Fix v104

Author: justgithubaccount

.gitignore

@@ -15,4 +15,6 @@ chat-api-secrets.yaml
 litellm-secrets.yaml
 loki-secrets.yaml
 pg-secrets.yaml
-.env.litellm
+.env.litellm
+secret-cloudflare-external-dns.yaml
+secret-cloudflare-cert-manager.yaml

manifests/cert-manager-application.yaml manifests/app-cert-manager.yamlmanifests/cert-manager-application.yaml renamed to manifests/app-cert-manager.yaml

@@ -12,6 +12,9 @@ spec:
     helm:
       values: |
         installCRDs: true
+        extraArgs:
+          - --dns01-recursive-nameservers-only
+          - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53
   destination:
     server: https://kubernetes.default.svc
     namespace: cert-manager

manifests/app-external-dns.yaml

@@ -0,0 +1,35 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-dns
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://kubernetes-sigs.github.io/external-dns/
+    chart: external-dns
+    targetRevision: 1.17.0
+    helm:
+      values: |
+        provider: cloudflare
+        sources:
+          - ingress
+        domainFilters:
+          - syncjob.ru
+        policy: upsert-only
+        logLevel: debug
+        extraEnvVars:
+          - name: CF_API_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: cloudflare-api-token
+                key: api-token
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: external-dns
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true

manifests/grafana-application.yaml manifests/app-grafana.yamlmanifests/grafana-application.yaml renamed to manifests/app-grafana.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-syncjob
+  namespace: chat-api
+spec:
+  secretName: wildcard-syncjob-tls
+  dnsNames:
+    - "*.syncjob.ru"
+    - syncjob.ru
+  issuerRef:
+    name: letsencrypt-dns
+    kind: ClusterIssuer

manifests/cert-cluster.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - argo.syncjob.ru
+      secretName: argocd-tls
+  rules:
+    - host: argo.syncjob.ru
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: argocd-server
+                port:
+                  number: 443

manifests/ingress-argo.yaml

@@ -4,14 +4,14 @@ metadata:
   name: chat-api
   annotations:
   #   nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt-prod
+    cert-manager.io/cluster-issuer: letsencrypt-dns
     ingress.kubernetes.io/ssl-redirect: "true"
 spec:
   ingressClassName: nginx
   tls:
     - hosts:
         - chat.syncjob.ru
-      secretName: chat-api-tls
+      secretName: wildcard-syncjob-tls
   rules:
     - host: chat.syncjob.ru
       http:

manifests/chat-api-ingress.yaml manifests/ingress-chat-api.yamlmanifests/chat-api-ingress.yaml renamed to manifests/ingress-chat-api.yaml

@@ -1,14 +1,16 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-prod
+  name: letsencrypt-dns
 spec:
   acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
     email: [email protected]
+    server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
-      name: letsencrypt-prod
+      name: letsencrypt-dns-key
     solvers:
-      - http01:
-          ingress:
-            class: nginx
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token

manifests/grafana-ingress.yaml manifests/ingress-grafana.yamlmanifests/grafana-ingress.yaml renamed to manifests/ingress-grafana.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-api-token
+  namespace: cert-manager
+spec:
+  encryptedData:
+    api-token: AgCG/K3uD9ichzmS18vaFNNhWwnz/qU6NqZMSYbljXm1rDXIps2yOwPn3QKQ5DKYp8R0ksHn7lF9OonbWEpJ5M3ADDoDXqSI9Eg8cII+Xdn4Jx56D4K92dPWEYGkwClayCwAVFMBUgY4mzzQKiCDlA5a4eabQ8Nk6bjrrquYXAiWfPSb2S8e+agOstk6a5XDtS7A0FsXv2MBN/qRQk4fZxnKD5+9e0RmQ79YHX7NjRlqSPopCrEt//dP4h5VFMKo/xxicu8YB0xScDVg0DaJy3s+NKnaCMZ+QcNp17z4Dnn3F949/KZfZCJ/Kk33H+1wRcOsriBFbWcuUZXAZoTXEld0kF5ohVfH9uf8EISJEHbcmRupoU4DFRpx+B/D0XTjfcxzSx6mr4rJVcdZoKpwigA63FXgyF2uu0rWoTSW6WAt7SbVheOoklHd4froHgxRW6IGexVE68u+Dd/408CPgAXhdydORd8WLPFssEZeGczH1laogauAeyQp1CvTHW0PHXEsT3a+WZt/TLN95g/fN1gnjEFI8w9X7OSkNY6wZ5WT+Ggy/g9i4betpV/6IZSZNf9xD1uVXj7bhi1m1oy/ODaAI5T+2bV8CvVMbyG30lcTFCx0Ze4SwGG5qRt+MCmdHv4mIUYsCvS+1zvbqo/dZq081f1YwGqCsVGb1PxgYRSHLBGjXwZXVzw35r7i7e5J/8ek+m2iMLdW4cHeSyNg9mq2QyIplkRC4nxde+4I5i95ZRk+GvBt7OCR
+  template:
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-api-token
+      namespace: cert-manager