khuedoan-homelab/external/cloudflare.tf

variable "cloudflare_account_id" {
  type = string
}

provider "cloudflare" {
  # Environment variables
  # CLOUDFLARE_API_TOKEN
}

data "cloudflare_zone" "khuedoan_com" {
  name = "khuedoan.com"
}

resource "random_password" "tunnel_secret" {
  length  = 64
  special = false
}

resource "cloudflare_argo_tunnel" "homelab" {
  # TODO (optimize) Use variable for account_id
  account_id = var.cloudflare_account_id
  name       = "homelab"
  secret     = base64encode(random_password.tunnel_secret.result)
}

resource "cloudflare_record" "tunnels" {
  for_each = toset([
    "git"
  ])

  zone_id = data.cloudflare_zone.khuedoan_com.id
  type    = "CNAME"
  name    = each.key
  value   = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"
  proxied = true
  ttl     = 1 # Auto
}

# TODO
# api token
# add it to certmanager, external-dns, cloudflaredknamespace

resource "kubernetes_namespace" "namespaces" {
  for_each = toset([
    "cert-manager",
    "cloudflared",
    "external-dns",
    "velero"
  ])

  metadata {
    name = each.key
  }
}

resource "kubernetes_secret" "cloudflared_credentials" {
  metadata {
    name = "cloudflared-credentials"
    namespace = "cloudflared"
  }

  data = {
    "credentials.json" = jsonencode({
      AccountTag   = var.cloudflare_account_id
      TunnelName   = cloudflare_argo_tunnel.homelab.name
      TunnelID     = cloudflare_argo_tunnel.homelab.id
      TunnelSecret = base64encode(random_password.tunnel_secret.result)
    })
  }
}
fix(external): adjust some variables 2021-12-11 23:49:53 +07:00			`variable "cloudflare_account_id" {`
			`type = string`
			`}`

refactor(external): remove hardcoded internal DNS records Use external-dns instead 2021-12-09 01:12:59 +07:00			`provider "cloudflare" {`
			`# Environment variables`
docs: add setup instruction for the external layer 2021-12-09 01:51:42 +07:00			`# CLOUDFLARE_API_TOKEN`
feat: initial support for external resources 2021-12-08 09:24:09 +07:00			`}`

refactor(external): remove hardcoded internal DNS records Use external-dns instead 2021-12-09 01:12:59 +07:00			`data "cloudflare_zone" "khuedoan_com" {`
			`name = "khuedoan.com"`
feat: initial support for external resources 2021-12-08 09:24:09 +07:00			`}`

refactor(external): remove hardcoded internal DNS records Use external-dns instead 2021-12-09 01:12:59 +07:00			`resource "random_password" "tunnel_secret" {`
feat: initial support for external resources 2021-12-08 09:24:09 +07:00			`length = 64`
			`special = false`
			`}`

			`resource "cloudflare_argo_tunnel" "homelab" {`
			`# TODO (optimize) Use variable for account_id`
fix(external): adjust some variables 2021-12-11 23:49:53 +07:00			`account_id = var.cloudflare_account_id`
feat: initial support for external resources 2021-12-08 09:24:09 +07:00			`name = "homelab"`
refactor(external): remove hardcoded internal DNS records Use external-dns instead 2021-12-09 01:12:59 +07:00			`secret = base64encode(random_password.tunnel_secret.result)`
feat: initial support for external resources 2021-12-08 09:24:09 +07:00			`}`

refactor(external): remove hardcoded internal DNS records Use external-dns instead 2021-12-09 01:12:59 +07:00			`resource "cloudflare_record" "tunnels" {`
			`for_each = toset([`
			`"git"`
			`])`

			`zone_id = data.cloudflare_zone.khuedoan_com.id`
feat: initial support for external resources 2021-12-08 09:24:09 +07:00			`type = "CNAME"`
refactor(external): remove hardcoded internal DNS records Use external-dns instead 2021-12-09 01:12:59 +07:00			`name = each.key`
fix(external/cloudflared): fix incorrect tunnel domain 2021-12-12 09:39:44 +07:00			`value = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"`
feat: initial support for external resources 2021-12-08 09:24:09 +07:00			`proxied = true`
			`ttl = 1 # Auto`
			`}`
refactor(external): remove hardcoded internal DNS records Use external-dns instead 2021-12-09 01:12:59 +07:00
			`# TODO`
			`# api token`
			`# add it to certmanager, external-dns, cloudflaredknamespace`
feat(external): inject Cloudflare Tunnel secret to the cluster 2021-12-09 02:03:16 +07:00
			`resource "kubernetes_namespace" "namespaces" {`
			`for_each = toset([`
			`"cert-manager",`
			`"cloudflared",`
			`"external-dns",`
			`"velero"`
			`])`

			`metadata {`
			`name = each.key`
			`}`
			`}`

			`resource "kubernetes_secret" "cloudflared_credentials" {`
			`metadata {`
			`name = "cloudflared-credentials"`
			`namespace = "cloudflared"`
			`}`

			`data = {`
fix(external): fix cloudflared credentials format 2021-12-12 00:22:05 +07:00			`"credentials.json" = jsonencode({`
			`AccountTag = var.cloudflare_account_id`
feat(external): inject Cloudflare Tunnel secret to the cluster 2021-12-09 02:03:16 +07:00			`TunnelName = cloudflare_argo_tunnel.homelab.name`
			`TunnelID = cloudflare_argo_tunnel.homelab.id`
			`TunnelSecret = base64encode(random_password.tunnel_secret.result)`
fix(external): fix cloudflared credentials format 2021-12-12 00:22:05 +07:00			`})`
feat(external): inject Cloudflare Tunnel secret to the cluster 2021-12-09 02:03:16 +07:00			`}`
			`}`