From d9ad63228e5f00686adb73663ae3c7112f49f229 Mon Sep 17 00:00:00 2001 From: Kory Date: Wed, 1 Jun 2022 21:52:37 +0100 Subject: [PATCH 1/2] =?UTF-8?q?feat:=20cloudflared-tunnel=20chart=20?= =?UTF-8?q?=E3=82=92=E5=85=AC=E9=96=8B=E3=81=99=E3=82=8B=E3=82=88=E3=81=86?= =?UTF-8?q?=E3=81=AB=E3=81=99=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- helm-charts/cloudflared-tunnel/Chart.yaml | 5 ++ .../templates/configmap.yaml | 11 ++++ .../templates/deployment.yaml | 60 +++++++++++++++++++ helm-charts/cloudflared-tunnel/values.yaml | 24 ++++++++ 4 files changed, 100 insertions(+) create mode 100644 helm-charts/cloudflared-tunnel/Chart.yaml create mode 100644 helm-charts/cloudflared-tunnel/templates/configmap.yaml create mode 100644 helm-charts/cloudflared-tunnel/templates/deployment.yaml create mode 100644 helm-charts/cloudflared-tunnel/values.yaml diff --git a/helm-charts/cloudflared-tunnel/Chart.yaml b/helm-charts/cloudflared-tunnel/Chart.yaml new file mode 100644 index 000000000..dc4ab759c --- /dev/null +++ b/helm-charts/cloudflared-tunnel/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: "cloudflared-tunnel" +version: "1.0.0" +maintainers: + - name: GiganticMinecraft diff --git a/helm-charts/cloudflared-tunnel/templates/configmap.yaml b/helm-charts/cloudflared-tunnel/templates/configmap.yaml new file mode 100644 index 000000000..d3c62de74 --- /dev/null +++ b/helm-charts/cloudflared-tunnel/templates/configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-configmap + labels: + app: cloudflared-tunnel-{{ .Values.installationName }} + appgroup: cloudflared-tunnel + release-namespace: "{{ .Release.Namespace }}" +data: + tunnel-config.yml: | + {{- required "tunnelConfigContent is required" .Values.tunnelConfigContent | nindent 4 }} diff --git a/helm-charts/cloudflared-tunnel/templates/deployment.yaml b/helm-charts/cloudflared-tunnel/templates/deployment.yaml new file mode 100644 index 000000000..fbc00bd93 --- /dev/null +++ b/helm-charts/cloudflared-tunnel/templates/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudflared-tunnel-{{ required "installationName is required" .Values.installationName }} + annotations: + reloader.stakater.com/auto: "true" + labels: + app: cloudflared-tunnel-{{ .Values.installationName }} + appgroup: cloudflared-tunnel +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: cloudflared-tunnel-{{ .Values.installationName }} + appgroup: cloudflared-tunnel + template: + metadata: + labels: + app: cloudflared-tunnel-{{ .Values.installationName }} + appgroup: cloudflared-tunnel + spec: + containers: + - name: cloudflared-tunnel-{{ .Values.installationName }} + image: "ghcr.io/giganticminecraft/cloudflared-with-auto-dns-route:sha-6455b98" + env: + - name: TUNNEL_NAME + value: '{{ required "tunnelNamePrefix is required" .Values.tunnelNamePrefix }}-{{ .Values.installationName }}' + # cloudflared tunnel が実行された時、 cloudflared は Tunnel credential を + # $TUNNEL_CRED_FILE に書き込む。 + # また、tunnel origin certificate は Secret リソースによって提供されるため、 + # どこかにread-onlyでマウントする必要がある。 + # そのため、 TUNNEL_ORIGIN_FILE を TUNNEL_ORIGIN_CERT のマウントパス外に + # 設定する必要がある + - name: TUNNEL_ORIGIN_CERT + value: "/root/.cloudflared-origin-cert/cert.pem" + - name: TUNNEL_CRED_FILE + value: "/root/.cloudflared/tunnel-cred.json" + volumeMounts: + - mountPath: "/root/.cloudflared-origin-cert" + name: cloudflared-tunnel-{{ .Values.installationName }}-authorization-certificate + - mountPath: "/etc/cloudflared" + name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-config + resources: + requests: + memory: 32Mi + limits: + memory: 64Mi + volumes: + - name: cloudflared-tunnel-{{ .Values.installationName }}-authorization-certificate + secret: + # このシークレットはクラスタセットアップ作業手順により注入されているべき。 + secretName: '{{ required "tunnelCredentialSecretName is required" .Values.tunnelCredentialSecretName }}' + items: + - key: TUNNEL_CREDENTIAL + path: cert.pem + - name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-config + configMap: + name: cloudflared-tunnel-{{ .Values.installationName }}-endpoint-configmap diff --git a/helm-charts/cloudflared-tunnel/values.yaml b/helm-charts/cloudflared-tunnel/values.yaml new file mode 100644 index 000000000..2c4fafef5 --- /dev/null +++ b/helm-charts/cloudflared-tunnel/values.yaml @@ -0,0 +1,24 @@ +# この Chart の Release を一意に識別する文字列。 +installationName: null + +# 生成されるトンネル名の prefix。 +# トンネル名は "{{ .Values.TunnelNamePrefix }}-{{ .Values.InstallationName }}" のような形式となる。 +tunnelNamePrefix: null + +# cloudflared login して得られる cert.pem の中身を +# +# data: +# TUNNEL_CREDENTIAL: ${data} +# +# のような形式で格納している、 Release と同 Namespace に置かれた Secret の名前。 +tunnelCredentialSecretName: null + +# tunnel-config.yaml の中身。 +# +# ingressセクションにてトンネルへルーティングされるURLとバックエンドのサービスへのマッピングを定義することができる。 +# ingressセクションの書式は +# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/ +# 等を参考にせよ。 +tunnelConfigContent: | + ingress: + - service: http_status:404 From 388f891d9529d4f58168bebbedc3e16a7b6de20d Mon Sep 17 00:00:00 2001 From: Kory Date: Wed, 1 Jun 2022 22:03:05 +0100 Subject: [PATCH 2/2] =?UTF-8?q?docs:=20default=20value=E3=81=AE=E4=B8=AD?= =?UTF-8?q?=E3=81=AB=20example=20=E3=82=92=E4=BB=95=E8=BE=BC=E3=82=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- helm-charts/cloudflared-tunnel/values.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/helm-charts/cloudflared-tunnel/values.yaml b/helm-charts/cloudflared-tunnel/values.yaml index 2c4fafef5..5bff60bb8 100644 --- a/helm-charts/cloudflared-tunnel/values.yaml +++ b/helm-charts/cloudflared-tunnel/values.yaml @@ -21,4 +21,14 @@ tunnelCredentialSecretName: null # 等を参考にせよ。 tunnelConfigContent: | ingress: + # ここに例えば次のようなエントリを追加することで、 + # k8s-api.onp-k8s.admin.seichi.click + # から(Podから見た) + # tcp://kubernetes.default:443 + # へのトンネルが疎通することになる: + # + # - hostname: k8s-api.onp-k8s.admin.seichi.click + # service: tcp://kubernetes.default:443 + + # Catch-all service - service: http_status:404