aggarwalakshun/ipv6-k3s
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'add metallb' (#21) from metallb into main

Browse Source 
Reviewed-on: #21
This commit was merged in pull request #21.
This commit is contained in:
Akshun Aggarwal
2025-12-31 21:00:22 +00:00
parent 93f174b684 c03d27a868
commit 5fe6c2a816
10 changed files with 233 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
clusters/ipv6/external-dns/cf-cron.yml Normal file
View File

@@ -0,0 +1,41 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: ipv6-dns-updater
namespace: external-dns
spec:
schedule: "*/60 * * * *"
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
nodeSelector:
traefik: "true"
containers:
- name: updater
image: alpine:3.20
command:
- /bin/sh
- -c
- |
apk add --no-cache curl jq &&
sh /mnt/update-ipv6.sh
env:
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: cloudflare-global-key
key: CF_API_KEY
- name: CF_EMAIL
valueFrom:
secretKeyRef:
name: cloudflare-global-key
key: CF_EMAIL
volumeMounts:
- name: script
mountPath: /mnt
volumes:
- name: script
configMap:
name: ipv6-updater-script

59
clusters/ipv6/external-dns/cf-script.yml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ipv6-updater-script
namespace: external-dns
data:
update-ipv6.sh: |
#!/bin/sh
ZONE_ID="fe797c7b55d4e23fcd7929173c72a021"
RECORD="*.akshun-lab.cc"
IPV6=$(curl -s https://api64.ipify.org)
if [ -z "$IPV6" ]; then
echo "No IPv6 detected"
exit 1
fi
# Get Record ID
RECORD_ID=$(curl -s \
-H "X-Auth-Email: $CF_EMAIL" \
-H "X-Auth-Key: $CF_API_KEY" \
"https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?type=AAAA&name=$RECORD" \
| jq -r '.result[0].id')
if [ "$RECORD_ID" = "null" ]; then
echo "Record does not exist, creating..."
curl -s -X POST \
-H "X-Auth-Email: $CF_EMAIL" \
-H "X-Auth-Key: $CF_API_KEY" \
-H "Content-Type: application/json" \
"https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
--data "{
\"type\": \"AAAA\",
\"name\": \"$RECORD\",
\"content\": \"$IPV6\",
\"ttl\": 120,
\"proxied\": true
}"
else
echo "Updating existing record..."
curl -s -X PUT \
-H "X-Auth-Email: $CF_EMAIL" \
-H "X-Auth-Key: $CF_API_KEY" \
-H "Content-Type: application/json" \
"https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \
--data "{
\"type\": \"AAAA\",
\"name\": \"$RECORD\",
\"content\": \"$IPV6\",
\"ttl\": 120,
\"proxied\": true
}"
fi

62
clusters/ipv6/kube-system/traefik/traefik-release.yml Normal file
View File

@@ -0,0 +1,62 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: traefik
namespace: kube-system
spec:
chart:
spec:
chart: traefik
sourceRef:
kind: HelmRepository
name: traefik
namespace: flux-system
version: '38.0.1'
install:
crds: Create
interval: 6h
releaseName: traefik
upgrade:
crds: CreateReplace
values:
deployment:
enabled: true
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
service:
enabled: false
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
readOnlyRootFilesystem: true
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
fsGroup: 0
nodeSelector:
traefik: "true"
ports:
web:
port: 80
exposedPort: 80
protocol: TCP
expose:
default: true
websecure:
port: 443
exposedPort: 443
protocol: TCP
expose:
default: true
providers:
kubernetesCRD: {}
kubernetesIngress: {}

9
clusters/ipv6/kube-system/traefik/traefik-repo.yml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik
namespace: flux-system
spec:
interval: 6h
url: https://traefik.github.io/charts

8
clusters/ipv6/metallb-system/l2-advertisement.yml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: k3s-lb-pool
namespace: metallb-system
spec:
ipAddressPools:
- pool-ip

22
clusters/ipv6/metallb-system/metallb-release.yml Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: metallb
namespace: metallb-system
spec:
interval: 6h
chart:
spec:
chart: metallb
version: "0.15.3"
sourceRef:
kind: HelmRepository
name: metallb
namespace: flux-system
interval: 6h
install:
createNamespace: true
upgrade:
remediation:
remediateLastFailure: true

9
clusters/ipv6/metallb-system/metallb-repo.yml Normal file
View File

@@ -0,0 +1,9 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: metallb
namespace: flux-system
spec:
interval: 6h
url: https://metallb.github.io/metallb

8
clusters/ipv6/metallb-system/pool-ip.yml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: pool-ip
namespace: metallb-system
spec:
addresses:
- 192.168.1.201-192.168.1.250

2
clusters/ipv6/tools/authelia/authelia-middleware.yml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: tools namespace: tools
spec: spec:
forwardAuth: forwardAuth:
address: http://authelia.tools.svc.cluster.local:9091/api/authz/forward-auth address: http://192.168.1.203:9091/api/authz/forward-auth
trustForwardHeader: true trustForwardHeader: true
authResponseHeaders: authResponseHeaders:
- Remote-User - Remote-User

14
clusters/ipv6/tools/authelia/authelia-svc.yml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: authelia-service
namespace: tools
spec:
annotations:
metallb.io/loadBalancerIPs: 192.168.1.203
selector:
app.kubernetes.io/instance: authelia
ports:
- port: 9091
targetPort: 9091
type: LoadBalancer