-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudflared.tf
72 lines (67 loc) · 2.06 KB
/
cloudflared.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
locals {
dominios = jsondecode(file("domains.json"))
template_hosts_file = "%{for dominio in local.dominios}192.168.1.30 ${dominio.value}\n%{endfor}"
}
resource "time_static" "restarted_at" {}
# Creamos el tunel de cloudflare
resource "cloudflare_zero_trust_tunnel_cloudflared" "cloudflare-tunnel" {
account_id = var.cloudflare-account-id
name = "grx01 kubernetes"
tunnel_secret = sensitive(base64sha256(var.cloudflare-tunnel-secret))
}
# Namespace de k8s para cloudflared
resource "kubernetes_namespace" "cloudflared-namespace" {
metadata {
name = "cloudflared"
}
}
# Secreto para la configuracion de cloudflared
resource "kubernetes_secret" "cloudflared-secrets" {
metadata {
name = "tunnel-credentials"
namespace = "cloudflared"
}
data = {
"credentials.json" = jsonencode({
AccountTag = var.cloudflare-account-id,
TunnelSecret = base64sha256(var.cloudflare-tunnel-secret),
TunnelID = cloudflare_zero_trust_tunnel_cloudflared.cloudflare-tunnel.id
})
}
}
# Configuracion de cloudflared
resource "kubernetes_config_map" "cloudflared-config" {
metadata {
name = "cloudflared-config"
namespace = "cloudflared"
}
data = {
"config.yaml" = yamlencode({
tunnel = "homelab-grx01-k8s"
credentials-file = "/etc/cloudflared/creds/credentials.json"
metrics = "0.0.0.0:2000"
no-autoupdate = true
ingress = flatten([
[for dominio in local.dominios : {
hostname = dominio.value
service = dominio.service
} if dominio.tunnel],
{ service = "http_status:404" }
])
})
}
}
# Desplegamos cloudflared
resource "kubernetes_manifest" "cloudflared" {
manifest = yamldecode(file("./kubernetes/cloudflared.yaml"))
}
# Configuramos los DNS internos
resource "kubernetes_config_map" "pihole-dominios-internos" {
data = {
"custom.list" = templatestring(local.template_hosts_file, { dominios = local.dominios })
}
metadata {
name = "dominios-internos"
namespace = "pihole"
}
}