116 lines
2.8 KiB
YAML
116 lines
2.8 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cloudflared
|
|
namespace: cloudflare
|
|
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: cloudflared
|
|
replicas: 2
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: cloudflared
|
|
spec:
|
|
containers:
|
|
- name: cloudflared
|
|
image: cloudflare/cloudflared:2024.4.1
|
|
args:
|
|
- tunnel
|
|
- --config
|
|
- /etc/cloudflared/config/config.yaml
|
|
- run
|
|
ports:
|
|
- containerPort: 2000
|
|
name: metrics
|
|
livenessProbe:
|
|
httpGet:
|
|
# Cloudflared has a /ready endpoint which returns 200 if and only if
|
|
# it has an active connection to the edge.
|
|
path: /ready
|
|
port: 2000
|
|
failureThreshold: 1
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/cloudflared/config
|
|
readOnly: true
|
|
- name: creds
|
|
mountPath: /etc/cloudflared/creds
|
|
readOnly: true
|
|
volumes:
|
|
- name: creds
|
|
secret:
|
|
secretName: tunnel-credentials
|
|
- name: config
|
|
configMap:
|
|
name: cloudflared
|
|
items:
|
|
- key: config.yaml
|
|
path: config.yaml
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: cloudflared-metrics
|
|
namespace: cloudflare
|
|
|
|
spec:
|
|
selector:
|
|
app: cloudflared
|
|
ports:
|
|
- name: metrics
|
|
port: 2000
|
|
targetPort: 2000
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: PodMonitor
|
|
metadata:
|
|
name: cloudflared
|
|
namespace: cloudflare
|
|
labels:
|
|
release: prometheus
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: cloudflared
|
|
podMetricsEndpoints:
|
|
- port: metrics
|
|
interval: 30s
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: cloudflared
|
|
namespace: cloudflare
|
|
data:
|
|
config.yaml: |
|
|
tunnel: new-homelab
|
|
credentials-file: /etc/cloudflared/creds/credentials.json
|
|
metrics: 0.0.0.0:2000
|
|
no-autoupdate: true
|
|
ingress:
|
|
- hostname: photos.gmem.ca
|
|
service: http://immich-server.immich.svc.cluster.local:3001
|
|
- hostname: pw.gmem.ca
|
|
service: http://vaultwarden.vaultwarden.svc.cluster.local:80
|
|
- hostname: authentik.gmem.ca
|
|
service: http://authentik-server.authentik.svc.cluster.local:80
|
|
- hostname: nitter.gmem.ca
|
|
service: http://nitter.nitter.svc.cluster.local:8081
|
|
- hostname: git.gmem.ca
|
|
service: http://192.168.50.229
|
|
- hostname: proxmox.gmem.ca
|
|
service: http://proxmox.endpoints.svc.cluster.local:8006
|
|
- hostname: tokyo.gmem.ca
|
|
service: http://tokyo.endpoints.svc.cluster.local:8000
|
|
- hostname: ibiza.gmem.ca
|
|
service: http://ibiza.endpoints.svc.cluster.local:8000
|
|
- hostname: chat.gmem.ca
|
|
service: tcp://192.168.50.45:443
|
|
- service: http_status:404
|