k8s-apps/ddns/update-he-tunnel.yaml

apiVersion: v1
kind: Secret
metadata:
  name: he-tunnel-secrets
  namespace: ddns
type: Opaque
stringData:
  TB_USER: "Thrawn235"
  TB_KEY:  "KTjQnESNIZElZ-ek"   # from Tunnel Details → Advanced
  TB_TUNNEL_ID: "987578"       # numeric Tunnel ID
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: he-tunnel-script
  namespace: ddns
data:
  update-tunnel.sh: |
    #!/bin/sh
    set -eu
    V4="$(curl -4 -fsS --max-time 5 https://ipv4.icanhazip.com || true)"
    [ -n "${V4:-}" ] || { echo "no IPv4 detected"; exit 0; }
    RESP="$(curl -4 -fsS --connect-timeout 5 https://ipv4.tunnelbroker.net/nic/update \
      -d "username=${TB_USER}" -d "password=${TB_KEY}" \
      -d "hostname=${TB_TUNNEL_ID}" -d "myip=${V4}" || echo 'curlfail')"
    echo "tunnel ${TB_TUNNEL_ID} -> ${RESP}"
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: he-tunnel-update
  namespace: ddns
spec:
  schedule: "*/5 * * * *"
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          containers:
            - name: updater
              image: curlimages/curl
              envFrom:
                - secretRef: { name: he-tunnel-secrets }
              command: ["/bin/sh","-c","/scripts/update-tunnel.sh"]
              volumeMounts:
                - { name: script, mountPath: /scripts, readOnly: true }
          volumes:
            - name: script
              configMap:
                name: he-tunnel-script
                defaultMode: 0755