shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: opnsense-dns

Browse Source
This commit is contained in:
auricom
2025-08-21 02:13:15 +02:00
parent de34643721
commit 944cae7db3
7 changed files with 144 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kubernetes/apps/network/cloudflare-dns/app/helmrelease.yaml
View File

@@ -25,15 +25,18 @@ spec:
name: cloudflare-dns name: cloudflare-dns
install: install:
remediation: remediation:
retries: -1 retries: 3
upgrade: upgrade:
cleanupOnFail: true cleanupOnFail: true
remediation: remediation:
strategy: rollback
retries: 3 retries: 3
values: values:
fullnameOverride: *app fullnameOverride: *app
provider: provider:
name: cloudflare name: cloudflare
deploymentAnnotations:
reloader.stakater.com/auto: "true"
env: env:
- name: &name CF_API_TOKEN - name: &name CF_API_TOKEN
valueFrom: valueFrom:

8
kubernetes/apps/network/cloudflare-dns/ks.yaml
View File

@@ -12,14 +12,6 @@ spec:
dependsOn: dependsOn:
- name: external-secrets-stores - name: external-secrets-stores
namespace: external-secrets namespace: external-secrets
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
name: *app
namespace: *namespace
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: dnsendpoints.externaldns.k8s.io
interval: 1h interval: 1h
path: ./kubernetes/apps/network/cloudflare-dns/app path: ./kubernetes/apps/network/cloudflare-dns/app
prune: true prune: true

1
kubernetes/apps/network/kustomization.yaml
View File

@@ -11,3 +11,4 @@ resources:
- ./envoy-gateway/ks.yaml - ./envoy-gateway/ks.yaml
- ./gateway-api-crds/ks.yaml - ./gateway-api-crds/ks.yaml
- ./k8s-gateway/ks.yaml - ./k8s-gateway/ks.yaml
- ./opnsense-dns/ks.yaml

20
kubernetes/apps/network/opnsense-dns/app/externalsecret.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: opnsense-dns
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: opnsense-dns-secret
template:
data:
OPNSENSE_API_KEY: "{{ .EXTERNAL_DNS_OPNSENSE_API_KEY }}"
OPNSENSE_API_SECRET: "{{ .EXTERNAL_DNS_OPNSENSE_API_SECRET }}"
OPNSENSE_HOST: "{{ .OPNSENSE_HOST }}"
dataFrom:
- extract:
key: opnsense

88
kubernetes/apps/network/opnsense-dns/app/helmrelease.yaml Normal file
View File

@@ -0,0 +1,88 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: opnsense-dns
spec:
interval: 5m
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
ref:
tag: 1.18.0
url: oci://ghcr.io/home-operations/charts-mirror/external-dns
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app opnsense-dns
spec:
interval: 1h
chartRef:
kind: OCIRepository
name: opnsense-dns
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
values:
fullnameOverride: *app
logLevel: debug
deploymentAnnotations:
reloader.stakater.com/auto: "true"
provider:
name: webhook
webhook:
image:
repository: ghcr.io/crutonjohn/external-dns-opnsense-webhook
tag: v0.1.0@sha256:72d4f5c79e515b8a70bb2e48f6472c746671a3ae3d8ad224aa686dd7192e1609
env:
- name: LOG_LEVEL
value: debug
- name: OPNSENSE_API_KEY
valueFrom:
secretKeyRef:
name: &secret opnsense-dns-secret
key: OPNSENSE_API_KEY
- name: OPNSENSE_API_SECRET
valueFrom:
secretKeyRef:
name: *secret
key: OPNSENSE_API_SECRET
- name: OPNSENSE_HOST
valueFrom:
secretKeyRef:
name: *secret
key: OPNSENSE_HOST
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: 8080
initialDelaySeconds: 10
timeoutSeconds: 5
resources:
requests:
memory: 20Mi
cpu: 10m
limits:
memory: 100Mi
policy: upsert-only
registry: noop
sources: ["gateway-httproute", "service"]
domainFilters: ["${SECRET_EXTERNAL_DOMAIN}"]
serviceMonitor:
enabled: true
podAnnotations:
secret.reloader.stakater.com/reload: *secret

7
kubernetes/apps/network/opnsense-dns/app/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml

24
kubernetes/apps/network/opnsense-dns/ks.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app opnsense-dns
namespace: &namespace network
spec:
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: external-secrets-stores
namespace: external-secrets
interval: 1h
path: ./kubernetes/apps/network/opnsense-dns/app
prune: true
retryInterval: 2m
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: *namespace
timeout: 5m