From f6db936e8c62bac328aa18b88a8e5d5f9d49715d Mon Sep 17 00:00:00 2001 From: Victor Barba Martin Date: Fri, 30 Jul 2021 21:43:56 +0200 Subject: [PATCH] setup external dns --- bitbucket-pipelines.yml | 7 ++++- k8s/external-dns/credentials.yaml | 4 --- k8s/external-dns/deployment.yaml | 51 ++++++++++++++++++++++++++----- 3 files changed, 50 insertions(+), 12 deletions(-) delete mode 100644 k8s/external-dns/credentials.yaml diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index 3542823..4cfe028 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -72,4 +72,9 @@ pipelines: variables: KUBE_CONFIG: $KUBE_CONFIG KUBECTL_COMMAND: 'apply' - RESOURCE_PATH: 'k8s/linode-autoscaler/' \ No newline at end of file + RESOURCE_PATH: 'k8s/linode-autoscaler/' + - pipe: atlassian/kubectl-run:1.1.2 + variables: + KUBE_CONFIG: $KUBE_CONFIG + KUBECTL_COMMAND: 'apply' + RESOURCE_PATH: 'k8s/external-dns/' \ No newline at end of file diff --git a/k8s/external-dns/credentials.yaml b/k8s/external-dns/credentials.yaml deleted file mode 100644 index e605e2e..0000000 --- a/k8s/external-dns/credentials.yaml +++ /dev/null @@ -1,4 +0,0 @@ -provider: aws -aws: - secretKey: lj85CIIik/83V980VKEPfqlOWtutEM3s7bSqMZNH - accessKey: AKIA2SXEHOQFBQRGCSST \ No newline at end of file diff --git a/k8s/external-dns/deployment.yaml b/k8s/external-dns/deployment.yaml index 72d7584..3eafe33 100644 --- a/k8s/external-dns/deployment.yaml +++ b/k8s/external-dns/deployment.yaml @@ -1,3 +1,36 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: +- apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] +- apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: +- kind: ServiceAccount + name: external-dns + namespace: default +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -12,20 +45,24 @@ spec: metadata: labels: app: external-dns - # If you're using kiam or kube2iam, specify the following annotation. - # Otherwise, you may safely omit it. - annotations: - iam.amazonaws.com/role: arn:aws:iam::ACCOUNT-ID:role/IAM-SERVICE-ROLE-NAME spec: + serviceAccountName: external-dns containers: - name: external-dns image: k8s.gcr.io/external-dns/external-dns:v0.7.6 + env: + - name: AWS_ACCESS_KEY_ID + value: "AKIA2SXEHOQFBQRGCSST" + - name: AWS_SECRET_ACCESS_KEY + value: "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" args: - - --source=service - --source=ingress - - --domain-filter=external-dns-test.my-org.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones + - --source=service + - --domain-filter=video.jamkazam.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - --provider=aws - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both) - --registry=txt - - --txt-owner-id=my-hostedzone-identifier \ No newline at end of file + - --txt-owner-id=my-hostedzone-identifier + securityContext: + fsGroup: 65534 \ No newline at end of file