diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..3321260 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,3 @@ +creation_rules: +- encrypted_regex: "^(token)$" + age: age1t4epxq5lzcnyj4xjav9jgnvnyaucyk243y4np9h78fx3k8lc55lqv6uu4z diff --git a/apps/kx3dex-radio/deployment.yaml b/apps/kx3dex-radio/deployment.yaml new file mode 100644 index 0000000..42f4c58 --- /dev/null +++ b/apps/kx3dex-radio/deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kx3dex-radio +spec: + selector: + matchLabels: + app: KX3DEX_Radio + replicas: 2 + template: + metadata: + labels: + app: KX3DEX_Radio + spec: + containers: + - name: kx3dex-radio-site + image: gitea.simplysyncedllc.com/dex/kx3dex_radio:1.3.0 + ports: + - containerPort: 3000 diff --git a/apps/kx3dex-radio/kustomization.yaml b/apps/kx3dex-radio/kustomization.yaml new file mode 100644 index 0000000..d253f15 --- /dev/null +++ b/apps/kx3dex-radio/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kx3dex-radio +resources: +- deployment.yaml diff --git a/apps/kx3dex-radio/namespace.yaml b/apps/kx3dex-radio/namespace.yaml new file mode 100644 index 0000000..fdb6410 --- /dev/null +++ b/apps/kx3dex-radio/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kx3dex-radio diff --git a/clusters/pi_cluster/cloudflare.yaml b/clusters/pi_cluster/cloudflare.yaml new file mode 100644 index 0000000..4f4ddd4 --- /dev/null +++ b/clusters/pi_cluster/cloudflare.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cloudflare + namespace: flux-system +spec: + interval: 60s + sourceRef: + kind: GitRepository + name: flux-system + path: ./infrastructure/cloudflare + prune: true + wait: true diff --git a/clusters/pi_cluster/flux-system/gotk-sync.yaml b/clusters/pi_cluster/flux-system/gotk-sync.yaml index 06093e7..be5d54a 100644 --- a/clusters/pi_cluster/flux-system/gotk-sync.yaml +++ b/clusters/pi_cluster/flux-system/gotk-sync.yaml @@ -1,5 +1,4 @@ # This manifest was generated by flux. DO NOT EDIT. ---- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: @@ -19,6 +18,10 @@ metadata: name: flux-system namespace: flux-system spec: + decryption: + provider: sops + secretRef: + name: sops-age interval: 10m0s path: ./clusters/pi_cluster prune: true diff --git a/clusters/pi_cluster/kx3dex-radio.yaml b/clusters/pi_cluster/kx3dex-radio.yaml new file mode 100644 index 0000000..b74537b --- /dev/null +++ b/clusters/pi_cluster/kx3dex-radio.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: kx3dex-radio + namespace: flux-system +spec: + interval: 60s + sourceRef: + kind: GitRepository + name: flux-system + path: ./apps/kx3dex-radio + prune: true + wait: true diff --git a/infrastructure/cloudflare/deployment.yaml b/infrastructure/cloudflare/deployment.yaml new file mode 100644 index 0000000..a005804 --- /dev/null +++ b/infrastructure/cloudflare/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudflared-deployment + namespace: cloudflare + labels: + app: cloudflared +spec: + selector: + matchLabels: + pod: cloudflared + replicas: 1 + template: + metadata: + creationTimestamp: null + labels: + pod: cloudflared + spec: + containers: + - name: cloudflared + image: cloudflare/cloudflared:latest + args: + - --token + - $(TUNNEL_TOKEN) + command: + - cloudflared + - tunnel + - --metrics + - 0.0.0.0:2000 + - run + env: + - name: TUNNEL_TOKEN + valueFrom: + secretKeyRef: + key: token + name: cloudflare-secret + livenessProbe: + httpGet: + path: /ready + port: 2000 + failureThreshold: 1 + initialDelaySeconds: 10 + periodSeconds: 10 diff --git a/infrastructure/cloudflare/kustomization.yaml b/infrastructure/cloudflare/kustomization.yaml new file mode 100644 index 0000000..b07f7d2 --- /dev/null +++ b/infrastructure/cloudflare/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cloudflare +resources: +- secrets.yaml +- deployment.yaml diff --git a/infrastructure/cloudflare/namespace.yaml b/infrastructure/cloudflare/namespace.yaml new file mode 100644 index 0000000..b7626fc --- /dev/null +++ b/infrastructure/cloudflare/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cloudflare diff --git a/infrastructure/cloudflare/secrets.yaml b/infrastructure/cloudflare/secrets.yaml new file mode 100644 index 0000000..e9c423e --- /dev/null +++ b/infrastructure/cloudflare/secrets.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-secrets + namespace: cloudflare +data: + token: ENC[AES256_GCM,data:MeAb854uwBi7ELRZwwJCbuuOAr1HD+JhfdEALu+twexHO+y7935+ZSVGOuhRDnSnihZ2dnI9GayPRqzvfecLUvu5Av7aPDlwMePCJJxhCBbdp0Igj3cZKotC67rH5/qOgtEYpkbqbcb6P0yCytgfaAthqyVcnm/3m6dVDi5H/fveN0Js/5ZmvgyZs0KWsKYXpybGhzr5mdwqza8cbdTVgNpcHbX6B1c9sCun079AWY7zpu2nnv+wbQ==,iv:XGfXGLOUdDPAuEavfs4R+WzRRuL8x4DI0qh44FN2rNQ=,tag:Ugrtirdj6Tdw/DaRZ4nq2A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1t4epxq5lzcnyj4xjav9jgnvnyaucyk243y4np9h78fx3k8lc55lqv6uu4z + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bHhOQmg0Qy9EMWhUUGwx + dExua2xUcldqaG93R3pxQnNaQ1J3OHFFV2xJCkJHWWc5amtEL2tqY3ZBZzZPdWdB + bkszNkZmWStZVUpHOUJZZERSMVBoOVEKLS0tIDNWSHJ1blFHVUt1RjZCQXRzRllr + Z0xjdWp6Vlh0dGI0NjhzN1laQis5eTgKwC8SVX+zcbZSKEnYI2HXROghqLcy9e0n + ndGw43qhaqJBra2RBfPHk6zRfOaVDpiZI07Hw3yIrDQXVjKNV+dHuQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-12T02:31:32Z" + mac: ENC[AES256_GCM,data:4gwFi+a8LWh/qXE7OChZs00E6Banq+5AYV+qyp8V1zKD7wpvEnsnVTkqCvH1KisO/xWlTuAo1fVkdGdhyQwnIKrHgxiWQ7EV+fkw+60Z1HpCOI+axLnlVV78XZW0J+jth8uGkvjE6aR0vGMvelET4Vd1BWx0rr7wUP0cOrswuqU=,iv:xjQvKl9O91y0sH9tkBovVyK6G+GfJYBe8o1lFtH+LM0=,tag:EdzeuE8RZH5lynT/oqWiww==,type:str] + pgp: [] + encrypted_regex: ^(token)$ + version: 3.9.0