feat: add external dns

2024-11-05 22:45:26 -05:00
parent 27d528e4b6
commit a7bc4001e4
3 changed files with 41 additions and 29 deletions
--- a/Architecture.md
+++ b/Architecture.md
@@ -56,6 +56,6 @@ Yay! you now have an interface, and an IP address to broadcast on :D
 op connect server create cluster --vaults cluster
 op connect token create cluster --server <Server ID> --vault cluster

-kubectl create secret generic -n 1password-system 1password-credentials  --from-literal=password="$(op read ''op://cluster/1password-credentials.json/1password-credentials.json.base64)"
-kubectl create secret generic -n 1password-system 1password-token  --from-literal password="$(op read 'op://cluster/op-token/op-token')"
+kubectl create secret generic -n 1password-system 1password-credentials  --from-literal=password="$(op read 'op://cluster/1password-credentials/password')"
+kubectl create secret generic -n 1password-system 1password-token  --from-literal password="$(op read 'op://cluster/1password-token/password')"
 ```
--- a/cluster/base/infra/external-dns.yaml
+++ b/cluster/base/infra/external-dns.yaml
@@ -1,18 +1,18 @@
-# ---
-# apiVersion: kustomize.toolkit.fluxcd.io/v1
-# kind: Kustomization
-# metadata:
-#   name: infra-external-dns
-#   namespace: flux-system
-# spec:
-#   interval: 1h0m0s
-#   path: ./infra/controllers/external-dns
-#   dependsOn:
-#   - name: infra-1password-config
-#   prune: true
-#   retryInterval: 1m0s
-#   sourceRef:
-#     kind: GitRepository
-#     name: flux-system
-#   timeout: 5m0s
-#   wait: true
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infra-external-dns
+  namespace: flux-system
+spec:
+  interval: 1h0m0s
+  path: ./infra/controllers/external-dns
+  dependsOn:
+  - name: infra-1password-config
+  prune: true
+  retryInterval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  timeout: 5m0s
+  wait: true
--- a/infra/controllers/external-dns/external-dns.yaml
+++ b/infra/controllers/external-dns/external-dns.yaml
@@ -1,4 +1,12 @@
 ---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: cloudflare-api-key
+  namespace: external-dns-system
+spec:
+  itemPath: "vaults/cluster/items/cloudflare-token"
+---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
@@ -8,7 +16,7 @@ spec:
  interval: 15m0s
  url: https://kubernetes-sigs.github.io/external-dns/
 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: external-dns
@@ -17,16 +25,20 @@ spec:
  chart:
    spec:
      chart: external-dns
-      version: 1.15.0
+      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
-        name: external-dns
-        namespace: external-dns-system
-  interval: 15m
+        name: external-dns-repo
+      version: 1.15.0
+  interval: 1m
  timeout: 5m
-  releaseName: external-dns
  values:
-    crd:
-      create: true
-    sources:
+    provider:
+      name: cloudflare
+    env:
+      - name: CF_API_TOKEN
+        valueFrom:
+          secretKeyRef:
+            name: cloudflare-token
+            key: password