diff --git a/.envs/.cloudflare.template b/.envs/.cloudflare.template index 8716850..3a27b21 100644 --- a/.envs/.cloudflare.template +++ b/.envs/.cloudflare.template @@ -1 +1 @@ -CF_API_TOKEN=e70d7d13-32a8-4f77-9afa-6faced4ea0e5 \ No newline at end of file +cf_api_token=e70d7d13-32a8-4f77-9afa-6faced4ea0e5 \ No newline at end of file diff --git a/.envs/.pihole.template b/.envs/.pihole.template new file mode 100644 index 0000000..7c8b865 --- /dev/null +++ b/.envs/.pihole.template @@ -0,0 +1 @@ +pihole_password=4cae2867-5ad0-4205-9070-99a4a7f59a09 \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..643388c --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +# gitops +This repository contains core services for my kubernetes cluster which are +- MetalLB - LoadBalancer +- Ingress Nginx - Ingress Controller +- CSI NFS - PVC +- PiHole and ExternalDNS - LAN DNS +- ArgoCD - GitOps for my other services +## How to use + +1. Get the secrets +Either manually put your secrets in .env or run `./scripts/bw2secrets` - TODO + +2. Apply Kustomizations +`kubectl apply -k .` + +3. Install all the apps +`helmfile apply` + +4. Profit! \ No newline at end of file diff --git a/helmfile.yaml b/helmfile.yaml index 8c226a7..6b41df1 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,6 +11,8 @@ repositories: url: https://argoproj.github.io/argo-helm - name: mojo2600 url: https://mojo2600.github.io/pihole-kubernetes/ + - name: bitnami + url: https://charts.bitnami.com/bitnami --- releases: - name: metallb @@ -44,4 +46,10 @@ releases: chart: mojo2600/pihole version: 2.27.0 values: - - ./values/pihole.values.yaml \ No newline at end of file + - ./values/pihole.values.yaml + - name: external-dns-pihole + namespace: pihole + chart: bitnami/external-dns + version: 8.7.3 + values: + - ./values/external-dns-pihole.values.yaml \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml index 84cff33..ee1a639 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -6,11 +6,18 @@ resources: - ./kustomize/csi-driver-nfs.yaml - ./kustomize/cert-manager-cloudflare.yaml + secretGenerator: - name: cert-manager-cloudflare envs: - .envs/.cloudflare namespace: cert-manager + - name: pihole-admin + envs: + - .envs/.pihole + namespace: pihole + options: + disableNameSuffixHash: true configurations: - ./kustomizeconfig/clusterIssuer.yaml diff --git a/kustomize/cert-manager-cloudflare.yaml b/kustomize/cert-manager-cloudflare.yaml index 9856eac..2262ecf 100644 --- a/kustomize/cert-manager-cloudflare.yaml +++ b/kustomize/cert-manager-cloudflare.yaml @@ -15,4 +15,4 @@ spec: email: kropikuba@gmail.com apiTokenSecretRef: name: cert-manager-cloudflare - key: CF_API_TOKEN \ No newline at end of file + key: cf_api_token \ No newline at end of file diff --git a/values/external-dns-pihole.values.yaml b/values/external-dns-pihole.values.yaml new file mode 100644 index 0000000..e2fe660 --- /dev/null +++ b/values/external-dns-pihole.values.yaml @@ -0,0 +1,10 @@ +txtOwnerId: kropcloud +policy: upsert-only + +provider: pihole +pihole: + server: http://pihole-web.pihole.svc.cluster.local + secretName: pihole-admin + +ingressClassFilters: + - ingress-nginx diff --git a/values/pihole.values.yaml b/values/pihole.values.yaml index 66759c9..71d3d11 100644 --- a/values/pihole.values.yaml +++ b/values/pihole.values.yaml @@ -11,6 +11,10 @@ ingress: - pihole.kropcloud.net secretName: pihole-tls +admin: + existingSecret: pihole-admin + passwordKey: pihole_password + persistentVolumeClaim: enabled: true