refactor(external): remove hardcoded internal DNS records

Use external-dns instead
2024-12-22 20:34:32 +07:00 · 2021-12-09 01:12:59 +07:00 · 2021-12-09 01:12:59 +07:00 · 275861a57b
commit 275861a57b
parent 924a88f67b
4 changed files with 30 additions and 32 deletions
--- a/external/.gitignore
+++ b/external/.gitignore
@ -1,3 +1,4 @@
+.env
 .terraform*
 terraform.tfstate
 terraform.tfvars
--- a/external/applicationset.tf
+++ b/external/applicationset.tf
@ -1,3 +1,8 @@
+provider "kubernetes" {
+  # Environment variables
+  # KUBE_CONFIG_PATH
+}
+
 resource "kubernetes_manifest" "external_applicationset" {
  manifest = {
    apiVersion = "argoproj.io/v1alpha1"
--- a/external/backblaze.tf
+++ b/external/backblaze.tf
@ -1,3 +1,9 @@
+provider "backblaze" {
+  # Environment variables
+  # B2_APPLICATION_KEY
+  # B2_APPLICATION_KEY_ID
+}
+
 resource "b2_bucket" "backup" {
  bucket_name = "homelab-backup"
  bucket_type = "allPrivate"
--- a/external/cloudflare.tf
+++ b/external/cloudflare.tf
@ -1,35 +1,13 @@
-locals {
-  internal_records = [
-    "*.knative",
-    "argocd",
-    "authentik",
-    "dex",
-    "grafana",
-    "home",
-    "jellyfin",
-    "paperless",
-    "seafile",
-    "syncthing",
-    "tekton",
-    "vault",
-  ]
-
-  tunnel_records = [
-    "git"
-  ]
+provider "cloudflare" {
+  # Environment variables
+  # CLOUDFLARE_API_KEY
 }

-resource "cloudflare_record" "internal_records" {
-  for_each = toset(local.internal_records)
-  zone_id = cloudflare_zone.khuedoan_com.id
-  type    = "A"
-  name    = each.key
-  # TODO use data to get ingress IP
-  value   = "192.168.1.150"
-  ttl     = 1 # Auto
+data "cloudflare_zone" "khuedoan_com" {
+  name = "khuedoan.com"
 }

-resource "random_password" "homelab_tunnel" {
+resource "random_password" "tunnel_secret" {
  length  = 64
  special = false
 }
@ -38,14 +16,22 @@ resource "cloudflare_argo_tunnel" "homelab" {
  # TODO (optimize) Use variable for account_id
  account_id = "xxx"
  name       = "homelab"
-  secret     = base64encode(random_password.homelab_tunnel.result)
+  secret     = base64encode(random_password.tunnel_secret.result)
 }

-resource "cloudflare_record" "git" {
-  zone_id = cloudflare_zone.khuedoan_com.id
+resource "cloudflare_record" "tunnels" {
+  for_each = toset([
+    "git"
+  ])
+
+  zone_id = data.cloudflare_zone.khuedoan_com.id
  type    = "CNAME"
-  name    = "git"
+  name    = each.key
  value   = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"
  proxied = true
  ttl     = 1 # Auto
 }
+
+# TODO
+# api token
+# add it to certmanager, external-dns, cloudflaredknamespace