-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #391 from GiganticMinecraft/add-cloudflared-tunnel…
…-helm-charts feat: cloudflared-tunnel chart を公開するようにする
- Loading branch information
Showing
4 changed files
with
110 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| apiVersion: v2 | ||
| name: "cloudflared-tunnel" | ||
| version: "1.0.0" | ||
| maintainers: | ||
| - name: GiganticMinecraft |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-configmap | ||
| labels: | ||
| app: cloudflared-tunnel-{{ .Values.installationName }} | ||
| appgroup: cloudflared-tunnel | ||
| release-namespace: "{{ .Release.Namespace }}" | ||
| data: | ||
| tunnel-config.yml: | | ||
| {{- required "tunnelConfigContent is required" .Values.tunnelConfigContent | nindent 4 }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: cloudflared-tunnel-{{ required "installationName is required" .Values.installationName }} | ||
| annotations: | ||
| reloader.stakater.com/auto: "true" | ||
| labels: | ||
| app: cloudflared-tunnel-{{ .Values.installationName }} | ||
| appgroup: cloudflared-tunnel | ||
| spec: | ||
| strategy: | ||
| type: Recreate | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: cloudflared-tunnel-{{ .Values.installationName }} | ||
| appgroup: cloudflared-tunnel | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: cloudflared-tunnel-{{ .Values.installationName }} | ||
| appgroup: cloudflared-tunnel | ||
| spec: | ||
| containers: | ||
| - name: cloudflared-tunnel-{{ .Values.installationName }} | ||
| image: "ghcr.io/giganticminecraft/cloudflared-with-auto-dns-route:sha-6455b98" | ||
| env: | ||
| - name: TUNNEL_NAME | ||
| value: '{{ required "tunnelNamePrefix is required" .Values.tunnelNamePrefix }}-{{ .Values.installationName }}' | ||
| # cloudflared tunnel が実行された時、 cloudflared は Tunnel credential を | ||
| # $TUNNEL_CRED_FILE に書き込む。 | ||
| # また、tunnel origin certificate は Secret リソースによって提供されるため、 | ||
| # どこかにread-onlyでマウントする必要がある。 | ||
| # そのため、 TUNNEL_ORIGIN_FILE を TUNNEL_ORIGIN_CERT のマウントパス外に | ||
| # 設定する必要がある | ||
| - name: TUNNEL_ORIGIN_CERT | ||
| value: "/root/.cloudflared-origin-cert/cert.pem" | ||
| - name: TUNNEL_CRED_FILE | ||
| value: "/root/.cloudflared/tunnel-cred.json" | ||
| volumeMounts: | ||
| - mountPath: "/root/.cloudflared-origin-cert" | ||
| name: cloudflared-tunnel-{{ .Values.installationName }}-authorization-certificate | ||
| - mountPath: "/etc/cloudflared" | ||
| name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-config | ||
| resources: | ||
| requests: | ||
| memory: 32Mi | ||
| limits: | ||
| memory: 64Mi | ||
| volumes: | ||
| - name: cloudflared-tunnel-{{ .Values.installationName }}-authorization-certificate | ||
| secret: | ||
| # このシークレットはクラスタセットアップ作業手順により注入されているべき。 | ||
| secretName: '{{ required "tunnelCredentialSecretName is required" .Values.tunnelCredentialSecretName }}' | ||
| items: | ||
| - key: TUNNEL_CREDENTIAL | ||
| path: cert.pem | ||
| - name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-config | ||
| configMap: | ||
| name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-configmap |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| # この Chart の Release を一意に識別する文字列。 | ||
| installationName: null | ||
|
|
||
| # 生成されるトンネル名の prefix。 | ||
| # トンネル名は "{{ .Values.TunnelNamePrefix }}-{{ .Values.InstallationName }}" のような形式となる。 | ||
| tunnelNamePrefix: null | ||
|
|
||
| # cloudflared login して得られる cert.pem の中身を | ||
| # | ||
| # data: | ||
| # TUNNEL_CREDENTIAL: ${data} | ||
| # | ||
| # のような形式で格納している、 Release と同 Namespace に置かれた Secret の名前。 | ||
| tunnelCredentialSecretName: null | ||
|
|
||
| # tunnel-config.yaml の中身。 | ||
| # | ||
| # ingressセクションにてトンネルへルーティングされるURLとバックエンドのサービスへのマッピングを定義することができる。 | ||
| # ingressセクションの書式は | ||
| # https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/ | ||
| # 等を参考にせよ。 | ||
| tunnelConfigContent: | | ||
| ingress: | ||
| # ここに例えば次のようなエントリを追加することで、 | ||
| # k8s-api.onp-k8s.admin.seichi.click | ||
| # から(Podから見た) | ||
| # tcp://kubernetes.default:443 | ||
| # へのトンネルが疎通することになる: | ||
| # | ||
| # - hostname: k8s-api.onp-k8s.admin.seichi.click | ||
| # service: tcp://kubernetes.default:443 | ||
| # Catch-all service | ||
| - service: http_status:404 |