diff --git a/_apps/acmedns.yaml b/_apps/acmedns.yaml new file mode 100644 index 0000000..fd3b721 --- /dev/null +++ b/_apps/acmedns.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: acmedns + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: acmedns + server: https://kubernetes.default.svc + project: apps + source: + path: acmedns + repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true +--- +apiVersion: v1 +kind: Namespace +metadata: + name: acmedns diff --git a/acmedns/configmap.yaml b/acmedns/configmap.yaml new file mode 100644 index 0000000..5da1ba9 --- /dev/null +++ b/acmedns/configmap.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: traccar-config +data: + config.cfg: | + [general] + listen = "0.0.0.0:53" + # protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6" + protocol = "both" + # domain name to serve the requests off of + domain = "acmedns.tbrnt.ch" + # zone name server + nsname = "acmedns.tbrnt.ch" + # admin email address, where @ is substituted with . + nsadmin = "admin.tbrnt.ch" + # predefined records served in addition to the TXT + records = [ + # domain pointing to the public IP of your acme-dns server + "acmedns.tbrnt.ch. A 185.95.218.11", + # specify that auth.example.org will resolve any *.auth.example.org records + "acmedns.tbrnt.ch. NS acmedns.tbrnt.ch.", + ] + # debug messages from CORS etc + debug = false + + [database] + # Database engine to use, sqlite3 or postgres + engine = "sqlite3" + # Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres + # Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3 + connection = "/var/lib/acme-dns/acme-dns.db" + + [api] + # listen ip eg. 127.0.0.1 + ip = "0.0.0.0" + # disable registration endpoint + disable_registration = false + # listen port, eg. 443 for default HTTPS + port = "8080" + # possible values: "letsencrypt", "letsencryptstaging", "cert", "none" + tls = "none" + # only used if tls = "cert" + tls_cert_privkey = "/etc/tls/example.org/privkey.pem" + tls_cert_fullchain = "/etc/tls/example.org/fullchain.pem" + # only used if tls = "letsencrypt" + acme_cache_dir = "api-certs" + # optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert + notification_email = "" + # CORS AllowOrigins, wildcards can be used + corsorigins = [ + "*" + ] + # use HTTP header to get the client ip + use_header = false + # header name to pull the ip address / list of ip addresses from + header_name = "X-Forwarded-For" + + [logconfig] + # logging level: "error", "warning", "info" or "debug" + loglevel = "debug" + # possible values: stdout, TODO file & integrations + logtype = "stdout" + # file path for logfile TODO + # logfile = "./acme-dns.log" + # format, either "json" or "text" + logformat = "text" + diff --git a/acmedns/deployment.yaml b/acmedns/deployment.yaml new file mode 100644 index 0000000..1bc0c72 --- /dev/null +++ b/acmedns/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: acmedns + name: acmedns +spec: + replicas: 1 + selector: + matchLabels: + app: acmedns + strategy: {} + template: + metadata: + labels: + app: acmedns + spec: + containers: + - image: docker.io/joohoi/acme-dns:latest + name: acmedns + imagePullPolicy: IfNotPresent + ports: + - containerPort: 53 + protocol: TCP + - containerPort: 53 + protocol: UDP + - containerPort: 8080 + protocol: TCP + name: api + volumeMounts: + - name: config + mountPath: /etc/acme-dns + - name: data + mountPath: /var/lib/acme-dns + volumes: + - name: config + configMap: + name: acmedns-config + - name: data + persistentVolumeClaim: + claimName: data diff --git a/acmedns/ingress.yaml b/acmedns/ingress.yaml new file mode 100644 index 0000000..3de0089 --- /dev/null +++ b/acmedns/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: acmedns + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingress.kubernetes.io/ssl-redirect: "true" +spec: + rules: + - host: acmedns.tbrnt.ch + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: acmedns + port: + name: api + tls: + - hosts: + - acmedns.tbrnt.ch + secretName: acmedns-tbrnt-ch diff --git a/acmedns/pvc.yaml b/acmedns/pvc.yaml new file mode 100644 index 0000000..52656e5 --- /dev/null +++ b/acmedns/pvc.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: data + labels: + app: acmedns +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 10Gi + storageClassName: local-path diff --git a/acmedns/service.yaml b/acmedns/service.yaml new file mode 100644 index 0000000..458346e --- /dev/null +++ b/acmedns/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: acmedns + name: acmedns-api +spec: + ports: + - name: acmedns + port: 8080 + protocol: TCP + targetPort: api + selector: + app: acmedns + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: acmedns + name: acmedns-dns +spec: + ports: + - name: dnstcp + port: 53 + protocol: TCP + targetPort: 53 + - name: dnsudp + port: 53 + protocol: UDP + targetPort: 53 + selector: + app: acmedns + type: LoadBalancer