external-dns working

.envs/.cloudflare.template

@@ -1 +1 @@
-CF_API_TOKEN=e70d7d13-32a8-4f77-9afa-6faced4ea0e5
+cf_api_token=e70d7d13-32a8-4f77-9afa-6faced4ea0e5

.envs/.pihole.template

@@ -0,0 +1 @@
+pihole_password=4cae2867-5ad0-4205-9070-99a4a7f59a09

README.md

@@ -0,0 +1,19 @@
+# gitops
+This repository contains core services for my kubernetes cluster which are
+- MetalLB - LoadBalancer
+- Ingress Nginx - Ingress Controller
+- CSI NFS - PVC
+- PiHole and ExternalDNS - LAN DNS
+- ArgoCD - GitOps for my other services
+## How to use
+
+1. Get the secrets
+Either manually put your secrets in .env or run `./scripts/bw2secrets` - TODO
+
+2. Apply Kustomizations
+`kubectl apply -k .`
+
+3. Install all the apps
+`helmfile apply`
+
+4. Profit!

helmfile.yaml

@@ -11,6 +11,8 @@ repositories:
     url: https://argoproj.github.io/argo-helm
   - name: mojo2600
     url: https://mojo2600.github.io/pihole-kubernetes/
+  - name: bitnami
+    url: https://charts.bitnami.com/bitnami
 ---
 releases:
   - name: metallb
@@ -45,3 +47,9 @@ releases:
     version: 2.27.0
     values:
       - ./values/pihole.values.yaml
+  - name: external-dns-pihole
+    namespace: pihole
+    chart: bitnami/external-dns
+    version: 8.7.3
+    values:
+      - ./values/external-dns-pihole.values.yaml

kustomization.yaml

@@ -6,11 +6,18 @@ resources:
 - ./kustomize/csi-driver-nfs.yaml
 - ./kustomize/cert-manager-cloudflare.yaml
 
+
 secretGenerator:
   - name: cert-manager-cloudflare
     envs:
       - .envs/.cloudflare
     namespace: cert-manager
+  - name: pihole-admin
+    envs:
+      - .envs/.pihole
+    namespace: pihole
+    options:
+      disableNameSuffixHash: true
 
 configurations:
   - ./kustomizeconfig/clusterIssuer.yaml

kustomize/cert-manager-cloudflare.yaml

@@ -15,4 +15,4 @@ spec:
             email: kropikuba@gmail.com
             apiTokenSecretRef:
               name: cert-manager-cloudflare
-              key: CF_API_TOKEN
+              key: cf_api_token

values/external-dns-pihole.values.yaml

@@ -0,0 +1,10 @@
+txtOwnerId: kropcloud
+policy: upsert-only
+
+provider: pihole
+pihole:
+  server: http://pihole-web.pihole.svc.cluster.local
+  secretName: pihole-admin
+
+ingressClassFilters:
+  - ingress-nginx

values/pihole.values.yaml

@@ -11,6 +11,10 @@ ingress:
         - pihole.kropcloud.net
       secretName: pihole-tls
 
+admin:
+  existingSecret: pihole-admin
+  passwordKey: pihole_password
+
 persistentVolumeClaim:
   enabled: true