redaction (#1)

Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00
parent 612235d52b
commit 7327d77dcd
333 changed files with 39286 additions and 1 deletions
--- a/manifests/infrastructure/cloudflared/kustomization.yaml
+++ b/manifests/infrastructure/cloudflared/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- tunnel.yaml
--- a/manifests/infrastructure/cloudflared/namespace.yaml
+++ b/manifests/infrastructure/cloudflared/namespace.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cloudflared-system
+  labels:
+    name: cloudflared-system
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce-version: latest
--- a/manifests/infrastructure/cloudflared/secret.yaml
+++ b/manifests/infrastructure/cloudflared/secret.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: cloudflared-credentials
+    namespace: cloudflared-system
+type: Opaque
+stringData:
+    tunnel-token: ENC[AES256_GCM,data:V5HpTcyJjVyQoS+BXdGYdUgBgQ+SLnEVBipNCQfX5AwyxsMdABhqikb0ShWw+QSOuGz23zCNSScoqyMnAFphRtzefK6psIQYYUSPeGJp81uldJ3Z+BtD13UjQefcvbKbkrZNYNbunlwsr8V52C3GUtIQaE+izhxnksVbGY1r0+G3y4DKw7vtvqgIYADklviMNe8XAl+MbWSmvI6t7TULgQc6F2bLWpvY1c8I/+hRmT+1cVsCHwZR4g==,iv:bcsFluzuyqHffmAwkVETH0RjzVjZY76+k7QNOrekyJg=,tag:PuE4/MkMiCEGpWjsYqGxqQ==,type:str]
+sops:
+    lastmodified: "2025-11-24T15:25:52Z"
+    mac: ENC[AES256_GCM,data:oO97YDy+gs7WVndKrvc87yUX4l4Q5XzwooUQ2x2uHrLthbmd8mgAOvcZdpD3f/ne8VKRh6AkP1/AmgtEo9mPBQti+J/n+d+4nBnJQLBbQmsR1UBFgGHyQJgBh388RMbb75f8WTKxvQJeB9PVwVn+qFA6MXoZkFi80taA8bzTK1U=,iv:ZgcUMyd8gCNNc8UGBslx6MfZ+E0yYwd365En89MAHiQ=,tag:Jd08bmsFyQ5fINTXXt6dEw==,type:str]
+    pgp:
+        - created_at: "2025-11-24T15:25:52Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DZT3mpHTS/JgSAQdA6Q7ykZebfxuwWPlpg2PqyJfy9N/SN2Lit3bW4GwrCnww
+            oC2D08YgIbh49qkztTe7SAXrOgT2i9wseDjz9Pz2Qe6UtjvHLL7aXpHaBf2Mqmnj
+            1GYBCQIQaXHTJ3mbQEIppdw03rS8RPbbfbS6cvd7NMN6AQPxOVNRCUbMa0+Co0Df
+            UL+kwPCEO9Q4Vp7QJvIk7lNdCCT0s9rmN9UgYDlNFuT+SJfmyHFoOdAvKz/ruPyc
+            wzCqX1Q55vg=
+            =a3kv
+            -----END PGP MESSAGE-----
+          fp: B120595CA9A643B051731B32E67FF350227BA4E8
+        - created_at: "2025-11-24T15:25:52Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DSXzd60P2RKISAQdAp3ac25mat2oNFay7tSu81DG3klr3FaYBbryAX37Neykw
+            9Z5qBfgkyrqsOB71a6R6L3HcZ1JOxxZQddn4UyVp2tAwgPOnoFtIyz8jXht/vClF
+            1GYBCQIQGxM7v4toIcZw/dLKJOMfal3pvjbWq3p73Z7oTnkRjLuTDiXHWxYiz+eg
+            MSC7pnS0NTMvAeAPs6yNs5darIciaXsi7sIJxPxWiuME/1DnkTbdJFuWlbcU++tC
+            BjLgmmJ0zgo=
+            =+jRj
+            -----END PGP MESSAGE-----
+          fp: 4A8AADB4EBAB9AF88EF7062373CECE06CC80D40C
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2
--- a/manifests/infrastructure/cloudflared/tunnel.yaml
+++ b/manifests/infrastructure/cloudflared/tunnel.yaml
@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cloudflared-deployment
+  namespace: cloudflared-system
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      pod: cloudflared
+  template:
+    metadata:
+      labels:
+        pod: cloudflared
+    spec:
+      securityContext:
+        sysctls:
+        # Allows ICMP traffic (ping, traceroute) to resources behind cloudflared.
+          - name: net.ipv4.ping_group_range
+            value: "65532 65532"
+      containers:
+        - image: cloudflare/cloudflared:latest
+          name: cloudflared
+          resources:
+            requests:
+              cpu: 50m
+              memory: 64Mi
+            limits:
+              cpu: 200m
+              memory: 256Mi
+          env:
+            # Defines an environment variable for the tunnel token.
+            - name: TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cloudflared-credentials
+                  key: tunnel-token
+          command:
+            # Configures tunnel run parameters
+            - cloudflared
+            - tunnel
+            - --no-autoupdate
+            - --loglevel
+            - debug
+            - --metrics
+            - 0.0.0.0:2000
+            - run
+          livenessProbe:
+            httpGet:
+              # Cloudflared has a /ready endpoint which returns 200 if and only if
+              # it has an active connection to Cloudflare's network.
+              path: /ready
+              port: 2000
+            failureThreshold: 1
+            initialDelaySeconds: 10
+            periodSeconds: 10