From 5b0d1c32b4adf1eacbdc74182d476f5fabbd8d6b Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Thu, 29 May 2025 18:14:29 -0500
Subject: [PATCH] add cloudfalre to objects

---
 clusters/cl01tl/storage/rook-ceph/Chart.yaml  |  4 ++++
 .../rook-ceph/templates/external-secret.yaml  | 21 +++++++++++++++++++
 clusters/cl01tl/storage/rook-ceph/values.yaml |  4 ++++
 3 files changed, 29 insertions(+)
 create mode 100644 clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml

diff --git a/clusters/cl01tl/storage/rook-ceph/Chart.yaml b/clusters/cl01tl/storage/rook-ceph/Chart.yaml
index 67b7d5f7c..20438f6f4 100644
--- a/clusters/cl01tl/storage/rook-ceph/Chart.yaml
+++ b/clusters/cl01tl/storage/rook-ceph/Chart.yaml
@@ -21,5 +21,9 @@ dependencies:
   - name: rook-ceph-cluster
     version: v1.17.2
     repository: https://charts.rook.io/release
+  - name: cloudflared
+    alias: cloudflared-rgw
+    repository: oci://harbor.alexlebens.net/helm-charts
+    version: 1.15.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
 appVersion: v1.17.1
diff --git a/clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml b/clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml
new file mode 100644
index 000000000..c89aeecac
--- /dev/null
+++ b/clusters/cl01tl/storage/rook-ceph/templates/external-secret.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: ceph-rgw-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: ceph-rgw-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/ceph-rgw
+        metadataPolicy: None
+        property: token
diff --git a/clusters/cl01tl/storage/rook-ceph/values.yaml b/clusters/cl01tl/storage/rook-ceph/values.yaml
index ccc18cb8b..8881cc4c2 100644
--- a/clusters/cl01tl/storage/rook-ceph/values.yaml
+++ b/clusters/cl01tl/storage/rook-ceph/values.yaml
@@ -188,3 +188,7 @@ rook-ceph-cluster:
         volumeBindingMode: "Immediate"
         parameters:
           region: us-east-1
+
+cloudflared-rgw:
+  existingSecretName: ceph-rgw-cloudflared-secret
+  name: cloudflared-rgw