Merge pull request #57 from ChristianLempa:4-migrate-dns

test dns project
ChristianLempa · Sep 1, 2023 · 96c26f2 · 96c26f2
2 parents cc542c4 + 3db87a8
commit 96c26f2
Show file tree

Hide file tree

Showing 63 changed files with 1,718 additions and 4 deletions.
diff --git a/.github/workflows/dns-update-config.yml b/.github/workflows/dns-update-config.yml
@@ -0,0 +1,39 @@
+name: Update Config Files
+
+on:
+  push:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'dns/dns-prod-1/config/**'
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: "self-hosted"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: SCP files via ssh key
+        uses: appleboy/scp-action@master
+        with:
+          username: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          source: './config/*'
+          target: '/home/xcad/dns-prod-1/'
+          overwrite: true
+
+      - name: Restart Docker Container
+        uses: fifsky/ssh-action@master
+        with:
+          user: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          command: |
+            cd dns-prod-1
+            docker compose restart
diff --git a/.github/workflows/dns-update-dns.yml b/.github/workflows/dns-update-dns.yml
@@ -0,0 +1,81 @@
+name: "Update DNS Records"
+
+on:
+  push:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'dns/dns-prod-1/terraform/*.tf'
+  workflow_dispatch:
+
+defaults:
+  run:
+    working-directory: ./terraform  
+
+env:
+  TF_VAR_TSIG_KEY_HOME: ${{ secrets.TSIG_KEY_HOME }}
+
+jobs:
+  terraform:
+    runs-on: "self-hosted"
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          # terraform_version: 0.13.0:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -input=false
+        continue-on-error: true
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            <details><summary>Show Plan</summary>
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+            </details>
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false
diff --git a/.github/workflows/dns-update-docker.yml b/.github/workflows/dns-update-docker.yml
@@ -0,0 +1,38 @@
+name: Update Docker Compose File
+
+on:
+  push:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'dns/dns-prod-1/docker-compose.yaml'
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: "self-hosted"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Upload new Docker Compose File
+        uses: appleboy/scp-action@master
+        with:
+          username: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          source: './docker-compose.yaml'
+          target: '/home/xcad/dns-prod-1/'
+
+      - name: Restart Docker Container
+        uses: fifsky/ssh-action@master
+        with:
+          user: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          command: |
+            cd dns-prod-1
+            docker compose up -d --force-recreate
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
+.vscode/**
+
 **/.envrc
 **/.env
 

diff --git a/argocd/argocd-prod-1/kubernetes/ingress.yml b/argocd/argocd-prod-1/kubernetes/ingress.yml
@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: argocd-prod-1-ingress
   namespace: argocd
-  annotations:
+  annotations: {}
     # traefik.ingress.kubernetes.io/router.entrypoints: websecure
     # traefik.ingress.kubernetes.io/router.tls: "true"
     # traefik.ingress.kubernetes.io/router.tls.options: default

diff --git a/argocd/argocd-prod-2/kubernetes/ingress.yml b/argocd/argocd-prod-2/kubernetes/ingress.yml
@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: argocd-demo-1-ingress
   namespace: argocd
-  annotations:
+  annotations: {}
     # traefik.ingress.kubernetes.io/router.entrypoints: websecure
     # traefik.ingress.kubernetes.io/router.tls: "true"
     # traefik.ingress.kubernetes.io/router.tls.options: default

diff --git a/cadvisor/cadvisor-prod-1/docker-compose.yaml b/cadvisor/cadvisor-prod-1/docker-compose.yaml
@@ -0,0 +1,29 @@
+---
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true
+services:
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.47.2     
+    container_name: cadvisor-prod-1
+    devices:
+      - /dev/kmsg
+    privileged: true
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.cadvisor-prod-1.entrypoints=websecure
+      - traefik.http.routers.cadvisor-prod-1.rule=Host(`cadvisor-prod-1.srv-prod-1.home.clcreative.de`)
+      - traefik.http.routers.cadvisor-prod-1.tls=true
+      - traefik.http.routers.cadvisor-prod-1.tls.certresolver=cloudflare
+    networks:
+      - frontend
+      - backend
+    restart: unless-stopped
diff --git a/cadvisor/cadvisor-prod-2/docker-compose.yaml b/cadvisor/cadvisor-prod-2/docker-compose.yaml
@@ -0,0 +1,29 @@
+---
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true
+services:
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:v0.47.2     
+    container_name: cadvisor-prod-1
+    devices:
+      - /dev/kmsg
+    privileged: true
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker/:/var/lib/docker:ro
+      - /dev/disk/:/dev/disk:ro
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.cadvisor-prod-1.entrypoints=websecure
+      - traefik.http.routers.cadvisor-prod-1.rule=Host(`cadvisor-prod-1.srv-prod-1.home.clcreative.de`)
+      - traefik.http.routers.cadvisor-prod-1.tls=true
+      - traefik.http.routers.cadvisor-prod-1.tls.certresolver=cloudflare
+    networks:
+      - frontend
+      - backend
+    restart: unless-stopped
diff --git a/certmanager/certmanager-demo-1/helm/helm-values.yaml b/certmanager/certmanager-demo-1/helm/helm-values.yaml
@@ -0,0 +1,4 @@
+installCRDs: true
+extraArgs:
+  - --dns01-recursive-nameservers-only
+  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
diff --git a/certmanager/certmanager-demo-1/kubernetes/clusterissuer.yaml b/certmanager/certmanager-demo-1/kubernetes/clusterissuer.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: certmanager-demo-1-clusterissuer
+spec:
+  acme:
+    email: info@clcreative.de
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: certmanager-demo-1-clusterissuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            email: info@clcreative.de
+            apiTokenSecretRef:
+              name: certmanager-demo-1-token
+              key: api-token
diff --git a/certmanager/certmanager-demo-2/helm/helm-values.yaml b/certmanager/certmanager-demo-2/helm/helm-values.yaml
@@ -0,0 +1,47 @@
+installCRDs: true
+extraArgs:
+  - --dns01-recursive-nameservers-only
+  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
+resources:
+  requests:
+    cpu: 10m
+    memory: 32Mi
+  limits:
+    cpu: 100m
+    memory: 128Mi
+webhook:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi
+    limits:
+      cpu: 100m
+      memory: 128Mi
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    successThreshold: 1
+    timeoutSeconds: 1
+cainjector:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi
+    limits:
+      cpu: 100m
+      memory: 128Mi
+startupapicheck:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi
+    limits:
+      cpu: 100m
+      memory: 128Mi
diff --git a/certmanager/certmanager-demo-2/kubernetes/clusterissuer.yaml b/certmanager/certmanager-demo-2/kubernetes/clusterissuer.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: certmanager-demo-2-clusterissuer
+spec:
+  acme:
+    email: info@clcreative.de
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: certmanager-demo-2-clusterissuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            email: info@clcreative.de
+            apiTokenSecretRef:
+              name: certmanager-demo-2-token
+              key: api-token
diff --git a/certmanager/certmanager-prod-1/helm/helm-values.yaml b/certmanager/certmanager-prod-1/helm/helm-values.yaml
@@ -0,0 +1,4 @@
+installCRDs: true
+extraArgs:
+  - --dns01-recursive-nameservers-only
+  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
diff --git a/certmanager/certmanager-prod-1/kubernetes/clusterissuer.yaml b/certmanager/certmanager-prod-1/kubernetes/clusterissuer.yaml
@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: certmanager-prod-1-clusterissuer
+spec:
+  acme:
+    email: info@clcreative.de
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: certmanager-prod-1-clusterissuer-account-key
+    solvers:
+      - dns01:
+          cloudflare:
+            email: info@clcreative.de
+            apiTokenSecretRef:
+              name: certmanager-prod-1-token
+              key: api-token
diff --git a/dns/dns-prod-1/config/home-clcreative-de.zone b/dns/dns-prod-1/config/home-clcreative-de.zone
@@ -0,0 +1,10 @@
+$ORIGIN .
+$TTL 86400	; 1 day
+home.clcreative.de	IN SOA	ns.home.clcreative.de. home.clcreative.de. (
+				2001062618 ; serial
+				3600       ; refresh (1 hour)
+				3600       ; retry (1 hour)
+				2419200    ; expire (4 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns.home.clcreative.de.