Introduce new external facing domain, and kubernetes-sigs/external-dns #43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
* Did not reload any daemons. * Manually applying ipa-bind zonemod for the key. Not sure if this will work without bouncing the daemon. Signed-off-by: anthr76 <hello@anthonyrabbito.com>
|
ansible role has been added though unsure if I should be reloading the daemon for bind to see the key. The role is very messy and plan on iterating in the future when ansible and non-k8s infra get's a refresh. Docs: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/rfc2136.md |
Ensure configuration is read Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Currently failing on flux Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
* Try omitting target (see if it takes endpoint on ingress) * Create external Load Balancer DNS entry ** No records on CNAMEs** Signed-off-by: anthr76 <hello@anthonyrabbito.com>
|
More safety should be added to ansible before finishing this PR. Internal is successfully setup and needs DNSEndpoints/Annotations on services |
|
Flux alerts have been suspended while testing |
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
* Use only one service * Add DNS entrypoint Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Added new cert in with quick renewals. Testing to come Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Added grafana to Kutara Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Cloudflare strict will be used and instead of using SNI entry we'll use a new A record. Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Currently wihtout built in LE Traefik has terrible suport for making the instance aware of certs. A config-map has been implemented to add a default TLSstore and a Kubernetes CRD was not working correctly. After spending tons of hour debugging this it might be worth to go to lstio. Along with this Traefik needs root privelages to properly upgrade HTTP requests at the entry point. Signed-off-by: anthr76 <hello@anthonyrabbito.com>
|
Considering deploy lstio in place for traefik given these constraints:
|
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
* Move auth providers to external domain * Semi-split horizon DNS * Specify ingressclass, this is not nessecary on some charts as they're using the new ingress API but on some charts it's required. * Specify target's on DNSEndpoints * Rotate secrets * Auto-DNS setting on ingresses regardless of zone. DNSEndpoint CRD on IngressRoute CRDs * Use secret name instead of specifiying hostname in TLS spec on ingress. This prevents traefik logs of getting flooded Signed-off-by: anthr76 <hello@anthonyrabbito.com>
Signed-off-by: anthr76 <hello@anthonyrabbito.com>
|
This can be merged. Takeaways lstio soon. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves: #42