mirror of
https://github.com/khuedoan/homelab.git
synced 2025-01-31 01:44:47 +07:00
20b4f10976
It's a breaking change due to a known oversight in the 3.x -> 4.x migration. https://github.com/cloudflare/terraform-provider-cloudflare/issues/2286 To resolve you can either: 1. Manually update the state file with the new resource name 2. Remove the resources from state, perform the upgrade and then reimport the resources back into the state 3. (What I did, but you'll have downtime) Comment out the tunnel resources, apply, bump the version to v4, uncomment, then apply again to recreate the resources
105 lines
2.4 KiB
HCL
105 lines
2.4 KiB
HCL
data "cloudflare_zone" "zone" {
|
|
name = "khuedoan.com"
|
|
}
|
|
|
|
data "cloudflare_api_token_permission_groups" "all" {}
|
|
|
|
resource "random_password" "tunnel_secret" {
|
|
length = 64
|
|
special = false
|
|
}
|
|
|
|
resource "cloudflare_tunnel" "homelab" {
|
|
account_id = var.cloudflare_account_id
|
|
name = "homelab"
|
|
secret = base64encode(random_password.tunnel_secret.result)
|
|
}
|
|
|
|
# Not proxied, not accessible. Just a record for auto-created CNAMEs by external-dns.
|
|
resource "cloudflare_record" "tunnel" {
|
|
zone_id = data.cloudflare_zone.zone.id
|
|
type = "CNAME"
|
|
name = "homelab-tunnel"
|
|
value = "${cloudflare_tunnel.homelab.id}.cfargotunnel.com"
|
|
proxied = false
|
|
ttl = 1 # Auto
|
|
}
|
|
|
|
resource "kubernetes_secret" "cloudflared_credentials" {
|
|
metadata {
|
|
name = "cloudflared-credentials"
|
|
namespace = "cloudflared"
|
|
|
|
annotations = {
|
|
"app.kubernetes.io/managed-by" = "Terraform"
|
|
}
|
|
}
|
|
|
|
data = {
|
|
"credentials.json" = jsonencode({
|
|
AccountTag = var.cloudflare_account_id
|
|
TunnelName = cloudflare_tunnel.homelab.name
|
|
TunnelID = cloudflare_tunnel.homelab.id
|
|
TunnelSecret = base64encode(random_password.tunnel_secret.result)
|
|
})
|
|
}
|
|
}
|
|
|
|
resource "cloudflare_api_token" "external_dns" {
|
|
name = "homelab_external_dns"
|
|
|
|
policy {
|
|
permission_groups = [
|
|
data.cloudflare_api_token_permission_groups.all.zone["Zone Read"],
|
|
data.cloudflare_api_token_permission_groups.all.zone["DNS Write"]
|
|
]
|
|
resources = {
|
|
"com.cloudflare.api.account.zone.*" = "*"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_secret" "external_dns_token" {
|
|
metadata {
|
|
name = "cloudflare-api-token"
|
|
namespace = "external-dns"
|
|
|
|
annotations = {
|
|
"app.kubernetes.io/managed-by" = "Terraform"
|
|
}
|
|
}
|
|
|
|
data = {
|
|
"value" = cloudflare_api_token.external_dns.value
|
|
}
|
|
}
|
|
|
|
resource "cloudflare_api_token" "cert_manager" {
|
|
name = "homelab_cert_manager"
|
|
|
|
policy {
|
|
permission_groups = [
|
|
data.cloudflare_api_token_permission_groups.all.zone["Zone Read"],
|
|
data.cloudflare_api_token_permission_groups.all.zone["DNS Write"]
|
|
]
|
|
resources = {
|
|
"com.cloudflare.api.account.zone.*" = "*"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_secret" "cert_manager_token" {
|
|
metadata {
|
|
name = "cloudflare-api-token"
|
|
namespace = "cert-manager"
|
|
|
|
annotations = {
|
|
"app.kubernetes.io/managed-by" = "Terraform"
|
|
}
|
|
}
|
|
|
|
data = {
|
|
"api-token" = cloudflare_api_token.cert_manager.value
|
|
}
|
|
}
|