diff --git a/Architecture.md b/Architecture.md index 6276a24..fb22a3e 100644 --- a/Architecture.md +++ b/Architecture.md @@ -56,6 +56,6 @@ Yay! you now have an interface, and an IP address to broadcast on :D op connect server create cluster --vaults cluster op connect token create cluster --server --vault cluster -kubectl create secret generic -n 1password-system 1password-credentials --from-literal=password="$(op read ''op://cluster/1password-credentials.json/1password-credentials.json.base64)" -kubectl create secret generic -n 1password-system 1password-token --from-literal password="$(op read 'op://cluster/op-token/op-token')" +kubectl create secret generic -n 1password-system 1password-credentials --from-literal=password="$(op read 'op://cluster/1password-credentials/password')" +kubectl create secret generic -n 1password-system 1password-token --from-literal password="$(op read 'op://cluster/1password-token/password')" ``` diff --git a/cluster/base/infra/external-dns.yaml b/cluster/base/infra/external-dns.yaml index 0f95c59..9737e9c 100644 --- a/cluster/base/infra/external-dns.yaml +++ b/cluster/base/infra/external-dns.yaml @@ -1,18 +1,18 @@ -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1 -# kind: Kustomization -# metadata: -# name: infra-external-dns -# namespace: flux-system -# spec: -# interval: 1h0m0s -# path: ./infra/controllers/external-dns -# dependsOn: -# - name: infra-1password-config -# prune: true -# retryInterval: 1m0s -# sourceRef: -# kind: GitRepository -# name: flux-system -# timeout: 5m0s -# wait: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: infra-external-dns + namespace: flux-system +spec: + interval: 1h0m0s + path: ./infra/controllers/external-dns + dependsOn: + - name: infra-1password-config + prune: true + retryInterval: 1m0s + sourceRef: + kind: GitRepository + name: flux-system + timeout: 5m0s + wait: true diff --git a/infra/controllers/external-dns/external-dns.yaml b/infra/controllers/external-dns/external-dns.yaml index 7066880..514a7c5 100644 --- a/infra/controllers/external-dns/external-dns.yaml +++ b/infra/controllers/external-dns/external-dns.yaml @@ -1,4 +1,12 @@ --- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: cloudflare-api-key + namespace: external-dns-system +spec: + itemPath: "vaults/cluster/items/cloudflare-token" +--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: @@ -8,7 +16,7 @@ spec: interval: 15m0s url: https://kubernetes-sigs.github.io/external-dns/ --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: external-dns @@ -17,16 +25,20 @@ spec: chart: spec: chart: external-dns - version: 1.15.0 + reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository - name: external-dns - namespace: external-dns-system - interval: 15m + name: external-dns-repo + version: 1.15.0 + interval: 1m timeout: 5m - releaseName: external-dns values: - crd: - create: true - sources: + provider: + name: cloudflare + env: + - name: CF_API_TOKEN + valueFrom: + secretKeyRef: + name: cloudflare-token + key: password