fix: deploy unifi exdns webhook to storage cluster

Signed-off-by: Devin Buhl <[email protected]>

kubernetes/main/apps/network/external-dns/unifi/helmrelease.yaml

@@ -55,7 +55,7 @@ spec:
  txtOwnerId: default
  txtPrefix: k8s.
  domainFilters: ["devbu.io"]
- excludeDomains: ["internal"]
+ excludeDomains: ["internal", "turbo.ac"]
  serviceMonitor:
  enabled: true
  podAnnotations:

kubernetes/storage/apps/network/external-dns/ks.yaml

@@ -21,3 +21,26 @@ spec:
  interval: 30m
  retryInterval: 1m
  timeout: 5m
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: &app external-dns-unifi
+ namespace: flux-system
+spec:
+ targetNamespace: network
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: *app
+ dependsOn:
+ - name: external-secrets-stores
+ path: ./kubernetes/storage/apps/network/external-dns/unifi
+ prune: false
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ wait: false
+ interval: 30m
+ retryInterval: 1m
+ timeout: 5m

kubernetes/storage/apps/network/external-dns/unifi/externalsecret.yaml

@@ -0,0 +1,20 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ name: external-dns-unifi
+spec:
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ name: external-dns-unifi-secret
+ template:
+ engineVersion: v2
+ data:
+ EXTERNAL_DNS_UNIFI_USER: "{{ .EXTERNAL_DNS_UNIFI_USER }}"
+ EXTERNAL_DNS_UNIFI_PASS: "{{ .EXTERNAL_DNS_UNIFI_PASS }}"
+ dataFrom:
+ - extract:
+ key: external-dns-unifi

kubernetes/storage/apps/network/external-dns/unifi/helmrelease.yaml

@@ -0,0 +1,62 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: &app external-dns-unifi
+spec:
+ interval: 30m
+ chart:
+ spec:
+ chart: external-dns
+ version: 1.14.4
+ sourceRef:
+ kind: HelmRepository
+ name: external-dns
+ namespace: flux-system
+ install:
+ remediation:
+ retries: 3
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ strategy: rollback
+ retries: 3
+ values:
+ fullnameOverride: *app
+ logLevel: debug
+ provider:
+ name: webhook
+ webhook:
+ image:
+ repository: ghcr.io/kashalls/external-dns-unifi-webhook
+ tag: v0.0.5@sha256:221b808ff11ad8d23c4792a067c7184c135f30fc3823e3418321a3203af6b352
+ env:
+ - name: UNIFI_HOST
+ value: https://192.168.1.1
+ - name: SERVER_HOST
+ value: 0.0.0.0
+ - name: UNIFI_USER
+ valueFrom:
+ secretKeyRef:
+ name: &secret external-dns-unifi-secret
+ key: EXTERNAL_DNS_UNIFI_USER
+ - name: UNIFI_PASS
+ valueFrom:
+ secretKeyRef:
+ name: *secret
+ key: EXTERNAL_DNS_UNIFI_PASS
+ - name: LOG_LEVEL
+ value: "debug"
+ - name: UNIFI_SKIP_TLS_VERIFY
+ value: "true"
+ policy: sync
+ sources: ["ingress", "service"]
+ txtOwnerId: default
+ txtPrefix: k8s.
+ domainFilters: ["turbo.ac"]
+ excludeDomains: ["internal", "devbu.io"]
+ serviceMonitor:
+ enabled: true
+ podAnnotations:
+ secret.reloader.stakater.com/reload: *secret

kubernetes/storage/apps/network/external-dns/unifi/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - ./externalsecret.yaml
+ - ./helmrelease.yaml