From a0805ddca4d6e9b7b51ebe6baf7e3b597b0e3311 Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Fri, 24 May 2024 19:43:43 -0400 Subject: [PATCH] fix: deploy unifi exdns webhook to storage cluster Signed-off-by: Devin Buhl --- .../external-dns/unifi/helmrelease.yaml | 2 +- .../storage/apps/network/external-dns/ks.yaml | 23 +++++++ .../external-dns/unifi/externalsecret.yaml | 20 ++++++ .../external-dns/unifi/helmrelease.yaml | 62 +++++++++++++++++++ .../external-dns/unifi/kustomization.yaml | 7 +++ 5 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 kubernetes/storage/apps/network/external-dns/unifi/externalsecret.yaml create mode 100644 kubernetes/storage/apps/network/external-dns/unifi/helmrelease.yaml create mode 100644 kubernetes/storage/apps/network/external-dns/unifi/kustomization.yaml diff --git a/kubernetes/main/apps/network/external-dns/unifi/helmrelease.yaml b/kubernetes/main/apps/network/external-dns/unifi/helmrelease.yaml index 1bb3692bcc18..4a3cafaa4cc2 100644 --- a/kubernetes/main/apps/network/external-dns/unifi/helmrelease.yaml +++ b/kubernetes/main/apps/network/external-dns/unifi/helmrelease.yaml @@ -55,7 +55,7 @@ spec: txtOwnerId: default txtPrefix: k8s. domainFilters: ["devbu.io"] - excludeDomains: ["internal"] + excludeDomains: ["internal", "turbo.ac"] serviceMonitor: enabled: true podAnnotations: diff --git a/kubernetes/storage/apps/network/external-dns/ks.yaml b/kubernetes/storage/apps/network/external-dns/ks.yaml index 63c3800dda0a..64d5f2efbfac 100644 --- a/kubernetes/storage/apps/network/external-dns/ks.yaml +++ b/kubernetes/storage/apps/network/external-dns/ks.yaml @@ -21,3 +21,26 @@ spec: interval: 30m retryInterval: 1m timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app external-dns-unifi + namespace: flux-system +spec: + targetNamespace: network + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + path: ./kubernetes/storage/apps/network/external-dns/unifi + prune: false + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/storage/apps/network/external-dns/unifi/externalsecret.yaml b/kubernetes/storage/apps/network/external-dns/unifi/externalsecret.yaml new file mode 100644 index 000000000000..d099cdd2c8db --- /dev/null +++ b/kubernetes/storage/apps/network/external-dns/unifi/externalsecret.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: external-dns-unifi +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: external-dns-unifi-secret + template: + engineVersion: v2 + data: + EXTERNAL_DNS_UNIFI_USER: "{{ .EXTERNAL_DNS_UNIFI_USER }}" + EXTERNAL_DNS_UNIFI_PASS: "{{ .EXTERNAL_DNS_UNIFI_PASS }}" + dataFrom: + - extract: + key: external-dns-unifi diff --git a/kubernetes/storage/apps/network/external-dns/unifi/helmrelease.yaml b/kubernetes/storage/apps/network/external-dns/unifi/helmrelease.yaml new file mode 100644 index 000000000000..ef71cd777afb --- /dev/null +++ b/kubernetes/storage/apps/network/external-dns/unifi/helmrelease.yaml @@ -0,0 +1,62 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app external-dns-unifi +spec: + interval: 30m + chart: + spec: + chart: external-dns + version: 1.14.4 + sourceRef: + kind: HelmRepository + name: external-dns + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + fullnameOverride: *app + logLevel: debug + provider: + name: webhook + webhook: + image: + repository: ghcr.io/kashalls/external-dns-unifi-webhook + tag: v0.0.5@sha256:221b808ff11ad8d23c4792a067c7184c135f30fc3823e3418321a3203af6b352 + env: + - name: UNIFI_HOST + value: https://192.168.1.1 + - name: SERVER_HOST + value: 0.0.0.0 + - name: UNIFI_USER + valueFrom: + secretKeyRef: + name: &secret external-dns-unifi-secret + key: EXTERNAL_DNS_UNIFI_USER + - name: UNIFI_PASS + valueFrom: + secretKeyRef: + name: *secret + key: EXTERNAL_DNS_UNIFI_PASS + - name: LOG_LEVEL + value: "debug" + - name: UNIFI_SKIP_TLS_VERIFY + value: "true" + policy: sync + sources: ["ingress", "service"] + txtOwnerId: default + txtPrefix: k8s. + domainFilters: ["turbo.ac"] + excludeDomains: ["internal", "devbu.io"] + serviceMonitor: + enabled: true + podAnnotations: + secret.reloader.stakater.com/reload: *secret diff --git a/kubernetes/storage/apps/network/external-dns/unifi/kustomization.yaml b/kubernetes/storage/apps/network/external-dns/unifi/kustomization.yaml new file mode 100644 index 000000000000..4eed917b96fa --- /dev/null +++ b/kubernetes/storage/apps/network/external-dns/unifi/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml