chore: clean up cloudflared token handling and add pending files

- Remove hardcoded TUNNEL_TOKEN from cloudflared docker-compose.yml (now reads from .env via ${TUNNEL_TOKEN:?...}) - Delete backup file that contained raw token - Add .env.example template for cloudflared - Add scripts/rollout-cloudflared-token.sh for token rotation - Add apps/kitestacks-portal/public/flux/index.html (FluxCD status page) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19 00:34:48 -05:00 · 2026-06-19 00:34:48 -05:00 · e3cfa80d98
commit e3cfa80d98
parent 0d3fc4051c
5 changed files with 73 additions and 10 deletions
--- a/apps/cloudflared/.env.example
+++ b/apps/cloudflared/.env.example
@ -0,0 +1 @@
+TUNNEL_TOKEN=<cloudflare_tunnel_connector_token>
--- a/apps/cloudflared/docker-compose.yml
+++ b/apps/cloudflared/docker-compose.yml
@ -5,7 +5,7 @@ services:
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    environment:
-      - TUNNEL_TOKEN=eyJhIjoiZDBiYjc2NzMzMzNmY2Q3OTQ2MjI5NTZmMTY2MmY3ODUiLCJ0IjoiNWU2MGVhOGUtYTU0My00OWI2LWJhYjUtMzI1ZjM5NDQxZTAwIiwicyI6IkJyR3NreXdTSEFjQllobk9IcWFBZWJhT2djRUU0cjVSMXcwKzVGeTkrUHc9In0=
+      - TUNNEL_TOKEN=${TUNNEL_TOKEN:?set TUNNEL_TOKEN in .env}
    networks:
      - default
      - kitestacks
--- a/apps/cloudflared/docker-compose.yml.backup-before-token-rotate-20260608
+++ b/apps/cloudflared/docker-compose.yml.backup-before-token-rotate-20260608
@ -1,9 +0,0 @@
-services:
-  cloudflared:
-    image: cloudflare/cloudflared:latest
-    container_name: cloudflared
-    restart: unless-stopped
-    command: tunnel --no-autoupdate run
-    environment:
-      - TUNNEL_TOKEN=eyJhIjoiZDBiYjc2NzMzMzNmY2Q3OTQ2MjI5NTZmMTY2MmY3ODUiLCJ0IjoiNWU2MGVhOGUtYTU0My00OWI2LWJhYjUtMzI1ZjM5NDQxZTAwIiwicyI6Ik1ESTBPVEV5WVRNdFl6WmlOaTAwWTJNeUxUa3pPRE10T1RRME1tTmlOV1ZsTVRZNCJ9
-
--- a/apps/kitestacks-portal/public/flux/index.html
+++ b/apps/kitestacks-portal/public/flux/index.html
@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>FluxCD Status - KiteStacks</title>
+    <style>
+        body { background: #0b0e14; color: #e7ecff; font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; padding: 40px; }
+        .status-container { max-width: 800px; margin: 0 auto; background: #151921; border-radius: 12px; padding: 30px; border: 1px solid #2de0ff; }
+        h1 { color: #2de0ff; margin-top: 0; }
+        .stat { margin-bottom: 20px; }
+        .stat-label { color: #ff4df0; font-weight: bold; display: block; margin-bottom: 5px; }
+        .stat-value { font-family: monospace; background: #000; padding: 10px; border-radius: 4px; display: block; overflow-x: auto; }
+        .refresh-btn { background: #2de0ff; color: #000; border: none; padding: 10px 20px; border-radius: 4px; cursor: pointer; font-weight: bold; }
+        .refresh-btn:hover { background: #ff4df0; }
+    </style>
+</head>
+<body>
+    <div class="status-container">
+        <h1>FluxCD GitOps Automation Status</h1>
+        <div class="stat">
+            <span class="stat-label">CLUSTER NODE</span>
+            <span class="stat-value">monk (T14s)</span>
+        </div>
+        <div class="stat">
+            <span class="stat-label">ACTIVE REVISION</span>
+            <span class="stat-value">main@sha1:bdec86b1...</span>
+        </div>
+        <div class="stat">
+            <span class="stat-label">SYNC STATUS</span>
+            <span class="stat-value">Ready: Applied revision bdec86b1</span>
+        </div>
+        <div class="stat">
+            <span class="stat-label">MANAGED APPS</span>
+            <span class="stat-value">kavita (READY), flux-system (READY)</span>
+        </div>
+        <button class="refresh-btn" onclick="location.reload()">REFRESH STATUS</button>
+    </div>
+</body>
+</html>
				`@ -0,0 +1 @@`
				`TUNNEL_TOKEN=<cloudflare_tunnel_connector_token>`