Skip to content

Commit f271be6

Browse files
committedFeb 8, 2025
update for kubernetes
1 parent 140a2a2 commit f271be6

File tree

16 files changed

+69
-79
lines changed

16 files changed

+69
-79
lines changed
 

‎kubernetes/apps/production/cert-manager/certificates/local.yaml

+5-5
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,18 @@
22
apiVersion: cert-manager.io/v1
33
kind: Certificate
44
metadata:
5-
name: local-mafyuh-com
5+
name: local-mafyuh-dev
66
namespace: cert-manager
77
spec:
8-
secretName: local-mafyuh-com-production-tls
8+
secretName: local-mafyuh-dev-production-tls
99
secretTemplate:
1010
annotations:
1111
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
1212
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
1313
issuerRef:
1414
name: letsencrypt-production
1515
kind: ClusterIssuer
16-
commonName: "*.local.mafyuh.com"
16+
commonName: "*.local.mafyuh.dev"
1717
dnsNames:
18-
- "local.mafyuh.com"
19-
- "*.local.mafyuh.com"
18+
- "local.mafyuh.dev"
19+
- "*.local.mafyuh.dev"

‎kubernetes/apps/production/cert-manager/helmrelease.yaml

+2-2
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,10 @@ spec:
1818
installCRDs: true
1919
replicaCount: 1
2020
extraArgs:
21-
- --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
21+
- --dns01-recursive-nameservers=1.1.1.1:53,8.8.8.8:53
2222
- --dns01-recursive-nameservers-only
2323
podDnsPolicy: None
2424
podDnsConfig:
2525
nameservers:
2626
- "1.1.1.1"
27-
- "9.9.9.9"
27+
- "8.8.8.8"
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,20 @@
1-
---
21
apiVersion: cert-manager.io/v1
32
kind: ClusterIssuer
43
metadata:
5-
name: letsencrypt-production
4+
name: letsencrypt-production
65
spec:
7-
acme:
8-
server: https://acme-v02.api.letsencrypt.org/directory
9-
email: matt@mafyuh.dev
10-
privateKeySecretRef:
11-
name: letsencrypt-production
12-
solvers:
13-
- dns01:
14-
cloudflare:
15-
email: matt@mafyuh.dev
16-
apiTokenSecretRef:
17-
name: cloudflare-token-secret
18-
key: cloudflare-token
19-
selector:
20-
dnsZones:
21-
- "mafyuh.com"
6+
acme:
7+
server: https://acme-v02.api.letsencrypt.org/directory
8+
email: matt@mafyuh.dev
9+
privateKeySecretRef:
10+
name: letsencrypt-production
11+
solvers:
12+
- dns01:
13+
cloudflare:
14+
email: matt@mafyuh.dev
15+
apiTokenSecretRef:
16+
name: cloudflare-token-secret
17+
key: cloudflare-token
18+
selector:
19+
dnsZones:
20+
- local.mafyuh.dev

‎kubernetes/apps/production/cert-manager/issuers/secret-cf-token.yaml

+8-8
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
namespace: cert-manager
66
type: Opaque
77
stringData:
8-
cloudflare-token: ENC[AES256_GCM,data:v2kjVp6LLc/VG+ufNNfZel5ehCuZlglaVeKjfiw0YWlaO7YDYhrVbQ==,iv:+ME0TvaiOhoariGhZ+00UWvEkwlvwLhsG4zv6A0qZy8=,tag:2ZVGoDCzVeluB2Xz35mfEg==,type:str]
8+
cloudflare-token: ENC[AES256_GCM,data:QDWamL3h0NLZzezOq5Sxo64K+7nivtl2pmpCbWk6rUFzKXJR7ym6Mg==,iv:Uf6v8dHRvx7dFs9ES5e+YWIo12WtrrXqK1xJ8z/gOO4=,tag:6undZMM8eDXXRp12cRX+dA==,type:str]
99
sops:
1010
kms: []
1111
gcp_kms: []
@@ -15,14 +15,14 @@ sops:
1515
- recipient: age18z6wevr8ze5azvq7nfty3l29s7887l8n5mefr64avhlthtr4uvnqw90nfs
1616
enc: |
1717
-----BEGIN AGE ENCRYPTED FILE-----
18-
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5d1BDMzRsZG1RekZ1QXJ4
19-
MkZmejc2N0N5L3ZDMktuWjFNQ0FuWjBiVUFFCmFhc3JCT1poSUY4c0pVblhXWHE3
20-
YVIza1ROWTFzb1QvWFY5KzR1QTFLclkKLS0tIGxHMUVUUytoMFZwVVR6eTliUlVS
21-
NXFHeGlQZjZuOUZOUlFjWDByeE1nTkUKIj2H5RlZXGnCoRv8C5AMcwiiuAVZq/d2
22-
J70Wv/Dq/k4QNWC357Zj8sgMJicDjpOHbwgBwj6b+StEmPAeWgFBVg==
18+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRzV5Sy80OGJGQXRiNkND
19+
azlFZG1CNllYbG5kQ0VHRXNhbjdRcEN6TUU0Ckc2RjMza2laWS9Zb21tNmE0eUw3
20+
RG9SclYrWEFxYWs2ck95VWQ3MlJDUlEKLS0tIDg0dXYxZUFlUTNiQ2VWUElIdU1J
21+
ajRYUzRGREhIenNjdnlwMmtvVCthTHMKI74UwAsVX1QKQSez4E+Ks9VAF2QwbRDa
22+
rO/PdBYJK+MwCptCEiinxaSc5BDAyE0wYiC6Tmldz6ZHYTv1ADe21Q==
2323
-----END AGE ENCRYPTED FILE-----
24-
lastmodified: "2025-01-28T04:59:18Z"
25-
mac: ENC[AES256_GCM,data:6P0dTpxLmBacIJd3OQzPoh89l0eGarG7nc4X2rl/ULLn7IfiRh7CAo1RYbypCLzlo60WQGOD1bY0vzd+E652vqdV4BjuLG4WYm3lDTZ8BbpwUw1G2y9+5gg8zQPVhBcbGg9xV+gszTcaF6oziFT2q6OqD4Hhbgt8vCXOLD13bG4=,iv:5OFeeyapfZXaZyKNYDKzOTNCxocYS7f0ryW5ubJ16TQ=,tag:peEEC2Re+LCGRRd/hRdiwg==,type:str]
24+
lastmodified: "2025-02-08T18:43:20Z"
25+
mac: ENC[AES256_GCM,data:fuTN6KncxLvzw7o3ENVYKCIcmxDDbvOeIyfn/H1M5rtw3C8WiRnuz4XviYTh2y6EHv9FGEOI5RiRmtEtqiux7xn81DBobmAdgl/RFsrMsKus0SVpGn4PmZYfO/8R9xknyX93fbYicnahYpM3aHvwQx1njK64ywN+Hp0U+PZfMoQ=,iv:4EgN+gBOwkNty9uPSb1/wDOKTEHUUEtkeDEJDkB2/EE=,tag:Meb79CBfm3tot4vKf1OOmg==,type:str]
2626
pgp: []
2727
encrypted_regex: ^(data|stringData)$
2828
version: 3.9.4

‎kubernetes/apps/production/longhorn/helmrelease.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -12,5 +12,6 @@ spec:
1212
sourceRef:
1313
kind: HelmRepository
1414
name: longhorn-repo
15+
namespace: flux-system
1516
version: v1.8.0
1617
interval: 1m0s

‎kubernetes/apps/production/longhorn/ingress.yaml

+3-3
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ metadata:
1111
spec:
1212
ingressClassName: nginx
1313
rules:
14-
- host: "longhorn.local.mafyuh.com"
14+
- host: "longhorn.local.mafyuh.dev"
1515
http:
1616
paths:
1717
- pathType: Prefix
@@ -23,5 +23,5 @@ spec:
2323
number: 80
2424
tls:
2525
- hosts:
26-
- longhorn.local.mafyuh.com
27-
secretName: local-mafyuh-com-production-tls
26+
- longhorn.local.mafyuh.dev
27+
secretName: local-mafyuh-dev-production-tls
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
apiVersion: v1
22
kind: Namespace
33
metadata:
4-
name: nginx-ingress
4+
name: ingress-nginx
55
labels:
6-
name: nginx-ingress
6+
name: ingress-nginx

‎kubernetes/cluster/production/flux-system/apps.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
namespace: flux-system
66
spec:
77
interval: 5m
8-
path: "../../../apps"
8+
path: "./kubernetes/apps"
99
sourceRef:
1010
kind: GitRepository
1111
name: flux-system

‎kubernetes/cluster/production/flux-system/secrets.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ metadata:
55
namespace: flux-system
66
spec:
77
interval: 5m
8-
path: "./secrets"
8+
path: "./kubernetes/secrets"
99
sourceRef:
1010
kind: GitRepository
1111
name: flux-system

‎kubernetes/secrets/secret-cf-token.yaml

-28
This file was deleted.

‎packer/debian/debian-11-2.pkr.hcl

+6-5
Original file line numberDiff line numberDiff line change
@@ -107,10 +107,11 @@ build {
107107

108108

109109
provisioner "shell" {
110-
inline = [
111-
"sudo apt-get update",
112-
"sudo apt-get -y upgrade"
113-
]
110+
inline = [
111+
"sudo apt-get update",
112+
"sudo DEBIAN_FRONTEND=noninteractive apt-get install -y open-iscsi nfs-common cryptsetup",
113+
"sudo mkdir -p /etc/systemd/resolved.conf.d && echo '[Resolve]\nDNS=1.1.1.1' | sudo tee /etc/systemd/resolved.conf.d/dns_servers.conf",
114+
"sudo apt-get -y upgrade"
115+
]
114116
}
115-
116117
}

‎packer/debian/debian-11.pkr.hcl

+6-4
Original file line numberDiff line numberDiff line change
@@ -107,10 +107,12 @@ build {
107107

108108

109109
provisioner "shell" {
110-
inline = [
111-
"sudo apt-get update",
112-
"sudo apt-get -y upgrade"
113-
]
110+
inline = [
111+
"sudo apt-get update",
112+
"sudo mkdir -p /etc/systemd/resolved.conf.d && echo '[Resolve]\nDNS=1.1.1.1' | sudo tee /etc/systemd/resolved.conf.d/dns_servers.conf",
113+
"sudo DEBIAN_FRONTEND=noninteractive apt-get install -y open-iscsi nfs-common cryptsetup",
114+
"sudo apt-get -y upgrade"
115+
]
114116
}
115117

116118
}

‎terraform/proxmox/k3s-master1.tf

+2-1
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master1" {
4848
initialization {
4949
ip_config {
5050
ipv4 {
51-
address = "dhcp"
51+
address = data.bitwarden-secrets_secret.k3s_master1_ip.value
52+
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
5253
}
5354
}
5455

‎terraform/proxmox/k3s-master2.tf

+2-1
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master2" {
4848
initialization {
4949
ip_config {
5050
ipv4 {
51-
address = "dhcp"
51+
address = data.bitwarden-secrets_secret.k3s_master2_ip.value
52+
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
5253
}
5354
}
5455

‎terraform/proxmox/k3s-master3.tf

+2-1
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,8 @@ resource "proxmox_virtual_environment_vm" "K3s-Master3" {
4848
initialization {
4949
ip_config {
5050
ipv4 {
51-
address = "dhcp"
51+
address = data.bitwarden-secrets_secret.k3s_master3_ip.value
52+
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
5253
}
5354
}
5455

‎terraform/proxmox/secrets.tf

+12
Original file line numberDiff line numberDiff line change
@@ -16,4 +16,16 @@ data "bitwarden-secrets_secret" "ubu_ip" {
1616

1717
data "bitwarden-secrets_secret" "arrbuntu_ip" {
1818
id = "c65f8886-f6fb-4c17-bc79-b208000604bf"
19+
}
20+
21+
data "bitwarden-secrets_secret" "k3s_master1_ip" {
22+
id = "528104e1-2186-4d57-ae86-b27e01263972"
23+
}
24+
25+
data "bitwarden-secrets_secret" "k3s_master2_ip" {
26+
id = "71051171-a582-45e7-a239-b27e01269ef2"
27+
}
28+
29+
data "bitwarden-secrets_secret" "k3s_master3_ip" {
30+
id = "b48234d4-1b52-43e2-bab9-b27e0126bfdb"
1931
}

0 commit comments

Comments
 (0)
Please sign in to comment.