diff options
| author | Xe Iaso <me@xeiaso.net> | 2024-11-03 10:26:36 -0500 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2024-11-03 10:26:36 -0500 |
| commit | e2cc4812dcb0018fce7a72174ca3650cbad4ebdd (patch) | |
| tree | b2cfd1c9198bee5e40a34b7c2703d91f2b23833a | |
| parent | 4425f342319060c018a407795c8ee9354dc7fef2 (diff) | |
| download | x-e2cc4812dcb0018fce7a72174ca3650cbad4ebdd.tar.xz x-e2cc4812dcb0018fce7a72174ca3650cbad4ebdd.zip | |
kube: add rhadamanthus config
Signed-off-by: Xe Iaso <me@xeiaso.net>
21 files changed, 320 insertions, 64 deletions
diff --git a/kube/alrest/x/kustomization.yaml b/kube/alrest/x/kustomization.yaml index f96c099..4cca6c0 100644 --- a/kube/alrest/x/kustomization.yaml +++ b/kube/alrest/x/kustomization.yaml @@ -5,6 +5,5 @@ resources: - mi - mimi - sapientwindex - - stealthmountain - todayinmarch2020 - within.website
\ No newline at end of file diff --git a/kube/alrest/x/stealthmountain/1password.yaml b/kube/alrest/x/stealthmountain/1password.yaml deleted file mode 100644 index 4f1827e..0000000 --- a/kube/alrest/x/stealthmountain/1password.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: bsky-stealth-mountain - labels: - app: stealthmountain -spec: - itemPath: "vaults/Kubernetes/items/Stealth Mountain Creds"
\ No newline at end of file diff --git a/kube/alrest/x/stealthmountain/bluesky-handle.yaml b/kube/alrest/x/stealthmountain/bluesky-handle.yaml deleted file mode 100644 index 51f1d74..0000000 --- a/kube/alrest/x/stealthmountain/bluesky-handle.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: stealth-mountain-handle - namespace: default -spec: - endpoints: - - dnsName: _atproto.stealthmountain.xeiaso.net - recordTTL: 3600 - recordType: TXT - targets: - - did=did:plc:bbs7dzqarrvqdkt74wj6xblj
\ No newline at end of file diff --git a/kube/alrest/x/stealthmountain/deployment.yaml b/kube/alrest/x/stealthmountain/deployment.yaml deleted file mode 100644 index 5de4a46..0000000 --- a/kube/alrest/x/stealthmountain/deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: stealthmountain -spec: - selector: - matchLabels: - app: stealthmountain - template: - metadata: - labels: - app: stealthmountain - spec: - containers: - - name: stealthmountain - image: ghcr.io/xe/x/stealthmountain - imagePullPolicy: Always - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - resources: - limits: - memory: "512Mi" - cpu: "500m" - requests: - memory: "256Mi" - cpu: "250m" - env: - - name: "NATS_URL" - value: "nats://nats.future-sight.svc.alrest.xeserv.us:4222" - envFrom: - - secretRef: - name: bsky-stealth-mountain diff --git a/kube/alrest/x/stealthmountain/kustomization.yaml b/kube/alrest/x/stealthmountain/kustomization.yaml deleted file mode 100644 index 8d2d2c7..0000000 --- a/kube/alrest/x/stealthmountain/kustomization.yaml +++ /dev/null @@ -1,3 +0,0 @@ -resources: - - 1password.yaml - - deployment.yaml
\ No newline at end of file diff --git a/kube/rhadamanthus/core/cert-manager/1password.yaml b/kube/rhadamanthus/core/cert-manager/1password.yaml new file mode 100644 index 0000000..d1ef67c --- /dev/null +++ b/kube/rhadamanthus/core/cert-manager/1password.yaml @@ -0,0 +1,7 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: aws-creds + namespace: cert-manager +spec: + itemPath: "vaults/lc5zo4zjz3if3mkeuhufjmgmui/items/3xn7uf73xnzholrfk6tla5rhpa"
\ No newline at end of file diff --git a/kube/rhadamanthus/core/cert-manager/kustomization.yaml b/kube/rhadamanthus/core/cert-manager/kustomization.yaml new file mode 100644 index 0000000..4913180 --- /dev/null +++ b/kube/rhadamanthus/core/cert-manager/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: cert-manager +resources: + - 1password.yaml + - prod-issuer.yaml + - staging-issuer.yaml
\ No newline at end of file diff --git a/kube/rhadamanthus/core/cert-manager/prod-issuer.yaml b/kube/rhadamanthus/core/cert-manager/prod-issuer.yaml new file mode 100644 index 0000000..29572f5 --- /dev/null +++ b/kube/rhadamanthus/core/cert-manager/prod-issuer.yaml @@ -0,0 +1,24 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: me@xeiaso.net + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-prod + # Enable the HTTP-01 challenge provider + solvers: + - dns01: + route53: + region: ca-central-1 + accessKeyIDSecretRef: + name: aws-creds + key: AWS_ACCESS_KEY_ID + secretAccessKeySecretRef: + name: aws-creds + key: AWS_SECRET_ACCESS_KEY
\ No newline at end of file diff --git a/kube/rhadamanthus/core/cert-manager/staging-issuer.yaml b/kube/rhadamanthus/core/cert-manager/staging-issuer.yaml new file mode 100644 index 0000000..6d015ac --- /dev/null +++ b/kube/rhadamanthus/core/cert-manager/staging-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + # You must replace this email address with your own. + # Let's Encrypt will use this to contact you about expiring + # certificates, and issues related to your account. + email: me@xeiaso.net + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + # Secret resource that will be used to store the account's private key. + name: letsencrypt-staging-acme-key + solvers: + - http01: + ingress: + ingressClassName: nginx
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/1password.yaml b/kube/rhadamanthus/core/external-dns/1password.yaml new file mode 100644 index 0000000..ead83ea --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/1password.yaml @@ -0,0 +1,7 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: aws-creds + namespace: external-dns +spec: + itemPath: "vaults/lc5zo4zjz3if3mkeuhufjmgmui/items/3xn7uf73xnzholrfk6tla5rhpa"
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/clusterrole.yaml b/kube/rhadamanthus/core/external-dns/clusterrole.yaml new file mode 100644 index 0000000..d0278b3 --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/clusterrole.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: +- apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] +- apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["list"] +- apiGroups: ["externaldns.k8s.io"] + resources: ["dnsendpoints"] + verbs: ["get","watch","list"] +- apiGroups: ["externaldns.k8s.io"] + resources: ["dnsendpoints/status"] + verbs: ["*"]
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/clusterrolebinding.yaml b/kube/rhadamanthus/core/external-dns/clusterrolebinding.yaml new file mode 100644 index 0000000..186feec --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: +- kind: ServiceAccount + name: external-dns + namespace: external-dns
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/crd.yaml b/kube/rhadamanthus/core/external-dns/crd.yaml new file mode 100644 index 0000000..822cd85 --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/crd.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: dnsendpoints.externaldns.k8s.io + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/external-dns/pull/2007 +spec: + group: externaldns.k8s.io + names: + kind: DNSEndpoint + listKind: DNSEndpointList + plural: dnsendpoints + singular: dnsendpoint + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DNSEndpointSpec defines the desired state of DNSEndpoint + properties: + endpoints: + items: + description: + Endpoint is a high-level way of a connection between + a service and an IP + properties: + dnsName: + description: The hostname of the DNS record + type: string + labels: + additionalProperties: + type: string + description: Labels stores labels defined for the Endpoint + type: object + providerSpecific: + description: ProviderSpecific stores provider specific config + items: + description: + ProviderSpecificProperty holds the name and value + of a configuration which is specific to individual DNS providers + properties: + name: + type: string + value: + type: string + type: object + type: array + recordTTL: + description: TTL for the record + format: int64 + type: integer + recordType: + description: + RecordType type of record, e.g. CNAME, A, AAAA, + SRV, TXT etc + type: string + setIdentifier: + description: + Identifier to distinguish multiple records with + the same name and type (e.g. Route53 records with routing + policies other than 'simple') + type: string + targets: + description: The targets the DNS record points to + items: + type: string + type: array + type: object + type: array + type: object + status: + description: DNSEndpointStatus defines the observed state of DNSEndpoint + properties: + observedGeneration: + description: The generation observed by the external-dns controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/kube/rhadamanthus/core/external-dns/deployment-crd.yaml b/kube/rhadamanthus/core/external-dns/deployment-crd.yaml new file mode 100644 index 0000000..9eee657 --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/deployment-crd.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns-crd + namespace: external-dns +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: external-dns-crd + template: + metadata: + labels: + app: external-dns-crd + spec: + serviceAccountName: external-dns + containers: + - name: crd + image: registry.k8s.io/external-dns/external-dns:v0.15.0 + args: + - --source=crd # ingress is also possible + - --crd-source-apiversion=externaldns.k8s.io/v1alpha1 + - --crd-source-kind=DNSEndpoint + - --provider=aws + - --registry=dynamodb + - --dynamodb-region=ca-central-1 + - --dynamodb-table=external-dns-crd-rhadamanthus + env: + - name: AWS_REGION + value: us-east-1 + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_SECRET_ACCESS_KEY
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/deployment-ingress.yaml b/kube/rhadamanthus/core/external-dns/deployment-ingress.yaml new file mode 100644 index 0000000..b18093e --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/deployment-ingress.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns-ingress + namespace: external-dns +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: external-dns-ingress + template: + metadata: + labels: + app: external-dns-ingress + spec: + serviceAccountName: external-dns + containers: + - name: ingress + image: registry.k8s.io/external-dns/external-dns:v0.15.0 + args: + - --source=ingress + - --default-targets=rhadamanthus.xeserv.us + - --provider=aws + - --registry=dynamodb + - --dynamodb-region=ca-central-1 + - --dynamodb-table=external-dns-ingress-rhadamanthus + env: + - name: AWS_REGION + value: us-east-1 + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_SECRET_ACCESS_KEY
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/kustomization.yaml b/kube/rhadamanthus/core/external-dns/kustomization.yaml new file mode 100644 index 0000000..24c984d --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/kustomization.yaml @@ -0,0 +1,10 @@ +namespace: external-dns +resources: + - 1password.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - crd.yaml + - deployment-crd.yaml + - deployment-ingress.yaml + - namespace.yaml + - serviceaccount.yaml
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/namespace.yaml b/kube/rhadamanthus/core/external-dns/namespace.yaml new file mode 100644 index 0000000..027e0af --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns + annotations: + operator.1password.io/auto-restart: "true"
\ No newline at end of file diff --git a/kube/rhadamanthus/core/external-dns/serviceaccount.yaml b/kube/rhadamanthus/core/external-dns/serviceaccount.yaml new file mode 100644 index 0000000..479610c --- /dev/null +++ b/kube/rhadamanthus/core/external-dns/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: external-dns
\ No newline at end of file diff --git a/kube/rhadamanthus/core/kustomization.yaml b/kube/rhadamanthus/core/kustomization.yaml new file mode 100644 index 0000000..85b09da --- /dev/null +++ b/kube/rhadamanthus/core/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- cert-manager +- external-dns +- load-balancer-dns.yaml
\ No newline at end of file diff --git a/kube/rhadamanthus/core/load-balancer-dns.yaml b/kube/rhadamanthus/core/load-balancer-dns.yaml new file mode 100644 index 0000000..a7bc794 --- /dev/null +++ b/kube/rhadamanthus/core/load-balancer-dns.yaml @@ -0,0 +1,16 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: load-balancer-dns +spec: + endpoints: + - dnsName: rhadamanthus.xeserv.us + recordTTL: 3600 + recordType: A + targets: + - 149.248.57.25 + - dnsName: rhadamanthus.xeserv.us + recordTTL: 3600 + recordType: AAAA + targets: + - 2001:19f0:b002:113f:ffff:ffff:ffff:ffff
\ No newline at end of file diff --git a/kube/rhadamanthus/kustomization.yaml b/kube/rhadamanthus/kustomization.yaml new file mode 100644 index 0000000..1f70efe --- /dev/null +++ b/kube/rhadamanthus/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- core +#- x
\ No newline at end of file |