diff --git a/installations/platform/helmfile.yaml b/installations/platform/helmfile.yaml index ec2bd2b..0dd44e0 100644 --- a/installations/platform/helmfile.yaml +++ b/installations/platform/helmfile.yaml @@ -18,6 +18,8 @@ repositories: url: https://charts.min.io/ - name: kyverno url: https://kyverno.github.io/kyverno/ + - name: external-dns + url: https://kubernetes-sigs.github.io/external-dns/ releases: - name: argocd chart: argo/argo-cd @@ -104,3 +106,10 @@ releases: bootstrap: true needs: - kyverno/kyverno + - name: external-dns + chart: external-dns/external-dns + version: 1.15.0 + namespace: platform + inherit: + - template: default-env-values + - template: default-env-secrets diff --git a/values/badhouseplants/secrets.external-dns.yaml b/values/badhouseplants/secrets.external-dns.yaml new file mode 100644 index 0000000..a812101 --- /dev/null +++ b/values/badhouseplants/secrets.external-dns.yaml @@ -0,0 +1,23 @@ +env: + - name: ENC[AES256_GCM,data:RLLp8toAkoWLWRjp,iv:UUP3i5QkNBw/pgYmxHtRUDx0E6i42e/Ioh1z6WnLESk=,tag:+PEinrzkisEQx5gVCpdJ3g==,type:str] + value: ENC[AES256_GCM,data:RKiCvUOctYha7fusMWNrOKHPgmMMjuejDCip470QMHQcxY1S+yJfXA==,iv:ESfZNZimJkD5T4tzRPMu53H+ushbhOuXaOdX73MaWV0=,tag:F516VFRCw6k589vClX8Jfw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eE5LTURCa1pyRjBocVpP + ZGxXMUZkUC9XK0xNb2duRnJiOHNzNGp0YXdrCkNvNWMvYWkyTHhQU1ZZeng2bmlz + bGRrd3p2dmx6MjBuc0lYakhMNERMOVUKLS0tIGpsRHcxdUFtTHlXVGZLTEZ0c0ov + b0RMSlFCM250MXJHbWhRTWtGbkxHc0kKpyzba8yp0xN1KjcUACcmlznH9vQtYAsL + 3bm7Cw2AZO7nkdCxky/ITd8N3rbqAVGeM2CeTAxpcMbEXKq66/yqDA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-15T15:21:16Z" + mac: ENC[AES256_GCM,data:aIXlmeiqaFu9Jn0zI1qyU3iAkhLKgqMwwLcLDlr+LeYX/88cZtzgP683jW3MYC/LxnNh4LG7v8EK/HViNnCkrvZ5iC9cibRPQYZJrkR3B3oGk4L+RxPws2VUa72pJsG0bQ8M2DDCoDO2T9OuuflqYENPLyYLL7D7CaeSj9w8G0A=,iv:EDaGmWFUnzp0vkIeR1J8iZ9+PjOMuRi4YltoqJAN0P0=,tag:DsSd6Nplvy0nIWaCJgnhgg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/badhouseplants/values.external-dns.yaml b/values/badhouseplants/values.external-dns.yaml new file mode 100644 index 0000000..fad21e1 --- /dev/null +++ b/values/badhouseplants/values.external-dns.yaml @@ -0,0 +1,4 @@ +provider: + name: cloudflare +domainFilter: + - badhouseplants.net diff --git a/values/badhouseplants/values.gitea.yaml b/values/badhouseplants/values.gitea.yaml index c522eec..a637901 100644 --- a/values/badhouseplants/values.gitea.yaml +++ b/values/badhouseplants/values.gitea.yaml @@ -26,6 +26,7 @@ ingress: kubernetes.io/ingress.global-static-ip-name: "" cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only hosts: - host: gitea.badhouseplants.net paths: diff --git a/values/badhouseplants/values.traefik.yaml b/values/badhouseplants/values.traefik.yaml index d779286..02d534d 100644 --- a/values/badhouseplants/values.traefik.yaml +++ b/values/badhouseplants/values.traefik.yaml @@ -1,5 +1,6 @@ globalArguments: - "--serversTransport.insecureSkipVerify=true" + - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik" ports: web: redirectTo: @@ -106,3 +107,8 @@ ports: exposedPort: 8388 expose: default: true +providers: + kubernetesIngress: + publishedServicePath: + enabled: true + publishedServicePath: "195.201.249.91" diff --git a/values/etersoft/secrets.external-dns.yaml b/values/etersoft/secrets.external-dns.yaml new file mode 100644 index 0000000..a812101 --- /dev/null +++ b/values/etersoft/secrets.external-dns.yaml @@ -0,0 +1,23 @@ +env: + - name: ENC[AES256_GCM,data:RLLp8toAkoWLWRjp,iv:UUP3i5QkNBw/pgYmxHtRUDx0E6i42e/Ioh1z6WnLESk=,tag:+PEinrzkisEQx5gVCpdJ3g==,type:str] + value: ENC[AES256_GCM,data:RKiCvUOctYha7fusMWNrOKHPgmMMjuejDCip470QMHQcxY1S+yJfXA==,iv:ESfZNZimJkD5T4tzRPMu53H+ushbhOuXaOdX73MaWV0=,tag:F516VFRCw6k589vClX8Jfw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eE5LTURCa1pyRjBocVpP + ZGxXMUZkUC9XK0xNb2duRnJiOHNzNGp0YXdrCkNvNWMvYWkyTHhQU1ZZeng2bmlz + bGRrd3p2dmx6MjBuc0lYakhMNERMOVUKLS0tIGpsRHcxdUFtTHlXVGZLTEZ0c0ov + b0RMSlFCM250MXJHbWhRTWtGbkxHc0kKpyzba8yp0xN1KjcUACcmlznH9vQtYAsL + 3bm7Cw2AZO7nkdCxky/ITd8N3rbqAVGeM2CeTAxpcMbEXKq66/yqDA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-15T15:21:16Z" + mac: ENC[AES256_GCM,data:aIXlmeiqaFu9Jn0zI1qyU3iAkhLKgqMwwLcLDlr+LeYX/88cZtzgP683jW3MYC/LxnNh4LG7v8EK/HViNnCkrvZ5iC9cibRPQYZJrkR3B3oGk4L+RxPws2VUa72pJsG0bQ8M2DDCoDO2T9OuuflqYENPLyYLL7D7CaeSj9w8G0A=,iv:EDaGmWFUnzp0vkIeR1J8iZ9+PjOMuRi4YltoqJAN0P0=,tag:DsSd6Nplvy0nIWaCJgnhgg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/values/etersoft/values.external-dns.yaml b/values/etersoft/values.external-dns.yaml new file mode 100644 index 0000000..fad21e1 --- /dev/null +++ b/values/etersoft/values.external-dns.yaml @@ -0,0 +1,4 @@ +provider: + name: cloudflare +domainFilter: + - badhouseplants.net diff --git a/values/etersoft/values.traefik.yaml b/values/etersoft/values.traefik.yaml index b47cdbc..0296aad 100644 --- a/values/etersoft/values.traefik.yaml +++ b/values/etersoft/values.traefik.yaml @@ -1,5 +1,6 @@ globalArguments: - "--serversTransport.insecureSkipVerify=true" + - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik" ports: web: redirectTo: