setup external dns

2021-07-30 21:43:56 +02:00 · 2021-07-30 21:43:56 +02:00 · f6db936e8c
parent 50f6a15814
commit f6db936e8c
3 changed files with 50 additions and 12 deletions
--- a/bitbucket-pipelines.yml
+++ b/bitbucket-pipelines.yml
@ -73,3 +73,8 @@ pipelines:
                KUBE_CONFIG: $KUBE_CONFIG
                KUBECTL_COMMAND: 'apply'
                RESOURCE_PATH: 'k8s/linode-autoscaler/'
+            - pipe: atlassian/kubectl-run:1.1.2
+              variables:
+                KUBE_CONFIG: $KUBE_CONFIG
+                KUBECTL_COMMAND: 'apply'
+                RESOURCE_PATH: 'k8s/external-dns/'
--- a/k8s/external-dns/credentials.yaml
+++ b/k8s/external-dns/credentials.yaml
@ -1,4 +0,0 @@
-provider: aws
-aws:
-    secretKey: lj85CIIik/83V980VKEPfqlOWtutEM3s7bSqMZNH
-    accessKey: AKIA2SXEHOQFBQRGCSST
--- a/k8s/external-dns/deployment.yaml
+++ b/k8s/external-dns/deployment.yaml
@ -1,3 +1,36 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+rules:
+- apiGroups: [""]
+  resources: ["services","endpoints","pods"]
+  verbs: ["get","watch","list"]
+- apiGroups: ["extensions","networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get","watch","list"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["list","watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: default
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -12,20 +45,24 @@ spec:
    metadata:
      labels:
        app: external-dns
-      # If you're using kiam or kube2iam, specify the following annotation.
-      # Otherwise, you may safely omit it.
-      annotations:
-        iam.amazonaws.com/role: arn:aws:iam::ACCOUNT-ID:role/IAM-SERVICE-ROLE-NAME
    spec:
+      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:v0.7.6
+        env:
+        - name: AWS_ACCESS_KEY_ID
+          value: "AKIA2SXEHOQFBQRGCSST"
+        - name: AWS_SECRET_ACCESS_KEY
+          value: "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"
        args:
-        - --source=service
        - --source=ingress
-        - --domain-filter=external-dns-test.my-org.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
+        - --source=service
+        - --domain-filter=video.jamkazam.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
        - --provider=aws
        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
        - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
        - --registry=txt
        - --txt-owner-id=my-hostedzone-identifier
+      securityContext:
+        fsGroup: 65534