143 lines
3.5 KiB
YAML
143 lines
3.5 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: default
|
|
name: cloudflared-tonydu
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: cloudflared-tonydu
|
|
replicas: 3
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: cloudflared-tonydu
|
|
|
|
spec:
|
|
containers:
|
|
- name: cloudflared
|
|
image: cloudflare/cloudflared:2025.2.0
|
|
resources:
|
|
requests:
|
|
memory: "32Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
args:
|
|
- tunnel
|
|
- --config
|
|
- /etc/cloudflared/config/config.yaml
|
|
- run
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: 2000
|
|
failureThreshold: 1
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/cloudflared/config
|
|
readOnly: true
|
|
- name: creds
|
|
mountPath: /etc/cloudflared/creds
|
|
readOnly: true
|
|
volumes:
|
|
- name: creds
|
|
secret:
|
|
secretName: cf-tunnel-creds-tonydu
|
|
- name: config
|
|
configMap:
|
|
name: cloudflared-tonydu
|
|
namespace: default
|
|
items:
|
|
- key: config.yaml
|
|
path: config.yaml
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: cloudflared-tonydu
|
|
namespace: default
|
|
data:
|
|
config.yaml: |
|
|
# Name of the tunnel you want to run
|
|
tunnel: f84d35f1-604c-4982-87fa-deb2253703ea
|
|
credentials-file: /etc/cloudflared/creds/credentials.json
|
|
# Serves the metrics server under /metrics and the readiness server under /ready
|
|
metrics: 0.0.0.0:2000
|
|
no-autoupdate: true
|
|
ingress:
|
|
# The old tonydu.me domains will be routed like this because I no longer
|
|
# want to support internal DNS records for tonydu.me
|
|
- hostname: blog.tonydu.me
|
|
service: https://traefik.traefik.svc.cluster.local
|
|
originRequest:
|
|
noTLSVerify: true
|
|
http2Origin: true
|
|
httpHostHeader: blog.tonydu.me
|
|
- hostname: wizarr.tonydu.me
|
|
service: https://traefik.traefik.svc.cluster.local
|
|
originRequest:
|
|
noTLSVerify: true
|
|
http2Origin: true
|
|
httpHostHeader: wizarr.tonydu.me
|
|
- hostname: up.tonydu.me
|
|
service: https://traefik.traefik.svc.cluster.local
|
|
originRequest:
|
|
noTLSVerify: true
|
|
http2Origin: true
|
|
httpHostHeader: up.tonydu.me
|
|
- hostname: media.tonydu.me
|
|
service: https://traefik.traefik.svc.cluster.local
|
|
originRequest:
|
|
noTLSVerify: true
|
|
http2Origin: true
|
|
httpHostHeader: media.tonydu.me
|
|
- hostname: seerr.tonydu.me
|
|
service: https://traefik.traefik.svc.cluster.local
|
|
originRequest:
|
|
noTLSVerify: true
|
|
http2Origin: true
|
|
httpHostHeader: seerr.tonydu.me
|
|
# This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404.
|
|
- service: http_status:404
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: cloudflared-tonydu-metrics
|
|
namespace: default
|
|
labels:
|
|
app: cloudflared-tonydu
|
|
spec:
|
|
ports:
|
|
- name: metrics
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: 2000
|
|
selector:
|
|
app: cloudflared-tonydu
|
|
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: ServiceMonitor
|
|
metadata:
|
|
name: cloudflared-tonydu-metrics
|
|
namespace: default
|
|
labels:
|
|
release: kube-prometheus-stack
|
|
spec:
|
|
jobLabel: cloudflared-tonydu-metrics
|
|
selector:
|
|
matchLabels:
|
|
app: cloudflared-tonydu
|
|
endpoints:
|
|
- interval: 30s
|
|
port: metrics
|
|
path: /metrics
|
|
|