Merge pull request #56 from tuana9a/decommission-zephyrus-code-server

big update: dns, code-server, forwarder, vm cleanup
tuana9a · Sep 11, 2024 · 42943ee · 42943ee
2 parents 043a46e + f01f2e2
commit 42943ee
Show file tree

Hide file tree

Showing 42 changed files with 233 additions and 439 deletions.
diff --git a/023-dns/dns.tf b/023-dns/dns.tf
@@ -1,16 +1,7 @@
 resource "cloudflare_record" "zephyrus" {
   zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
   name    = "zephyrus"
-  value   = file("./ip_zephyrus.secret.txt")
-  type    = "A"
-  ttl     = 60
-  proxied = false
-}
-
-resource "cloudflare_record" "orisis" {
-  zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
-  name    = "orisis"
-  value   = file("./ip_orisis.secret.txt")
+  value   = local.zephyrus_public_ip
   type    = "A"
   ttl     = 60
   proxied = false
@@ -19,7 +10,7 @@ resource "cloudflare_record" "orisis" {
 resource "cloudflare_record" "imperial_ally_285602" {
   zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
   name    = "imperial-ally-285602"
-  value   = file("./ip_imperial_ally_285602.secret.txt")
+  value   = local.imperial_ally_285602_public_ip
   type    = "A"
   ttl     = 60
   proxied = false

diff --git a/023-dns/dns_codeserver.tf b/023-dns/dns_codeserver.tf
@@ -0,0 +1,17 @@
+resource "cloudflare_record" "dev" {
+  zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
+  name    = "dev"
+  value   = cloudflare_record.zephyrus.hostname
+  type    = "CNAME"
+  ttl     = 60
+  proxied = false
+}
+
+resource "cloudflare_record" "wildcard_dev" {
+  zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
+  name    = "*.dev"
+  value   = cloudflare_record.zephyrus.hostname
+  type    = "CNAME"
+  ttl     = 60
+  proxied = false
+}
diff --git a/023-dns/dns_dkhptd.tf b/023-dns/dns_dkhptd.tf
@@ -7,15 +7,6 @@ resource "cloudflare_record" "dkhptd_api" {
   proxied = false
 }
 
-resource "cloudflare_record" "dkhptd_api_dev" {
-  zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
-  name    = "dkhptd-api-dev"
-  value   = cloudflare_record.zephyrus.hostname
-  type    = "CNAME"
-  ttl     = 60
-  proxied = false
-}
-
 resource "cloudflare_record" "hcr" {
   zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
   name    = "hcr"

diff --git a/023-dns/dns_shortcuts.tf b/023-dns/dns_shortcuts.tf
@@ -6,12 +6,3 @@ resource "cloudflare_record" "zpr" {
   ttl     = 60
   proxied = false
 }
-
-resource "cloudflare_record" "ors" {
-  zone_id = data.cloudflare_zones.tuana9a_com.zones[0].id
-  name    = "ors"
-  value   = cloudflare_record.orisis.hostname
-  type    = "CNAME"
-  ttl     = 60
-  proxied = false
-}
diff --git a/023-dns/dns_test.tf b/023-dns/dns_test.tf
diff --git a/023-dns/ip_imperial_ally_285602.enc b/023-dns/ip_imperial_ally_285602.enc
diff --git a/023-dns/ip_orisis.enc b/023-dns/ip_orisis.enc
diff --git a/023-dns/ip_zephyrus.enc b/023-dns/ip_zephyrus.enc
diff --git a/023-dns/local_public_ip.tf b/023-dns/local_public_ip.tf
@@ -0,0 +1 @@
+../secrets/local_public_ip.tf
diff --git a/086-prometheus/values.yaml b/086-prometheus/values.yaml
@@ -1,6 +1,7 @@
 server:
   persistentVolume:
     storageClass: longhorn
+    size: 15Gi
 alertmanager:
   persistentVolume:
     storageClass: longhorn
diff --git a/087-cert-manager/manifests/ClusterIssuer.yml b/087-cert-manager/manifests/ClusterIssuer.yml
@@ -13,5 +13,7 @@ spec:
           cloudflare:
             email: tuana9a@gmail.com
             apiTokenSecretRef:
-              name: cloudflare-api-token-edit-dns
+              name: cloudflare-api-token
+              # NOTE: secret is required to be in the same namespace as cert-manager deployment
+              # otherwise it's will throw error secret not found when dns challenging
               key: api-token
diff --git a/600-k8s-forwarder/pve-cobi-forwarder.yaml b/600-k8s-forwarder/pve-cobi-forwarder.yaml
@@ -0,0 +1,89 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: tuana9a
+  name: pve-cobi-forwarder-conf
+data:
+  pve-cobi.conf: |
+    server {
+      listen 80;
+      server_name pve-cobi.tuana9a.com;
+
+      location / {
+        proxy_pass https://192.168.56.1:8006;
+        proxy_ssl_verify off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        # websocket
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+      }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pve-cobi-forwarder
+  namespace: tuana9a
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pve-cobi-forwarder
+  template:
+    metadata:
+      labels:
+        app: pve-cobi-forwarder
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.27.0
+          volumeMounts:
+            - name: pve-cobi-forwarder-conf
+              mountPath: /etc/nginx/conf.d
+              readOnly: true
+      volumes:
+        - name: pve-cobi-forwarder-conf
+          configMap:
+            name: pve-cobi-forwarder-conf
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pve-cobi-forwarder
+  namespace: tuana9a
+spec:
+  selector:
+    app: pve-cobi-forwarder
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pve-cobi-forwarder
+  namespace: tuana9a
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - "pve-cobi.tuana9a.com"
+      secretName: pve-cobi-tuana9a-com-tls
+  rules:
+    - host: "pve-cobi.tuana9a.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: pve-cobi-forwarder
+                port:
+                  number: 80
diff --git a/600-k8s-forwarder/tuana9a-dev-code-server-forwarder.yaml b/600-k8s-forwarder/tuana9a-dev-code-server-forwarder.yaml
@@ -0,0 +1,118 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: tuana9a
+  name: tuana9a-dev-code-server-forwarder-conf
+data:
+  code-server.conf: |
+    server {
+      listen 80;
+      server_name dev.tuana9a.com;
+
+      location / {
+        proxy_pass http://192.168.56.9:8009;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        # websocket
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+      }
+    }
+
+  code-server-expose-ports.conf: |
+    server {
+      listen 80;
+      server_name *.dev.tuana9a.com;
+
+      location / {
+        proxy_pass http://192.168.56.9:8009;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        # websocket
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+      }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tuana9a-dev-code-server-forwarder
+  namespace: tuana9a
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tuana9a-dev-code-server-forwarder
+  template:
+    metadata:
+      labels:
+        app: tuana9a-dev-code-server-forwarder
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:1.27.0
+          volumeMounts:
+            - name: tuana9a-dev-code-server-forwarder-conf
+              mountPath: /etc/nginx/conf.d
+              readOnly: true
+      volumes:
+        - name: tuana9a-dev-code-server-forwarder-conf
+          configMap:
+            name: tuana9a-dev-code-server-forwarder-conf
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tuana9a-dev-code-server-forwarder
+  namespace: tuana9a
+spec:
+  selector:
+    app: tuana9a-dev-code-server-forwarder
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tuana9a-dev-code-server-forwarder
+  namespace: tuana9a
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - "dev.tuana9a.com"
+      secretName: dev-tuana9a-com-tls
+    - hosts:
+        - "*.dev.tuana9a.com"
+      secretName: wildcard-dev-tuana9a-com-tls
+  rules:
+    - host: "dev.tuana9a.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: tuana9a-dev-code-server-forwarder
+                port:
+                  number: 80
+    - host: "*.dev.tuana9a.com"
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: tuana9a-dev-code-server-forwarder
+                port:
+                  number: 80
diff --git a/common/bizflycloud_server_orisis.data.tf b/common/bizflycloud_server_orisis.data.tf
diff --git a/files/orisis/haproxy/haproxy.cfg b/files/orisis/haproxy/haproxy.cfg