mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2024-12-23 01:24:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

refactor(external): remove IP whitelist for Cloudflare tokens

Browse Source 
For home networks without static IP, external-dns and cert-manager might
fail after some time if this module is not applied.
This commit is contained in:
Khue Doan 2023-12-22 12:58:42 +07:00
parent 65af4ff8e6
commit 88eab4ace1
1 changed files with 0 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
external/modules/cloudflare/main.tf
View File

@ -4,21 +4,6 @@ data "cloudflare_zone" "zone" {
data "cloudflare_api_token_permission_groups" "all" {} data "cloudflare_api_token_permission_groups" "all" {}
data "http" "public_ipv4" {
url = "https://ipv4.icanhazip.com"
}
# data "http" "public_ipv6" {
# url = "https://ipv6.icanhazip.com"
# }
locals {
public_ips = [
"${chomp(data.http.public_ipv4.body)}/32",
# "${chomp(data.http.public_ipv6.body)}/128"
]
}
resource "random_password" "tunnel_secret" { resource "random_password" "tunnel_secret" {
length = 64 length = 64
special = false special = false
@ -68,12 +53,6 @@ resource "cloudflare_api_token" "external_dns" {
"com.cloudflare.api.account.zone.*" = "*" "com.cloudflare.api.account.zone.*" = "*"
} }
} }
condition {
request_ip {
in = local.public_ips
}
}
} }
resource "kubernetes_secret" "external_dns_token" { resource "kubernetes_secret" "external_dns_token" {
@ -99,12 +78,6 @@ resource "cloudflare_api_token" "cert_manager" {
"com.cloudflare.api.account.zone.*" = "*" "com.cloudflare.api.account.zone.*" = "*"
} }
} }
condition {
request_ip {
in = local.public_ips
}
}
} }
resource "kubernetes_secret" "cert_manager_token" { resource "kubernetes_secret" "cert_manager_token" {