feat(cloudflare-tunnel): add tunnel

2024-09-27 17:45:05 -04:00 · 2024-09-27 17:45:05 -04:00 · a5f4198f32
commit a5f4198f32
parent 28a07ca401
8 changed files with 121 additions and 0 deletions
--- a/apps/cloudflare-tunnel/overlays/system/config.json
+++ b/apps/cloudflare-tunnel/overlays/system/config.json
@ -0,0 +1,11 @@
+{
+  "appName": "cloudflare-tunnel",
+  "userGivenName": "cloudflare-tunnel",
+  "destNamespace": "network-system",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/cloudflare-tunnel/overlays/system",
+  "srcRepoURL": "ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}
--- a/apps/cloudflare-tunnel/overlays/system/deployment.patch.yaml
+++ b/apps/cloudflare-tunnel/overlays/system/deployment.patch.yaml
@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cloudflared-deployment
+spec:
+  template:
+    spec:
+      containers:
+        - name: cloudflared
+          env:
+            - name: TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cloudflared-config
+                  key: token
--- a/apps/cloudflare-tunnel/overlays/system/kustomization.yaml
+++ b/apps/cloudflare-tunnel/overlays/system/kustomization.yaml
@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+generators:
+  - ./secret-generator.yaml
+
+patches:
+  - path: deployment.patch.yaml
--- a/apps/cloudflare-tunnel/overlays/system/secret-generator.yaml
+++ b/apps/cloudflare-tunnel/overlays/system/secret-generator.yaml
@ -0,0 +1,10 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: cloudflared-ksops-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        path: ksops
+files:
+  - ./secret.enc.yaml
--- a/apps/cloudflare-tunnel/overlays/system/secret.enc.yaml
+++ b/apps/cloudflare-tunnel/overlays/system/secret.enc.yaml
@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: cloudflared-config
+type: Opaque
+data:
+    token: ENC[AES256_GCM,data:tkJD0z6idw6QZZL8IKu/PWo6RXABPy8BcgtP3ai43QnbXjW+uZa3nimTLSwWFcFIcVpRQAKYjvCOFI18ntf+gePk3rwLaUn7IXw2DerTwUYh6k8Erau1Tpp1J8K2X3l6JDtRVlpUwKaSyvIOuhlxsPNra+np3433flYHEuXCC2tB27IXcB/k36KHAramo3XptHhKe+3DoywUfQTYqco9oBrGWWCJVlcGm+KhOMAieekqdW9Ftj3EguMcQGkcLzqoiK1Z3v+fkI1/IL0gWR8Vew6hUzlD1IFcj0VD0vpGSM9s/VzMVn3vp7D1e3L3urFkmyM9nJHUW/8=,iv:In08NkxVSuyAzPdl7dayM/QXZPnc1OrShGrwar/iLsE=,tag:qEk5ZRioUvXwGcOClhdkHQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNGxaU3FHY1dMTnNXZDh2
+            S2M2QjhPcERqTXI0ajRLRDQ1MXdZNHdUbkhZCnM5Ly9VYk5ySlZmUVUwb3A3UzBI
+            QzU4RHFiQVFzaGlqbHFZOXQxVisrMVkKLS0tIEJEYVllQVNKc0ppTTZ6SUU1dXRI
+            a1ZkNHJLQjBlNmhaOTBMVXJEK1UxY1kKy4ioaiasJz3obb/+oR666lDqCWI4OcZu
+            aUAeQPGqR9U/UWLHqdKcJvsAxVItQyrl9a3vANdg6FZP8IQqDd4y/w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-09-27T21:03:45Z"
+    mac: ENC[AES256_GCM,data:kaQhH6AgeAhMuIqG8M4SoJCVUJhv9jkcXssoRASOM5sSixvRuzyLzaBHjY0jGHpmNPDDYmhe8YCrmnKBR6XSHbe5W0bkAK3fV+QPcWlHP5RHmtLMq68KM02ljxeKe+Z3Rdy5urydVCU8NYLnFET9rIcFFJMI5DM9pX5flNX3ZeQ=,iv:Ks8A9awmvnL7LmKrKc7tl3qsfc6oH4UAUeokMMfdjqc=,tag:xgN5BNdHkEllnR0TEjf0YQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1