4de2LtKv4tsXkZhqtpAIPRca/cZVNxiYD2+NPx7dliKbV07CUhqn5v9G9+nq7N4nena+KFJDOwgRwDk4KVnBL/ssk+45oUY70UZ7Y/iSKj25BMVPLO3eMVUxAlY27Ec0MNL0TXfy1mm3X2vyyA3mnhDnZrXMbPWeNPijsID2fzH7vZeRuEef6O7kNzvWqgZGNbeOgtQY0T2b3iTdSOdCz/q+Sj4OXZBXyjKcNLQH5iV2nOVdc+JAiX0IWc16taOPfk7JvNMoHzk5puRPacQEn91ZAwSngb8f0PkLfHqy0hWeb06OzuLvy+VE0M75vUINuSAGa3l1iXvI8oD2UNq1THFyW+JDYi+sxhaLuoCLhKBKt2CKsQ2hfCVKzyjInD7BcTIQjHKJRJu1tOp5qiAcWDr7ojP06Y4qMHCF7a/9Qdzv8EtN5nKRL4PmSmyeTuD5L8gl7PnROXG8e6gny5oJL/QeOwqk/mHpIJIxib+ZQAJM0LYMFGR/hw7Tpxhgen4ahKKVm60f
+  template:
+    metadata:
+      name: tunnel-token
+      namespace: cloudflared

infra/project.yaml

@@ -14,6 +14,8 @@ spec:
       server: '*'
     - namespace: 'cert-manager'
       server: '*'
+    - namespace: 'cloudflared'
+      server: '*'
     - namespace: 'kubernetes-dashboard'
       server: '*'
     - namespace: 'metallb-system'