--- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: ara-server namespace: argocd spec: project: default source: repoURL: https://lib42.github.io/charts targetRevision: "0.3.*" chart: ara helm: values: | ingress: enabled: true hosts: - ara.k8s.smsvc.net persistentVolumes: enabled: true size: 128Mi storageClassName: local-path destination: server: 'https://kubernetes.default.svc' namespace: ara syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true retry: limit: 5 backoff: duration: 5s factor: 2 maxDuration: 5m --- apiVersion: v1 kind: ServiceAccount metadata: name: cronjob-serviceaccount namespace: ara --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: ingress-patch-role namespace: ara rules: - apiGroups: ["", "extensions", "networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ingress-patch-rolebinding namespace: ara subjects: - kind: ServiceAccount name: cronjob-serviceaccount namespace: ara roleRef: kind: Role name: ingress-patch-role apiGroup: rbac.authorization.k8s.io --- apiVersion: batch/v1 kind: CronJob metadata: name: update-ingress-whitelist namespace: ara spec: schedule: '@hourly' concurrencyPolicy: Forbid jobTemplate: spec: template: spec: serviceAccountName: cronjob-serviceaccount restartPolicy: Never containers: - name: update-ingress-whitelist image: portainer/kubectl-shell command: - /bin/bash - -c - | date DOMAIN=smark.ddns.net while true; do IP=$(nslookup $DOMAIN | grep -A1 $DOMAIN | awk 'END {print $NF}') [[ -n "$IP" ]] && break sleep 10 done set -x kubectl -n ara patch ingress ara-ara-server-ingress --type='json' --patch='[ { "op": "replace", "path": "/metadata/annotations/nginx.ingress.kubernetes.io~1whitelist-source-range", "value":"'$IP'" } ]'