diff --git a/kubernetes/apps/production/cert-manager/certificates/local.yaml b/kubernetes/apps/production/cert-manager/certificates/local.yaml
index b692c16..1849b8d 100644
--- a/kubernetes/apps/production/cert-manager/certificates/local.yaml
+++ b/kubernetes/apps/production/cert-manager/certificates/local.yaml
@@ -2,10 +2,10 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
- name: local-mafyuh-com
+ name: local-mafyuh-dev
namespace: cert-manager
spec:
- secretName: local-mafyuh-com-production-tls
+ secretName: local-mafyuh-dev-production-tls
secretTemplate:
annotations:
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
@@ -13,7 +13,7 @@ spec:
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
- commonName: "*.local.mafyuh.com"
+ commonName: "*.local.mafyuh.dev"
dnsNames:
- - "local.mafyuh.com"
- - "*.local.mafyuh.com"
\ No newline at end of file
+ - "local.mafyuh.dev"
+ - "*.local.mafyuh.dev"
\ No newline at end of file
diff --git a/kubernetes/apps/production/cert-manager/helmrelease.yaml b/kubernetes/apps/production/cert-manager/helmrelease.yaml
index e4ea8a5..baa5055 100644
--- a/kubernetes/apps/production/cert-manager/helmrelease.yaml
+++ b/kubernetes/apps/production/cert-manager/helmrelease.yaml
@@ -18,10 +18,10 @@ spec:
installCRDs: true
replicaCount: 1
extraArgs:
- - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
+ - --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53
- --dns01-recursive-nameservers-only
podDnsPolicy: None
podDnsConfig:
nameservers:
- "1.1.1.1"
- - "9.9.9.9"
+ - "8.8.8.8"
diff --git a/kubernetes/apps/production/cert-manager/issuers/letsencrypt.yaml b/kubernetes/apps/production/cert-manager/issuers/letsencrypt.yaml
index c94d51e..3ea59d9 100644
--- a/kubernetes/apps/production/cert-manager/issuers/letsencrypt.yaml
+++ b/kubernetes/apps/production/cert-manager/issuers/letsencrypt.yaml
@@ -1,21 +1,20 @@
----
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
- name: letsencrypt-production
+ name: letsencrypt-production
spec:
- acme:
- server: https://acme-v02.api.letsencrypt.org/directory
- email: matt@mafyuh.dev
- privateKeySecretRef:
- name: letsencrypt-production
- solvers:
- - dns01:
- cloudflare:
- email: matt@mafyuh.dev
- apiTokenSecretRef:
- name: cloudflare-token-secret
- key: cloudflare-token
- selector:
- dnsZones:
- - "mafyuh.com"
\ No newline at end of file
+ acme:
+ server: https://acme-v02.api.letsencrypt.org/directory
+ email: matt@mafyuh.dev
+ privateKeySecretRef:
+ name: letsencrypt-production
+ solvers:
+ - dns01:
+ cloudflare:
+ email: matt@mafyuh.dev
+ apiTokenSecretRef:
+ name: cloudflare-token-secret
+ key: cloudflare-token
+ selector:
+ dnsZones:
+ - local.mafyuh.dev
diff --git a/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml b/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml
index 70c4018..c84575a 100644
--- a/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml
+++ b/kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml
@@ -5,7 +5,7 @@ metadata:
namespace: cert-manager
type: Opaque
stringData:
- cloudflare-token: ENC[AES256_GCM,data:v2kjVp6LLc/VG+ufNNfZel5ehCuZlglaVeKjfiw0YWlaO7YDYhrVbQ==,iv:+ME0TvaiOhoariGhZ+00UWvEkwlvwLhsG4zv6A0qZy8=,tag:2ZVGoDCzVeluB2Xz35mfEg==,type:str]
+ cloudflare-token: ENC[AES256_GCM,data:QDWamL3h0NLZzezOq5Sxo64K+7nivtl2pmpCbWk6rUFzKXJR7ym6Mg==,iv:Uf6v8dHRvx7dFs9ES5e+YWIo12WtrrXqK1xJ8z/gOO4=,tag:6undZMM8eDXXRp12cRX+dA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -15,14 +15,14 @@ sops:
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1BDMzRsZG1RekZ1QXJ4
- MkZmejc2N0N5L3ZDMktuWjFNQ0FuWjBiVUFFCmFhc3JCT1poSUY4c0pVblhXWHE3
- YVIza1ROWTFzb1QvWFY5KzR1QTFLclkKLS0tIGxHMUVUUytoMFZwVVR6eTliUlVS
- NXFHeGlQZjZuOUZOUlFjWDByeE1nTkUKIj2H5RlZXGnCoRv8C5AMcwiiuAVZq/d2
- J70Wv/Dq/k4QNWC357Zj8sgMJicDjpOHbwgBwj6b+StEmPAeWgFBVg==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRzV5Sy80OGJGQXRiNkND
+ azlFZG1CNllYbG5kQ0VHRXNhbjdRcEN6TUU0Ckc2RjMza2laWS9Zb21tNmE0eUw3
+ RG9SclYrWEFxYWs2ck95VWQ3MlJDUlEKLS0tIDg0dXYxZUFlUTNiQ2VWUElIdU1J
+ ajRYUzRGREhIenNjdnlwMmtvVCthTHMKI74UwAsVX1QKQSez4E+Ks9VAF2QwbRDa
+ rO/PdBYJK+MwCptCEiinxaSc5BDAyE0wYiC6Tmldz6ZHYTv1ADe21Q==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-01-28T04:59:18Z"
- mac: ENC[AES256_GCM,data:6P0dTpxLmBacIJd3OQzPoh89l0eGarG7nc4X2rl/ULLn7IfiRh7CAo1RYbypCLzlo60WQGOD1bY0vzd+E652vqdV4BjuLG4WYm3lDTZ8BbpwUw1G2y9+5gg8zQPVhBcbGg9xV+gszTcaF6oziFT2q6OqD4Hhbgt8vCXOLD13bG4=,iv:5OFeeyapfZXaZyKNYDKzOTNCxocYS7f0ryW5ubJ16TQ=,tag:peEEC2Re+LCGRRd/hRdiwg==,type:str]
+ lastmodified: "2025-02-08T18:43:20Z"
+ mac: ENC[AES256_GCM,data:fuTN6KncxLvzw7o3ENVYKCIcmxDDbvOeIyfn/H1M5rtw3C8WiRnuz4XviYTh2y6EHv9FGEOI5RiRmtEtqiux7xn81DBobmAdgl/RFsrMsKus0SVpGn4PmZYfO/8R9xknyX93fbYicnahYpM3aHvwQx1njK64ywN+Hp0U+PZfMoQ=,iv:4EgN+gBOwkNty9uPSb1/wDOKTEHUUEtkeDEJDkB2/EE=,tag:Meb79CBfm3tot4vKf1OOmg==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.4
diff --git a/kubernetes/apps/production/longhorn/helmrelease.yaml b/kubernetes/apps/production/longhorn/helmrelease.yaml
index 879a621..9756989 100644
--- a/kubernetes/apps/production/longhorn/helmrelease.yaml
+++ b/kubernetes/apps/production/longhorn/helmrelease.yaml
@@ -12,5 +12,6 @@ spec:
sourceRef:
kind: HelmRepository
name: longhorn-repo
+ namespace: flux-system
version: v1.8.0
interval: 1m0s
diff --git a/kubernetes/apps/production/longhorn/ingress.yaml b/kubernetes/apps/production/longhorn/ingress.yaml
index 51faad3..47ab79d 100644
--- a/kubernetes/apps/production/longhorn/ingress.yaml
+++ b/kubernetes/apps/production/longhorn/ingress.yaml
@@ -11,7 +11,7 @@ metadata:
spec:
ingressClassName: nginx
rules:
- - host: "longhorn.local.mafyuh.com"
+ - host: "longhorn.local.mafyuh.dev"
http:
paths:
- pathType: Prefix
@@ -23,5 +23,5 @@ spec:
number: 80
tls:
- hosts:
- - longhorn.local.mafyuh.com
- secretName: local-mafyuh-com-production-tls
+ - longhorn.local.mafyuh.dev
+ secretName: local-mafyuh-dev-production-tls
diff --git a/kubernetes/apps/production/nginx/namespace.yaml b/kubernetes/apps/production/nginx/namespace.yaml
index be87e98..9f645ee 100644
--- a/kubernetes/apps/production/nginx/namespace.yaml
+++ b/kubernetes/apps/production/nginx/namespace.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
- name: nginx-ingress
+ name: ingress-nginx
labels:
- name: nginx-ingress
\ No newline at end of file
+ name: ingress-nginx
\ No newline at end of file
diff --git a/kubernetes/cluster/production/flux-system/apps.yaml b/kubernetes/cluster/production/flux-system/apps.yaml
index 22eb919..f0b8d5d 100644
--- a/kubernetes/cluster/production/flux-system/apps.yaml
+++ b/kubernetes/cluster/production/flux-system/apps.yaml
@@ -5,7 +5,7 @@ metadata:
namespace: flux-system
spec:
interval: 5m
- path: "../../../apps"
+ path: "./kubernetes/apps"
sourceRef:
kind: GitRepository
name: flux-system
diff --git a/kubernetes/cluster/production/flux-system/secrets.yaml b/kubernetes/cluster/production/flux-system/secrets.yaml
index eee79c4..aa93489 100644
--- a/kubernetes/cluster/production/flux-system/secrets.yaml
+++ b/kubernetes/cluster/production/flux-system/secrets.yaml
@@ -5,7 +5,7 @@ metadata:
namespace: flux-system
spec:
interval: 5m
- path: "./secrets"
+ path: "./kubernetes/secrets"
sourceRef:
kind: GitRepository
name: flux-system
diff --git a/kubernetes/secrets/secret-cf-token.yaml b/kubernetes/secrets/secret-cf-token.yaml
deleted file mode 100644
index 70c4018..0000000
--- a/kubernetes/secrets/secret-cf-token.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: cloudflare-token-secret
- namespace: cert-manager
-type: Opaque
-stringData:
- cloudflare-token: ENC[AES256_GCM,data:v2kjVp6LLc/VG+ufNNfZel5ehCuZlglaVeKjfiw0YWlaO7YDYhrVbQ==,iv:+ME0TvaiOhoariGhZ+00UWvEkwlvwLhsG4zv6A0qZy8=,tag:2ZVGoDCzVeluB2Xz35mfEg==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1BDMzRsZG1RekZ1QXJ4
- MkZmejc2N0N5L3ZDMktuWjFNQ0FuWjBiVUFFCmFhc3JCT1poSUY4c0pVblhXWHE3
- YVIza1ROWTFzb1QvWFY5KzR1QTFLclkKLS0tIGxHMUVUUytoMFZwVVR6eTliUlVS
- NXFHeGlQZjZuOUZOUlFjWDByeE1nTkUKIj2H5RlZXGnCoRv8C5AMcwiiuAVZq/d2
- J70Wv/Dq/k4QNWC357Zj8sgMJicDjpOHbwgBwj6b+StEmPAeWgFBVg==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-01-28T04:59:18Z"
- mac: ENC[AES256_GCM,data:6P0dTpxLmBacIJd3OQzPoh89l0eGarG7nc4X2rl/ULLn7IfiRh7CAo1RYbypCLzlo60WQGOD1bY0vzd+E652vqdV4BjuLG4WYm3lDTZ8BbpwUw1G2y9+5gg8zQPVhBcbGg9xV+gszTcaF6oziFT2q6OqD4Hhbgt8vCXOLD13bG4=,iv:5OFeeyapfZXaZyKNYDKzOTNCxocYS7f0ryW5ubJ16TQ=,tag:peEEC2Re+LCGRRd/hRdiwg==,type:str]
- pgp: []
- encrypted_regex: ^(data|stringData)$
- version: 3.9.4
diff --git a/packer/debian/debian-11-2.pkr.hcl b/packer/debian/debian-11-2.pkr.hcl
index 1c0ac0b..3688af5 100644
--- a/packer/debian/debian-11-2.pkr.hcl
+++ b/packer/debian/debian-11-2.pkr.hcl
@@ -107,10 +107,11 @@ build {
provisioner "shell" {
- inline = [
- "sudo apt-get update",
- "sudo apt-get -y upgrade"
- ]
+ inline = [
+ "sudo apt-get update",
+ "sudo DEBIAN_FRONTEND=noninteractive apt-get install -y open-iscsi nfs-common cryptsetup",
+ "sudo mkdir -p /etc/systemd/resolved.conf.d && echo '[Resolve]\nDNS=1.1.1.1' | sudo tee /etc/systemd/resolved.conf.d/dns_servers.conf",
+ "sudo apt-get -y upgrade"
+ ]
}
-
}
diff --git a/packer/debian/debian-11.pkr.hcl b/packer/debian/debian-11.pkr.hcl
index 234604d..95b2b02 100644
--- a/packer/debian/debian-11.pkr.hcl
+++ b/packer/debian/debian-11.pkr.hcl
@@ -107,10 +107,12 @@ build {
provisioner "shell" {
- inline = [
- "sudo apt-get update",
- "sudo apt-get -y upgrade"
- ]
+ inline = [
+ "sudo apt-get update",
+ "sudo mkdir -p /etc/systemd/resolved.conf.d && echo '[Resolve]\nDNS=1.1.1.1' | sudo tee /etc/systemd/resolved.conf.d/dns_servers.conf",
+ "sudo DEBIAN_FRONTEND=noninteractive apt-get install -y open-iscsi nfs-common cryptsetup",
+ "sudo apt-get -y upgrade"
+ ]
}
}
diff --git a/terraform/proxmox/k3s-master1.tf b/terraform/proxmox/k3s-master1.tf
index 9746a71..a010931 100644
--- a/terraform/proxmox/k3s-master1.tf
+++ b/terraform/proxmox/k3s-master1.tf
@@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master1" {
initialization {
ip_config {
ipv4 {
- address = "dhcp"
+ address = data.bitwarden-secrets_secret.k3s_master1_ip.value
+ gateway = data.bitwarden-secrets_secret.vlan_gateway.value
}
}
diff --git a/terraform/proxmox/k3s-master2.tf b/terraform/proxmox/k3s-master2.tf
index 92612db..789b0aa 100644
--- a/terraform/proxmox/k3s-master2.tf
+++ b/terraform/proxmox/k3s-master2.tf
@@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master2" {
initialization {
ip_config {
ipv4 {
- address = "dhcp"
+ address = data.bitwarden-secrets_secret.k3s_master2_ip.value
+ gateway = data.bitwarden-secrets_secret.vlan_gateway.value
}
}
diff --git a/terraform/proxmox/k3s-master3.tf b/terraform/proxmox/k3s-master3.tf
index f4f0eb5..ae712b5 100644
--- a/terraform/proxmox/k3s-master3.tf
+++ b/terraform/proxmox/k3s-master3.tf
@@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master3" {
initialization {
ip_config {
ipv4 {
- address = "dhcp"
+ address = data.bitwarden-secrets_secret.k3s_master3_ip.value
+ gateway = data.bitwarden-secrets_secret.vlan_gateway.value
}
}
diff --git a/terraform/proxmox/secrets.tf b/terraform/proxmox/secrets.tf
index 162e575..737ab58 100644
--- a/terraform/proxmox/secrets.tf
+++ b/terraform/proxmox/secrets.tf
@@ -16,4 +16,16 @@ data "bitwarden-secrets_secret" "ubu_ip" {
data "bitwarden-secrets_secret" "arrbuntu_ip" {
id = "c65f8886-f6fb-4c17-bc79-b208000604bf"
+}
+
+data "bitwarden-secrets_secret" "k3s_master1_ip" {
+ id = "528104e1-2186-4d57-ae86-b27e01263972"
+}
+
+data "bitwarden-secrets_secret" "k3s_master2_ip" {
+ id = "71051171-a582-45e7-a239-b27e01269ef2"
+}
+
+data "bitwarden-secrets_secret" "k3s_master3_ip" {
+ id = "b48234d4-1b52-43e2-bab9-b27e0126bfdb"
}
\ No newline at end of file