[feature] Cloudflared

kubernetes/argocd/03_default/cloudflare-tunnel.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cloudflare-tunnel
+  namespace: argocd
+spec:
+  destination:
+    namespace: default
+    server: 'https://kubernetes.default.svc'
+  source:
+    path: kubernetes/cluster/default/cloudflare-tunnel
+    repoURL: '[email protected]:maxim-mityutko/home-infra.git'
+    targetRevision: main
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

kubernetes/cluster/default/cloudflare-tunnel/cloudflared.yaml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: cloudflared
+  namespace: default
+  labels:
+    app.kubernetes.io/name: cloudflared
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: cloudflared
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: cloudflared
+    spec:
+      containers:
+        - name: cloudflared
+          image: cloudflare/cloudflared:2024.4.1
+          imagePullPolicy: IfNotPresent
+          args: [ tunnel, --config, /etc/cloudflared/config/tunnel.yaml, run ]
+          livenessProbe:
+            httpGet:
+              path: /ready
+              port: 2000
+            initialDelaySeconds: 10
+            failureThreshold: 5
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 20m
+              memory: 50Mi
+            limits:
+              cpu: 250m
+              memory: 100Mi
+          volumeMounts:
+            - name: cloudflared-tunnel
+              mountPath: /etc/cloudflared/config/tunnel.yaml
+              subPath: tunnel.yaml
+              readOnly: true
+            - name: cloudflared-credentials
+              mountPath: /etc/cloudflared/config/credentials.json
+              subPath: credentials.json
+              readOnly: true
+      volumes:
+        - name: cloudflared-tunnel
+          configMap:
+            name: cloudflared
+        - name: cloudflared-credentials
+          secret:
+            secretName: cloudflared

kubernetes/cluster/default/cloudflare-tunnel/config/tunnel.yaml

@@ -0,0 +1,19 @@
+tunnel: k8s
+credentials-file: /etc/cloudflared/config/credentials.json
+metrics: 0.0.0.0:2000
+no-autoupdate: true
+
+warp-routing:
+  enabled: false
+
+ingress:
+  # - hostname: hello.brhd.io
+  #   service: hello_world
+  - hostname: nc.brhd.io
+    #service: http://nextcloud.extras.svc.cluster.local:8080
+    service: https://nc.brhd.io
+    originRequest:
+      originServerName: nc.brhd.io
+  # - hostname: home.brhd.io
+  #   service: http://homer.default.svc.cluster.local:8080
+  - service: http_status:404

kubernetes/cluster/default/cloudflare-tunnel/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cloudflared.yaml
+  - secret.yaml
+configMapGenerator:
+  - name: cloudflared
+    files:
+      - config/tunnel.yaml
+    options:
+      disableNameSuffixHash: true

kubernetes/cluster/default/cloudflare-tunnel/secret.yaml

@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflared
+  namespace: default
+spec:
+  encryptedData:
+    credentials.json: AgBTVRrHYvTZQU/9J4IHIjwilSGHLWJ1BOd7aYG3XzPDrNmDr9wImZWkWOse1qhAAY5/z73d8Lg4G4EyYTDSn5vUIWmche2HvLdtBKNFF7Im1fsaBqnx1PPLg46AZrDXGtaDciF8hmAhzOWYojfTr9M2xvNn6BFV05HLNxcyjMXCIEYSxgxmOWB3Iz3ztROgb9hJ0V9rAxJqM0RYtJwZgUtIzTyFgwKioh46DlfNu2YhOqSDZbTLVtgUPVDJB07xOFT7Fji2HeohANwDsUR2J2ow1mmGzabKXjmncV1WERHYGUKOs21h5YA/UZRtiWvHJBQSOrmkPgCrDBNppLf0MWFtQdF8pbArK3JSKienKT/9DTgcLCNppfA0r+dNXkjdObiXGXVwpqjGl6csZau+s8FsQrrnngH6aPPgkq3dtT8IO885LU9+xKQliiwX+GWbuYRg1GDdE0AuEiDs0ThQxJEQylmJOtmdDwLk6SG2gmOVyqNrnsi9Qud6wA1BQ7/e8NhWBIDzx9u6WHc/8cBhtguxsq064kHCixov2BME1eLwMT2Hsm7mO5zzHPP0m0GVpfBfsEimjuDp22gjmlO8ws85/51ozN+hisgHYz409GMoSwBGk+5MlK7RGNWQb6UrEQ8zGFqQGd9YpXLDCt4XVkR+ziI6xxqC4HWwhJOZcWY31PR9DJc1CZn8sOxvI2rTiqmgxGe7dALCayCS8/sjVg5sMOBkl3VJZ1Tk6JeGck/uQLMwwiMsYWEWyCiIxsKpShXT+d8bSXWClPUd8WrpEXkW0V5BqOVkE1cR2f57lQA7MEHXs8c0gCsx2Q3mOoQiVRwNl5IMDkBt+A8KHeIgogOuP41CcBByHSHC3uQUo1sn6oQmxMmaRdxC4I30Uhk4I/aALZ//8vLlnr5WtCelS5721g==
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/name: cloudflared
+      name: cloudflared
+      namespace: default
+    type: Opaque