From c03d27a86802651f580ca0734ef9443666a050dc Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Thu, 1 Jan 2026 02:25:20 +0530 Subject: [PATCH] add metallb --- clusters/ipv6/external-dns/cf-cron.yml | 41 ++++++++++++ clusters/ipv6/external-dns/cf-script.yml | 59 ++++++++++++++++++ .../kube-system/traefik/traefik-release.yml | 62 +++++++++++++++++++ .../ipv6/kube-system/traefik/traefik-repo.yml | 9 +++ .../ipv6/metallb-system/l2-advertisement.yml | 8 +++ .../ipv6/metallb-system/metallb-release.yml | 22 +++++++ clusters/ipv6/metallb-system/metallb-repo.yml | 9 +++ clusters/ipv6/metallb-system/pool-ip.yml | 8 +++ .../tools/authelia/authelia-middleware.yml | 2 +- clusters/ipv6/tools/authelia/authelia-svc.yml | 14 +++++ 10 files changed, 233 insertions(+), 1 deletion(-) create mode 100644 clusters/ipv6/external-dns/cf-cron.yml create mode 100644 clusters/ipv6/external-dns/cf-script.yml create mode 100644 clusters/ipv6/kube-system/traefik/traefik-release.yml create mode 100644 clusters/ipv6/kube-system/traefik/traefik-repo.yml create mode 100644 clusters/ipv6/metallb-system/l2-advertisement.yml create mode 100644 clusters/ipv6/metallb-system/metallb-release.yml create mode 100644 clusters/ipv6/metallb-system/metallb-repo.yml create mode 100644 clusters/ipv6/metallb-system/pool-ip.yml create mode 100644 clusters/ipv6/tools/authelia/authelia-svc.yml diff --git a/clusters/ipv6/external-dns/cf-cron.yml b/clusters/ipv6/external-dns/cf-cron.yml new file mode 100644 index 0000000..9bedce6 --- /dev/null +++ b/clusters/ipv6/external-dns/cf-cron.yml @@ -0,0 +1,41 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: ipv6-dns-updater + namespace: external-dns +spec: + schedule: "*/60 * * * *" + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + nodeSelector: + traefik: "true" + containers: + - name: updater + image: alpine:3.20 + command: + - /bin/sh + - -c + - | + apk add --no-cache curl jq && + sh /mnt/update-ipv6.sh + env: + - name: CF_API_KEY + valueFrom: + secretKeyRef: + name: cloudflare-global-key + key: CF_API_KEY + - name: CF_EMAIL + valueFrom: + secretKeyRef: + name: cloudflare-global-key + key: CF_EMAIL + volumeMounts: + - name: script + mountPath: /mnt + volumes: + - name: script + configMap: + name: ipv6-updater-script diff --git a/clusters/ipv6/external-dns/cf-script.yml b/clusters/ipv6/external-dns/cf-script.yml new file mode 100644 index 0000000..9ee54f5 --- /dev/null +++ b/clusters/ipv6/external-dns/cf-script.yml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ipv6-updater-script + namespace: external-dns +data: + update-ipv6.sh: | + #!/bin/sh + + ZONE_ID="fe797c7b55d4e23fcd7929173c72a021" + RECORD="*.akshun-lab.cc" + + IPV6=$(curl -s https://api64.ipify.org) + + if [ -z "$IPV6" ]; then + echo "No IPv6 detected" + exit 1 + fi + + + # Get Record ID + RECORD_ID=$(curl -s \ + -H "X-Auth-Email: $CF_EMAIL" \ + -H "X-Auth-Key: $CF_API_KEY" \ + "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?type=AAAA&name=$RECORD" \ + | jq -r '.result[0].id') + + if [ "$RECORD_ID" = "null" ]; then + echo "Record does not exist, creating..." + + curl -s -X POST \ + -H "X-Auth-Email: $CF_EMAIL" \ + -H "X-Auth-Key: $CF_API_KEY" \ + -H "Content-Type: application/json" \ + "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \ + --data "{ + \"type\": \"AAAA\", + \"name\": \"$RECORD\", + \"content\": \"$IPV6\", + \"ttl\": 120, + \"proxied\": true + }" + + else + echo "Updating existing record..." + + curl -s -X PUT \ + -H "X-Auth-Email: $CF_EMAIL" \ + -H "X-Auth-Key: $CF_API_KEY" \ + -H "Content-Type: application/json" \ + "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \ + --data "{ + \"type\": \"AAAA\", + \"name\": \"$RECORD\", + \"content\": \"$IPV6\", + \"ttl\": 120, + \"proxied\": true + }" + fi diff --git a/clusters/ipv6/kube-system/traefik/traefik-release.yml b/clusters/ipv6/kube-system/traefik/traefik-release.yml new file mode 100644 index 0000000..e9abb86 --- /dev/null +++ b/clusters/ipv6/kube-system/traefik/traefik-release.yml @@ -0,0 +1,62 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: traefik + namespace: kube-system +spec: + chart: + spec: + chart: traefik + sourceRef: + kind: HelmRepository + name: traefik + namespace: flux-system + version: '38.0.1' + install: + crds: Create + interval: 6h + releaseName: traefik + upgrade: + crds: CreateReplace + values: + deployment: + enabled: true + + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + + service: + enabled: false + + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + fsGroup: 0 + + nodeSelector: + traefik: "true" + + ports: + web: + port: 80 + exposedPort: 80 + protocol: TCP + expose: + default: true + + websecure: + port: 443 + exposedPort: 443 + protocol: TCP + expose: + default: true + + providers: + kubernetesCRD: {} + kubernetesIngress: {} diff --git a/clusters/ipv6/kube-system/traefik/traefik-repo.yml b/clusters/ipv6/kube-system/traefik/traefik-repo.yml new file mode 100644 index 0000000..ef5e52e --- /dev/null +++ b/clusters/ipv6/kube-system/traefik/traefik-repo.yml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: traefik + namespace: flux-system +spec: + interval: 6h + url: https://traefik.github.io/charts diff --git a/clusters/ipv6/metallb-system/l2-advertisement.yml b/clusters/ipv6/metallb-system/l2-advertisement.yml new file mode 100644 index 0000000..0609518 --- /dev/null +++ b/clusters/ipv6/metallb-system/l2-advertisement.yml @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: k3s-lb-pool + namespace: metallb-system +spec: + ipAddressPools: + - pool-ip diff --git a/clusters/ipv6/metallb-system/metallb-release.yml b/clusters/ipv6/metallb-system/metallb-release.yml new file mode 100644 index 0000000..bea9ba1 --- /dev/null +++ b/clusters/ipv6/metallb-system/metallb-release.yml @@ -0,0 +1,22 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: metallb + namespace: metallb-system +spec: + interval: 6h + chart: + spec: + chart: metallb + version: "0.15.3" + sourceRef: + kind: HelmRepository + name: metallb + namespace: flux-system + interval: 6h + install: + createNamespace: true + upgrade: + remediation: + remediateLastFailure: true diff --git a/clusters/ipv6/metallb-system/metallb-repo.yml b/clusters/ipv6/metallb-system/metallb-repo.yml new file mode 100644 index 0000000..95290f2 --- /dev/null +++ b/clusters/ipv6/metallb-system/metallb-repo.yml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: metallb + namespace: flux-system +spec: + interval: 6h + url: https://metallb.github.io/metallb diff --git a/clusters/ipv6/metallb-system/pool-ip.yml b/clusters/ipv6/metallb-system/pool-ip.yml new file mode 100644 index 0000000..bb08a6d --- /dev/null +++ b/clusters/ipv6/metallb-system/pool-ip.yml @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: pool-ip + namespace: metallb-system +spec: + addresses: + - 192.168.1.201-192.168.1.250 diff --git a/clusters/ipv6/tools/authelia/authelia-middleware.yml b/clusters/ipv6/tools/authelia/authelia-middleware.yml index 09a4f09..ad556c8 100644 --- a/clusters/ipv6/tools/authelia/authelia-middleware.yml +++ b/clusters/ipv6/tools/authelia/authelia-middleware.yml @@ -5,7 +5,7 @@ metadata: namespace: tools spec: forwardAuth: - address: http://authelia.tools.svc.cluster.local:9091/api/authz/forward-auth + address: http://192.168.1.203:9091/api/authz/forward-auth trustForwardHeader: true authResponseHeaders: - Remote-User diff --git a/clusters/ipv6/tools/authelia/authelia-svc.yml b/clusters/ipv6/tools/authelia/authelia-svc.yml new file mode 100644 index 0000000..73856ac --- /dev/null +++ b/clusters/ipv6/tools/authelia/authelia-svc.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: authelia-service + namespace: tools +spec: + annotations: + metallb.io/loadBalancerIPs: 192.168.1.203 + selector: + app.kubernetes.io/instance: authelia + ports: + - port: 9091 + targetPort: 9091 + type: LoadBalancer