Merge pull request 'add ingress pvc, helmRepo and helmRelease for pulse' (#27) from add-pulse into main

Reviewed-on: #27

clusters/ipv6/external-dns/cf-cron.yml

@@ -1,41 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: ipv6-dns-updater
-  namespace: external-dns
-spec:
-  schedule: "*/60 * * * *"
-  successfulJobsHistoryLimit: 0
-  failedJobsHistoryLimit: 0
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          restartPolicy: OnFailure
-          containers:
-          - name: updater
-            image: alpine:3.20
-            command:
-              - /bin/sh
-              - -c
-              - |
-                apk add --no-cache curl jq &&
-                sh /mnt/update-ipv6.sh
-            env:
-            - name: CF_API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: cloudflare-global-key
-                  key: CF_API_KEY
-            - name: CF_EMAIL
-              valueFrom:
-                secretKeyRef:
-                  name: cloudflare-global-key
-                  key: CF_EMAIL
-            volumeMounts:
-            - name: script
-              mountPath: /mnt
-          volumes:
-          - name: script
-            configMap:
-              name: ipv6-updater-script

clusters/ipv6/external-dns/cf-script.yml

@@ -1,59 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ipv6-updater-script
-  namespace: external-dns
-data:
-  update-ipv6.sh: |
-    #!/bin/sh
-
-    ZONE_ID="fe797c7b55d4e23fcd7929173c72a021"
-    RECORD="*.akshun-lab.cc"
-
-    IPV6=$(curl -s https://api64.ipify.org)
-
-    if [ -z "$IPV6" ]; then
-      echo "No IPv6 detected"
-      exit 1
-    fi
-
-
-    # Get Record ID
-    RECORD_ID=$(curl -s \
-      -H "X-Auth-Email: $CF_EMAIL" \
-      -H "X-Auth-Key: $CF_API_KEY" \
-      "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?type=AAAA&name=$RECORD" \
-      | jq -r '.result[0].id')
-
-    if [ "$RECORD_ID" = "null" ]; then
-      echo "Record does not exist, creating..."
-
-      curl -s -X POST \
-        -H "X-Auth-Email: $CF_EMAIL" \
-        -H "X-Auth-Key: $CF_API_KEY" \
-        -H "Content-Type: application/json" \
-        "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \
-        --data "{
-          \"type\": \"AAAA\",
-          \"name\": \"$RECORD\",
-          \"content\": \"$IPV6\",
-          \"ttl\": 120,
-          \"proxied\": false
-        }"
-
-    else
-      echo "Updating existing record..."
-
-      curl -s -X PUT \
-        -H "X-Auth-Email: $CF_EMAIL" \
-        -H "X-Auth-Key: $CF_API_KEY" \
-        -H "Content-Type: application/json" \
-        "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" \
-        --data "{
-          \"type\": \"AAAA\",
-          \"name\": \"$RECORD\",
-          \"content\": \"$IPV6\",
-          \"ttl\": 120,
-          \"proxied\": false
-        }"
-    fi

clusters/ipv6/external-dns/cloudflare-secret-sealed.yml

@@ -1,14 +0,0 @@
----
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: cloudflare-api-token
-  namespace: external-dns
-spec:
-  encryptedData:
-    CF_API_TOKEN: AgBGXS4yStjaLKfFq7svTArF6Y9wr/RvwQcV3P/aj/QzH8R3z9UimgGlrY61zTapCszTRRR4NJ55XpYQAU+9ugkfhDXfpmyi63oh7WWGENonHZFii9iAuC1xKMVP0B43I9Jm+YSFFCxpVE3iTiXFVbyhiSrbPfYX8KP3ED58D4T1s0OjCFWI6Uk63C5Qvc3zzjYRAvy/eHq4DEfNXifkFw7hJ03OouUmZMkvZXieNvPa3lvtnXHzE55eu3gs8C0xr/zGa3r2StfsVwLdLYaya+hHNtgp3cIiB+p8ncoBIEbyGzWQwT5jbl7zn7lqSfafe6KVYNxzKMGicVhCCOQfGyCUrrGkbBC3eXRPSgcPoHaJxLwjzPR1rVniKDsdVpRun2wskGXScRvzBEmt6gucLTUQTapc2R3R7MO8rxX0+dOR4uj7/hJdOJqNb6b7G74Jf9Y8nFfY1QEIys2i04d2HHKRIomQfAcnU2IsbWO2lEw4wzToPOGI4kQQqpLR7dIFOQnRrWJRj/5x3titG/th3vIyTRVHigGSwH9DUEh3TgVBSQbWuJMbh9HRZ/3z06kfgiGAnydzltLUOGw3w3JRE09+vS7kGKDr78jcokVoPcm8riRc1eJQImZsodMA1SF8PH1u+y0kUEbJpRuRG0e3m1yC014laokpa3Lrl8BAJkqOyAjufAOmSFPvXNROxw3WB1tED8RjZSADSocZPVoKfPNxInGxFntojEoYQw+P32d4sBdj9tJqHuCy
-  template:
-    metadata:
-      name: cloudflare-api-token
-      namespace: external-dns
-    type: Opaque

clusters/ipv6/external-dns/namespace.yml

@@ -1,8 +0,0 @@
----
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: external-dns
-  labels:
-    name: external-dns
-

clusters/ipv6/flux-system/gotk-sync.yaml

@@ -11,7 +11,7 @@ spec:
     branch: main
   secretRef:
     name: flux-system
-  url: ssh://git@192.168.1.202/aggarwalakshun/ipv6-k3s
+  url: ssh://git@gitea.akshun-lab.cc/aggarwalakshun/ipv6-k3s
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization

clusters/ipv6/git-ops/gitea/gitea-ingress-route.yml

@@ -0,0 +1,14 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: gitea-ssh
+  namespace: git-ops
+spec:
+  entryPoints:
+    - ssh
+  routes:
+    - match: HostSNI(`*`)
+      services:
+        - name: gitea-int-service
+          port: 22

clusters/ipv6/git-ops/gitea/gitea-svc.yml

@@ -1,20 +1,3 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea-app
-  namespace: git-ops
-  annotations:
-    metallb.io/loadBalancerIPs: 192.168.1.202
-spec:
-  type: LoadBalancer
-  selector:
-    app: gitea-app
-  ports:
-  - port: 22
-    targetPort: 22
-    name: ssh
-
 ---
 apiVersion: v1
 kind: Service
@@ -28,6 +11,11 @@ spec:
     - protocol: TCP
       port: 3000
       targetPort: 3000
+      name: http
+    - protocol: TCP
+      port: 22
+      targetPort: 22
+      name: ssh
 
 ---
 apiVersion: v1

clusters/ipv6/kube-system/traefik/traefik-release.yml

@@ -57,6 +57,13 @@ spec:
         expose:
           default: true
 
+      ssh:
+        port: 22
+        exposedPort: 22
+        protocol: TCP
+        expose:
+          default: true
+
     providers:
       kubernetesCRD: {}
       kubernetesIngress: {}

clusters/ipv6/monitoring/pulse/pulse-ingress.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pulse-ingress
+  namespace: monitoring
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-cloudflare
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - pulse.akshun-lab.cc
+    secretName: pulse-tls
+  rules:
+  - host: pulse.akshun-lab.cc
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: pulse
+            port:
+              number: 7655

clusters/ipv6/monitoring/pulse/pulse-pvc.yml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pulse-longhorn
+  namespace: monitoring
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn

clusters/ipv6/monitoring/pulse/pulse-release.yml

@@ -0,0 +1,23 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: pulse
+  namespace: monitoring
+spec:
+  interval: 6h
+  chart:
+    spec:
+      chart: pulse
+      sourceRef:
+        kind: HelmRepository
+        name: pulse
+        namespace: flux-system
+      interval: 6h
+  values:
+    persistence: 
+      enabled: true
+      existingClaim: pulse-longhorn
+    image:
+      repository: rcourtman/pulse
+      tag: 5.0.10

clusters/ipv6/monitoring/pulse/pulse-repo.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: pulse
+  namespace: flux-system
+spec:
+  type: "oci"
+  interval: 6h
+  url: oci://ghcr.io/rcourtman/pulse-chart

clusters/ipv6/tools/cloudflare-ddns/cf-ddns-secret-sealed.yml

@@ -0,0 +1,14 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: cf-ddns-secret
+  namespace: tools
+spec:
+  encryptedData:
+    api-token: AgB0eovgOD1djWw86G6ETlDEtrs0Yf31v/9voMyLkBM76rlPQ1RaLSZ8ozyH1nriLgAtiF1/g5/dtshGE+YZ0o4RjMCLPEhJXGFftEYXCTqTfH6PoODf4FV3sSSB1qx0VIUYjk61xxM0SD1R0cjNUlfTQxpmVcI2Zw8bjuuYZXy3kNt/4znsWtYUdRWgLFb5cAsdsesL+deWTnvLv67M3DyQ3l1qoqndVHFh3Sshxd8eI46kEiPVYwK+s1lGxi/y+Qbmw9g8Ki5LNvryVe6SHDTEziNHtnKsbPeDQ4bHRCs2/KQqhZIR39+1KV8dJ6DcXgz3GUermcQdm2o5nnfb2e0hsrQflW/IKxValsO9Ds+I1LARIQqdEYMHvsoExd+YVyL86hO3OWqSu53WbWToqbzx2O2NZ0iVFhOIqGHzTOZS0CQY8n9w3lpB86VF7nGZHW8AjJ8Z8FpU11Yx5So0UJG25n0f7gszm6v9HVvb5MUBZyXosoJGgB6AGG4lFgDWze+JIvnsgWrfjUwzsGVXeXOoi16+qZwdXcU7NfRPy0c4UV6C+UQH1oAgHN6Qy/PoaOcs0qnHuP0Cnzr8TgeYzsStpntA+3sPLpRjYCzAiowc5HzKbHDArMDrKgdy6cQSYL58P57ZsYV/AmQC9S0n+vYAZbJlOeI7laxCoPYAxcWS8WCYPoBDVmELPeeI7ch4BaoTYpWpOrGVeaJkRtMTVuQ7Fgc5yFzVOH6KOTTLDXuM/3xYHhG1ZRXj
+  template:
+    metadata:
+      name: cf-ddns-secret
+      namespace: tools
+    type: Opaque

clusters/ipv6/tools/cloudflare-ddns/cf-ddns.yml

@@ -0,0 +1,35 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cf-ddns
+  namespace: tools
+spec:
+  selector:
+    matchLabels:
+      app: cf-ddns
+  template:
+    metadata:
+      labels:
+        app: cf-ddns
+    spec:
+      hostNetwork: true
+      containers:
+      - name: cf-ddns
+        image: favonia/cloudflare-ddns:1.15.1
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+        env:
+        - name: DOMAINS
+          value: "*.akshun-lab.cc"
+        - name: PROXIED
+          value: "false"
+        - name: IP4_PROVIDER
+          value: "none"
+        - name: CLOUDFLARE_API_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: cf-ddns-secret
+              key: api-token