From 0142c8b0911d02f15ddc443e8e25aeb12de12dbf Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sun, 14 Jan 2024 23:08:53 -0600 Subject: [PATCH] Adding internal dns via bind. --- .../app/jahanson-tech/externalsecret.yaml | 22 ++++++ .../app/jahanson-tech/helmrelease.yaml | 79 +++++++++++++++++++ .../app/jahanson-tech/kustomization.yaml | 7 ++ kubernetes/apps/network/external-dns/ks.yaml | 19 +++++ 4 files changed, 127 insertions(+) create mode 100644 kubernetes/apps/network/external-dns/app/jahanson-tech/externalsecret.yaml create mode 100644 kubernetes/apps/network/external-dns/app/jahanson-tech/helmrelease.yaml create mode 100644 kubernetes/apps/network/external-dns/app/jahanson-tech/kustomization.yaml diff --git a/kubernetes/apps/network/external-dns/app/jahanson-tech/externalsecret.yaml b/kubernetes/apps/network/external-dns/app/jahanson-tech/externalsecret.yaml new file mode 100644 index 00000000..1de9282f --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/jahanson-tech/externalsecret.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: externaldns-internal +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: externaldns-internal-secrets + creationPolicy: Owner + data: + - secretKey: bind_rndc_algorithm + remoteRef: + key: bind + property: externaldns_algorithm + - secretKey: bind_rndc_secret + remoteRef: + key: bind + property: externaldns_secret diff --git a/kubernetes/apps/network/external-dns/app/jahanson-tech/helmrelease.yaml b/kubernetes/apps/network/external-dns/app/jahanson-tech/helmrelease.yaml new file mode 100644 index 00000000..3fb3df06 --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/jahanson-tech/helmrelease.yaml @@ -0,0 +1,79 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: &name externaldns-jahanson-tech +spec: + interval: 30m + chart: + spec: + chart: external-dns + version: 1.14.1 + sourceRef: + kind: HelmRepository + name: kubernetes-sigs-external-dns + namespace: flux-system + interval: 30m + + values: + fullnameOverride: *name + + domainFilters: + - jahanson.tech + + env: + - name: EXTERNAL_DNS_RFC2136_HOST + value: "10.5.0.3" + - name: EXTERNAL_DNS_RFC2136_PORT + value: "53" + - name: EXTERNAL_DNS_RFC2136_ZONE + value: "jahanson.tech" + - name: EXTERNAL_DNS_RFC2136_TSIG_AXFR + value: "true" + - name: EXTERNAL_DNS_RFC2136_TSIG_KEYNAME + value: externaldns + - name: EXTERNAL_DNS_RFC2136_TSIG_SECRET_ALG + valueFrom: + secretKeyRef: + name: externaldns-internal-secrets + key: bind_rndc_algorithm + - name: EXTERNAL_DNS_RFC2136_TSIG_SECRET + valueFrom: + secretKeyRef: + name: externaldns-internal-secrets + key: bind_rndc_secret + + podAnnotations: + secret.reloader.stakater.com/reload: externaldns-internal-secrets + + policy: sync + provider: rfc2136 + + resources: + requests: + cpu: 16m + memory: 90M + limits: + memory: 90M + + serviceMonitor: + enabled: true + + sources: + - ingress + - service + + txtPrefix: "k8s." + + postRenderers: + - kustomize: + patches: + - target: + version: v1 + kind: Deployment + name: *name + patch: | + - op: add + path: /spec/template/spec/enableServiceLinks + value: false diff --git a/kubernetes/apps/network/external-dns/app/jahanson-tech/kustomization.yaml b/kubernetes/apps/network/external-dns/app/jahanson-tech/kustomization.yaml new file mode 100644 index 00000000..a530998c --- /dev/null +++ b/kubernetes/apps/network/external-dns/app/jahanson-tech/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./externalsecret.yaml diff --git a/kubernetes/apps/network/external-dns/ks.yaml b/kubernetes/apps/network/external-dns/ks.yaml index 05000b69..aea45d41 100644 --- a/kubernetes/apps/network/external-dns/ks.yaml +++ b/kubernetes/apps/network/external-dns/ks.yaml @@ -21,6 +21,25 @@ spec: # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization +metadata: + name: cluster-apps-externaldns-jahanson-tech + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + interval: 10m + path: "./kubernetes/apps/network/external-dns/app/jahanson-tech" + prune: true + sourceRef: + kind: GitRepository + name: homelab + wait: true + dependsOn: + - name: cluster-apps-external-secrets-stores +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization metadata: name: &appname externaldns-shared namespace: flux-system