up

.vscode/settings.json

@@ -1,6 +1,6 @@
 {
     "yaml.schemas": {
         "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/ansible.json#/$defs/playbook": "file:///home/royalcat/projects/cloud-cluster/.ansible/cluster.yaml",
-        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/inventory.json": "file:///home/royalcat/projects/cloud-cluster/.ansible/inventory.yaml"
+        "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/inventory.json": "file:///home/royalcat/projects/cloud-cluster/.ansible/inventory.yaml",
     }
 }

ingress-system/cloudflare-api-token.yaml

@@ -4,4 +4,4 @@ metadata:
   name: cloudflare-api-token
   namespace: ingress-system
 stringData:
-  token: 9gCqm5J98tBKKZlcH5oUvQ5GmNKAxtSoRa5TfWea
+  apiToken: 9gCqm5J98tBKKZlcH5oUvQ5GmNKAxtSoRa5TfWea

ingress-system/external-dns-service-account.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: ingress-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+  namespace: ingress-system
+rules:
+  - apiGroups: [""]
+    resources: ["services", "endpoints", "pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["externaldns.k8s.io"]
+    resources: ["dnsendpoints"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["externaldns.k8s.io"]
+    resources: ["dnsendpoints/status"]
+    verbs: ["update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+  namespace: ingress-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+  - kind: ServiceAccount
+    name: external-dns
+    namespace: ingress-system

ingress-system/external-dns.yaml

@@ -14,9 +14,20 @@ spec:
       labels:
         app.kubernetes.io/name: external-dns
     spec:
+      serviceAccountName: external-dns
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: topology.kubernetes.io/region
+                    operator: NotIn
+                    values:
+                      - russia-west
+                      - russia-east
       containers:
         - name: external-dns
-          image: registry.k8s.io/external-dns/external-dns:v0.15.1
+          image: registry.k8s.io/external-dns/external-dns:v0.16.1
           args:
             - --source=crd
             - --provider=cloudflare

minecraft/mc-router.yaml

@@ -124,7 +124,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: mc-shutdown
-    namespace: default
+    namespace: minecraft
 roleRef:
   kind: ClusterRole
   name: mc-shutdown
@@ -142,7 +142,7 @@ metadata:
   name: mc-shutdown
   namespace: minecraft
 spec:
-  schedule: "*/30 * * * *"
+  schedule: "*/5 * * * *"
   concurrencyPolicy: Forbid
   jobTemplate:
     spec:

minecraft/prominence-2-rpg-service.yaml

@@ -6,7 +6,6 @@ metadata:
   labels:
     app.kubernetes.io/name: prominence-2-rpg
   annotations:
-    mc-router.itzg.me/defaultServer: "true"
     mc-router.itzg.me/externalServerName: "prominence-2-rpg.mc.konfa.ch"
 spec:
   selector:

minecraft/tfg-service.yaml

@@ -6,7 +6,6 @@ metadata:
   labels:
     app.kubernetes.io/name: tfg
   annotations:
-    mc-router.itzg.me/defaultServer: "true"
     mc-router.itzg.me/externalServerName: "tfg.mc.konfa.ch"
 spec:
   selector:
@@ -26,7 +25,7 @@ spec:
   selector:
     app.kubernetes.io/name: tfg
   ports:
-    - name: "25565"
+    - name: "minecraft"
       port: 25565
       targetPort: 25565
       nodePort: 32565

node-feature-discovery/00-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: node-feature-discovery