Add cloudflare tunnel

Author: Utwo

infra/argo-apps/cloudflare-tunnel.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cloudflare-tunnel
+  namespace: argocd
+spec:
+  project: infra
+  sources:
+    - repoURL: https://github.com/code4romania/code4ro-k8s.git
+      path: infra/cloudflare-tunnel
+      targetRevision: HEAD
+  destination:
+    namespace: cloudflare-tunnel
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true

infra/cloudflare-tunnel/cloudflare-tunnel.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: cloudflared
+  name: cloudflared-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      pod: cloudflared
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        pod: cloudflared
+    spec:
+      containers:
+        - command:
+            - cloudflared
+            - tunnel
+            - --config
+            - /etc/cloudflared/config/config.yaml
+            - run
+          env:
+            - name: TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cloudflare-tunnel
+                  key: TUNNEL_TOKEN
+          image: cloudflare/cloudflared:latest
+          name: cloudflared
+          livenessProbe:
+            httpGet:
+              # Cloudflared has a /ready endpoint which returns 200 if and only if
+              # it has an active connection to the edge.
+              path: /ready
+              port: 2000
+            failureThreshold: 1
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          volumeMounts:
+            - name: config
+              mountPath: /etc/cloudflared/config
+              readOnly: true
+      volumes:
+        - name: config
+          configMap:
+            name: cloudflared-configmap
+            items:
+              - key: config.yaml
+                path: config.yaml

infra/cloudflare-tunnel/configmap.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloudflared-configmap
+data:
+  config.yaml: |
+    tunnel: code4ro-k8s-hetzner
+    metrics: 0.0.0.0:2000
+    warp-routing:
+      enabled: true
+    no-autoupdate: true
+    ingress:
+    - hostname: cd.code4.ro
+      service: http://argocd-server.argocd:8080
+    - hostname: metrics.code4.ro
+      service: http://victoria-metrics-grafana.victoria-metrics:80
+    - service: http_status:404

infra/cloudflare-tunnel/sealed-secret.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-tunnel
+  namespace: victoria-metrics
+spec:
+  encryptedData:
+    TUNNEL_TOKEN: AgCS2lVg1jD+wlfZJdRo6ZOvNs/zVOFTiyQ5Q7s2MGaQcTcZfz4oUxFkwf1E7ZBha2hBHptGl7famYaYc6XRbbQeQhis+qfMuEh7ZqT9Bom5WEs0dQjcN6iqJjEWgcPUapQPPlpp+9AdSMlfU5vAB1NZ4eqvfsTQ/MlWFAlLjLsf3X9ZG/7UvZ+9iKaycxZI4Rthefjouu+avnc47P0RFvFQctplpTVcKf4PfTmSbsUpkkvcNxFJuX5xE1Ouyxtu9hbN+EWpQFE+Sn9hWTGAREqaP2B6XuTYBvfdpcLBn2reb/9lW+Suoy61xsEgkG2Tuv7D7y7S4g/IOEAxCBTW1Fwx1adMjhjYnoO+YXkQdsoEvsCHtgNTqABiPC8OATYG1qrwxY+auRTMO5Bci0bL373vThKApz+bMEY+zf5z2LypZbsslxJaFtVQW4j6Tul2su08fif7qvpMqFL77QYq9N2HctKYcOFXzCut2rCelFLRvuSRDoRb3XWD9PXBxa8LWwc4jVvKFk34c30Kv1NH0SHOZXeHvDzMmQVPpIN0rfiZtAu1LdIS74e2UTTqfOSKGr5eH7bNC8V1RvRMuYhxWmX9ZP+rtM6Yh/9cZI6vPjFYVCQh29Iqjlt6U0ZzOrkoV61tapMYYsr1B7ywB4tx0nm8y27SFo3EMxU0d8BKCtp4iwWAoox6G842qjZwJMTabbhwJybcbY2zYa7XS2lk5YctSgyAE87SCogb7m9pbOBjgmGmVrrtaxyLLtY/K/yIWV8BvW3bb+DdQafkY6X2ob9Ux90Xs6Y4SGWcN+Ic0ywrA3N21Tcx3QhE8aSeWRvF6gX+weMA/IvuqNxCCg99JTu/o730r/Xj4xheeOSvkJP3GjY4RkMoHC1m6HwNu0F9LFzVIKqqC4IPQXf4BQ7HXZu+h0l8Jq733OK3ztBJ7v3FhJlFswTDU2eu
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-tunnel
+      namespace: victoria-metrics
+    type: Opaque