add cloudflare-tunnels

2023-04-28 18:08:00 -05:00 · 2023-04-28 18:08:00 -05:00 · e77648a7f4
commit e77648a7f4
parent 9c3d1c17ce
4 changed files with 146 additions and 0 deletions
--- a/cloudflared/application.yaml
+++ b/cloudflared/application.yaml
@ -0,0 +1,107 @@
+#tunnels created with:
+# kubectl create secret generic -n cloudflare-tunnel cloudflare-tunnel-werts-credentials --from-file=credentials.json=$HOME/.cloudflared/060edc8a-f8f3-46fc-b007-ded654fdf6f1.json
+# kubectl create secret generic -n cloudflare-tunnel cloudflare-tunnel-strudelline-credentials --from-file=credentials.json=$HOME/.cloudflared/12dcd4b7-4987-4639-8bb3-0da0dfd1b1bc.json
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cloudflare-tunnel-werts
+  namespace: argocd
+  annotations:
+    docs.strudelline.net/origin: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/local-management/configuration-file/
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: cloudflare-tunnel
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+  source:
+    chart: cloudflare-tunnel
+    repoURL: https://rlex.github.io/helm-charts
+    targetRevision: 0.6.0
+    helm:
+      values: |-
+        cloudflared:
+          tunnelSecret: cloudflare-tunnel-werts-credentials
+          tunnel: 060edc8a-f8f3-46fc-b007-ded654fdf6f1
+          ingress:
+            - hostname: auth.werts.us
+              service: https://cascade-service.keycloak.svc.cluster.local
+              originRequest:
+                noTLSVerify: true
+            - hostname: red-1.werts.us
+              service: http://node-red-1.node-red.svc.cluster.local:4180
+            - hostname: chat.werts.us
+              service: http://synapse-werts.synapse.svc.cluster.local:8008
+            - hostname: noctowl.werts.us
+              service: http://172.16.18.1:5000
+              originRequest:
+                noTLSVerify: true
+            - hostname: werts.us
+              # static site hosted in minio.  needs host header set to load correct bucket.
+              service: http://172.16.18.1:53713
+              originRequest:
+                httpHostHeader: werts.us.minio.strudelline.net
+            - hostname: hello.werts.us
+              service: hello_world
+            - service: http_status:404
+          serviceMonitor:
+            enabled: false
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cloudflare-tunnel-strudelline
+  namespace: argocd
+  annotations:
+    docs.strudelline.net/origin: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/local-management/configuration-file/
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: cloudflare-tunnel
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+  source:
+    chart: cloudflare-tunnel
+    repoURL: https://rlex.github.io/helm-charts
+    targetRevision: 0.6.0
+    helm:
+      values: |-
+        cloudflared:
+          tunnelSecret: cloudflare-tunnel-strudelline-credentials
+          tunnel: 12dcd4b7-4987-4639-8bb3-0da0dfd1b1bc
+          ingress:
+            #- hostname: webdav.strudelline.net
+            #  service: http://172.16.18.1:5005
+            - hostname: jenkins.strudelline.net
+              service: http://jenkins.jenkins.svc.cluster.local:8080
+            - hostname: '*.strudelline.net'
+              service: http://haproxy-ingress.haproxy-ingress.svc.cluster.local:81
+            #  originRequest:
+            #    disableChunkedEncoding: true
+            #- hostname: warden.strudelline.net
+            #  service: http://vaultwarden.vaultwarden.svc.cluster.local:80
+            - hostname: hello.strudelline.net
+              service: hello_world
+            #- hostname: minio.strudelline.net
+            #  service: http://172.16.18.1:53713
+            #- hostname: minio.strudelline.net
+            #  service: http://172.16.18.1:53713
+            #- hostname: git.strudelline.net
+            #  service: http://172.16.18.1:57924
+            #- hostname: minio-admin.strudelline.net
+            #  service: http://172.16.18.1:53714
+            #- service: http_status:404
+            - service: hello_world
+          serviceMonitor:
+            enabled: false
--- a/cloudflared/cloudflare-tunnel-strudelline-sealed-secrets.yaml
+++ b/cloudflared/cloudflare-tunnel-strudelline-sealed-secrets.yaml
@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-tunnel-strudelline-credentials
+  namespace: cloudflare-tunnel
+spec:
+  encryptedData:
+    credentials.json: AgAbCT3tKDJZ2pNW+AkUDQFSlwnGItOgHYORacyKgo8S7mlltyGUh9FkpCe3UVj9VnPd/6bjXwq3hEN9q5Hha4M2HiSYvKOM4GF1LdLRLmZU8FfNNPXiQ71Tr8QENssCuc8QyGgGyAGzygv/JfJ8KrybteuUh44cB8y0TNpCsyeKeChGAcJRnvuu5xY71XOotKr0XLyw73gaFwZkDZRSetDXlBSHfiOtggw27fQeXBigqFEhTngQjZPZXUpAE4RdylCRggMYWsr+strql7aj+DY1F450ep3nRtgPpRlZbhK/uc6ydih8wJNI/t6aGvjLrTdcsvXrfdPCdMR4zi7RIcE5yzU5EBpGgKQuUUZNI9nJekRp/6x8qUWlPcfywTrHS3WKShBE39AGTt2qdRNDP+6WpTNho/JKiGaSgvVQdz/gK7rWP5tBLZuiDhVa86UiwiFd9vRP2Bb+OvGmxh6HgQ8hW5xQu9Lzvvsr8S8DEPmzJqTFLkOKMdAZ+DPNEtnA9g8MT08vqaqnY5qsu/zMxsSJ4EE6y1suPulXQEFMlmxEl6mX3H7UEfznEqF0jc6qx8i18JzNq6NdmMg6nBiHqWOjBfIAWTVEjOF+FPZ1VcYlt9qsoxvV7NQo3uES27l0+iDw1nK+qkIyRiGMlz1FvMOLvzmYlyj/rPke1XHhAv3PnDNHq1swkfZvjA8qguXILoHnEzdeqEHdlH4UeBH5dqvPV0CV2xRePUKwN4EG6gvVehQuOfT3W2CZzPBdClt+pXqcr32kYR79rPvusKJQShrFPX0j/IuCIZp+TMOf27T4RFymKhfF1oZTpVch7tEdPFuDPFzhrOb1hZiY0qqnyCmZKNxRRlikDuxeEHezp3Zuhau6IdgwdDV/z++BOLbDnmYfjfKY/vYg+sq4TGXHhRZtMQ==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-tunnel-strudelline-credentials
+      namespace: cloudflare-tunnel
+    type: Opaque
+
--- a/cloudflared/cloudflare-tunnel-werts-sealed-secrets.yaml
+++ b/cloudflared/cloudflare-tunnel-werts-sealed-secrets.yaml
@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-tunnel-werts-credentials
+  namespace: cloudflare-tunnel
+spec:
+  encryptedData:
+    credentials.json: AgBqmX0EzNiUnMO9IQ4mWUa3GSLclCU4XS4zTyCklcgaSzkLu3LJwscF2ihoVp/2NNLkR5Sy0eyY5LVyKJeu+0N8ijaZ5c/xGEix3+k6QACtj1VOX1rbC3j3dFUaX/9rFnTQUvI9kz/buicnNR424WyukwOM9EqvDKp3p8X/58kEsG3zxsq+Nn7fSKLQbW8D+0ItIpGAT9WwnVV6Q5RHSNU2rAeyeVseU55VoQqh0zkoFG6CMMguBS4Ma3xJjxyvTRT+e7Xl8jmuoN8ehf1MATyeUCIhWdrHax8/GsBB+LfMpjs5XOZFtfnwfUpaL1ueBGzRf3Y94FhBos3Jz4uNts3f+e5WKt0a4tNYItoKAPCalCcUNcWACqYuIcw7kJV6kcGmsengoNfmkSeVY2cthBBZ4rESFkfyLNnmEg1406/fsuo5QMEFNlVXo+BCbkzrl77c4AdXBvLz/v7LPxZXj0vshzLI1eehWnXyRR1em/K2ENqFyJQcGeP43U9dI+HtEQ2gsCWXwv97Do0sm77nvmvaCIRgD/NLUz1K/fJMFh1SoYtaP3A5EPDrANcw0kT4MPTPfUWE4opygibJmj29C4hYh59lpDmrBOyw53XV12gjAIYRuk8UXhdByhoe7C/bdGw8JFxPsCYT9tlSCz28LR76Mie5amkqu9RjZ/TSK6HQUW8nZ3vNkxHWtAjHMq80fYNEiwMzh9BMFWnP6S/B7PnMtB3nYp9vl5oVwKFOQh6URHzgRF2NtZbu3PjPj0wHSFdwPx1AmyKDMlXaRSEKXoHQul83/mprMxkvIvCQreWdz6wFoLvYHscO/vk9T9t0AXk32xU7nWkZc2g14Xyb15e27v4X2NQ2syGaiEmrW1hTnDxqS38PoSj4zBUSTppCwnOhqnvOInqGkU+Oax07lo5tdg==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-tunnel-werts-credentials
+      namespace: cloudflare-tunnel
+    type: Opaque
+
--- a/cloudflared/ns.yaml
+++ b/cloudflared/ns.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    wildcard-tls.kn8v.com/copy: "true"
+  name: cloudflare-tunnel