initial version of acmedns

_apps/acmedns.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: acmedns
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: acmedns
+    server: https://kubernetes.default.svc
+  project: apps
+  source:
+    path: acmedns
+    repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      prune: true
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: acmedns

acmedns/configmap.yaml

@@ -0,0 +1,68 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: traccar-config
+data:
+  config.cfg: |
+    [general]
+    listen = "0.0.0.0:53"
+    # protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
+    protocol = "both"
+    # domain name to serve the requests off of
+    domain = "acmedns.tbrnt.ch"
+    # zone name server
+    nsname = "acmedns.tbrnt.ch"
+    # admin email address, where @ is substituted with .
+    nsadmin = "admin.tbrnt.ch"
+    # predefined records served in addition to the TXT
+    records = [
+        # domain pointing to the public IP of your acme-dns server
+        "acmedns.tbrnt.ch. A 185.95.218.11",
+        # specify that auth.example.org will resolve any *.auth.example.org records
+        "acmedns.tbrnt.ch. NS acmedns.tbrnt.ch.",
+    ]
+    # debug messages from CORS etc
+    debug = false
+
+    [database]
+    # Database engine to use, sqlite3 or postgres
+    engine = "sqlite3"
+    # Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
+    # Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
+    connection = "/var/lib/acme-dns/acme-dns.db"
+
+    [api]
+    # listen ip eg. 127.0.0.1
+    ip = "0.0.0.0"
+    # disable registration endpoint
+    disable_registration = false
+    # listen port, eg. 443 for default HTTPS
+    port = "8080"
+    # possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
+    tls = "none"
+    # only used if tls = "cert"
+    tls_cert_privkey = "/etc/tls/example.org/privkey.pem"
+    tls_cert_fullchain = "/etc/tls/example.org/fullchain.pem"
+    # only used if tls = "letsencrypt"
+    acme_cache_dir = "api-certs"
+    # optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
+    notification_email = ""
+    # CORS AllowOrigins, wildcards can be used
+    corsorigins = [
+        "*"
+    ]
+    # use HTTP header to get the client ip
+    use_header = false
+    # header name to pull the ip address / list of ip addresses from
+    header_name = "X-Forwarded-For"
+
+    [logconfig]
+    # logging level: "error", "warning", "info" or "debug"
+    loglevel = "debug"
+    # possible values: stdout, TODO file & integrations
+    logtype = "stdout"
+    # file path for logfile TODO
+    # logfile = "./acme-dns.log"
+    # format, either "json" or "text"
+    logformat = "text"
+

acmedns/deployment.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: acmedns
+  name: acmedns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: acmedns
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: acmedns
+    spec:
+      containers:
+      - image: docker.io/joohoi/acme-dns:latest
+        name: acmedns
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 53
+          protocol: TCP
+        - containerPort: 53
+          protocol: UDP
+        - containerPort: 8080
+          protocol: TCP
+          name: api
+        volumeMounts:
+        - name: config
+          mountPath: /etc/acme-dns
+        - name: data
+          mountPath: /var/lib/acme-dns
+      volumes:
+      - name: config
+        configMap:
+          name: acmedns-config
+      - name: data
+        persistentVolumeClaim:
+          claimName: data

acmedns/ingress.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: acmedns
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  rules:
+  - host: acmedns.tbrnt.ch
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: acmedns
+            port:
+              name: api
+  tls:
+  - hosts:
+    - acmedns.tbrnt.ch
+    secretName: acmedns-tbrnt-ch

acmedns/pvc.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data
+  labels:
+    app: acmedns
+spec:
+  accessModes:
+  - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: local-path

acmedns/service.yaml

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: acmedns
+  name: acmedns-api
+spec:
+  ports:
+  - name: acmedns
+    port: 8080
+    protocol: TCP
+    targetPort: api
+  selector:
+    app: acmedns
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: acmedns
+  name: acmedns-dns
+spec:
+  ports:
+  - name: dnstcp
+    port: 53
+    protocol: TCP
+    targetPort: 53
+  - name: dnsudp
+    port: 53
+    protocol: UDP
+    targetPort: 53
+  selector:
+    app: acmedns
+  type: LoadBalancer