khuedoan-homelab/external
2021-12-12 22:02:13 +07:00
..
cert-manager feat(external): create cloudflare API token for cert-manager 2021-12-12 16:06:22 +07:00
cloudflared chore(external): upgrade cloudflared chart to latest version 2021-12-12 00:04:57 +07:00
external-dns feat: allow to disable external-dns for specific ingresses 2021-12-12 16:36:39 +07:00
velero feat(external/velero): add AWS plugin via init container 2021-12-12 17:48:43 +07:00
.gitignore
applicationset.tf feat(external): create API token for external-dns 2021-12-12 12:00:24 +07:00
backblaze.tf fix(external): adjust some variables 2021-12-11 23:49:53 +07:00
cloudflare.tf feat(external/cloudflare): restrict API tokens to home IP addresses 2021-12-12 22:02:13 +07:00
Makefile build(external): touch Terraform lock file after init 2021-12-11 23:48:26 +07:00
README.md docs: update external layer instruction 2021-12-12 11:55:16 +07:00
versions.tf feat(external): create API token for external-dns 2021-12-12 12:00:24 +07:00

External resources

WIP documents

These resources are optional, the homelab still works without them but will lack some features like trusted certificates and offsite backup

Although I try to keep the amount of external resources to the minimum, there's still need for a few of them. Below is a list of external resources and why we need them.

  • Terraform Cloud:
    • Workspace to store the state for external resources
  • Cloudflare:
    • DNS
    • DNS-01 challenge for Let's Encrypt
    • Tunnel to public services to the internet without port-forwarding
  • Backblaze:
    • B2 storage with S3 compatible API for offsite backup

This layer will deploy resources that require external dependencies using the following provisioners:

  • Terraform:
    • Create external resources
    • Add external secrets to namespaces
    • Create an ApplicationSet
  • ArgoCD (via the ApplicationSet created by Terraform):
    • Deploy Helm charts in the subdirectories

Prerequisites

Create Terraform workspace

TODO

Create Cloudflare API token

https://dash.cloudflare.com/profile/api-tokens

Terraform API token summary:

This API token will affect the below accounts and zones, along with their respective permissions

└── Khue Doan - Argo Tunnel:Edit, Account Settings:Read
    └── khuedoan.com - Zone:Read, DNS:Edit

Client IP Address Filtering

└── Is in - 117.xxx.xxx.xxx, 2402:xxx:xxx:xxx:xxx:xxx:xxx:xxx

Create Backblaze API key

https://secure.backblaze.com/app_keys.htm

Name of Key: Homelab
Allow access to Bucket(s): All
Type of Access: Read and Write

Deploy

Export environment variables for API keys:

export CLOUDFLARE_API_TOKEN=xxx
export B2_APPLICATION_KEY_ID=xxx
export B2_APPLICATION_KEY=xxx

Apply Terraform:

make