seth
/
video-iac
mirror of https://bitbucket.org/jamkazam/video-iac.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

external-dns username as secret

This commit is contained in:
Victor Barba Martin 2021-10-29 19:59:36 +02:00
parent 6056b8b411
commit 3ed6f2de26
4 changed files with 111 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
k8s/external-dns/overlays/configuration.yaml
View File

@ -17,6 +17,12 @@
path: /spec/template/spec/containers/0/env path: /spec/template/spec/containers/0/env
value: value:
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
value: "AKIA2SXEHOQFBQRGCSST" valueFrom:
secretKeyRef:
name: aws-user-external-dns
key: username
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
value: "lj85CIIik/83V980VKEPfqlOWtutEM3s7bSqMZNH" valueFrom:
secretKeyRef:
name: aws-user-external-dns
key: password

36
terraform/.terraform.lock.hcl
View File

@ -1,6 +1,42 @@
# This file is maintained automatically by "terraform init". # This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.63.0"
hashes = [
"h1:Z+2GvXLgqQ/uPMH8dv+dXJ/t+jd6sriYjhCJS6kSO6g=",
"zh:42c6c98b294953a4e1434a331251e539f5372bf6779bd61ab5df84cac0545287",
"zh:5493773762a470889c9a23db97582d3a82035847c8d3bd13323b4c3012abf325",
"zh:550d22ff9fed4d817a922e7b84bd9d1f2ef8d3afa00832cf66b8cd5f0e6dc748",
"zh:632cb5e2d9d5041875f57174236eafe5b05dbf26750c1041ab57eb08c5369fe2",
"zh:7cfeaf5bde1b28bd010415af1f3dc494680a8374f1a26ec19db494d99938cc4e",
"zh:99d871606b67c8aefce49007315de15736b949c09a9f8f29ad8af1e9ce383ed3",
"zh:c4fc8539ffe90df5c7ae587fde495fac6bc0186fec2f2713a8988a619cef265f",
"zh:d0a26493206575c99ca221d78fe64f96a8fbcebe933af92eea6b39168c1f1c1d",
"zh:e156fdc964fdd4a7586ec15629e20d2b06295b46b4962428006e088145db07d6",
"zh:eb04fc80f652b5c92f76822f0fec1697581543806244068506aed69e1bb9b2af",
"zh:f5638a533cf9444f7d02b5527446cdbc3b2eab8bcc4ec4b0ca32035fe6f479d3",
]
}
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.6.1"
hashes = [
"h1:DWgawNO2C7IuXC2v9IjTSsqs1vZHSAbP4ilWQ0LdbwI=",
"zh:081fbaf9441ebb278753dcf05f318fa7d445e9599a600d7c525e9a18b871d4c8",
"zh:143bfbe871c628981d756ead47486e807fce876232d05607e0b8852ebee4eed8",
"zh:34f413a644eb952e3f041d67ef19200f4c286d374eae87b60fafdd8bf6bb5654",
"zh:370562be70233be730e1876d565710c3ef477e047f209cb3dff8a4a3217a6461",
"zh:443021df6d56e59e4d8dda8e57b506affff32b8a22de09661d21b98bc781fefb",
"zh:51a9501360b58adf9ee6e09fb81f555042ebc909ab36e06ccfc5e701e91f9923",
"zh:7d41d48b8291b98e0a4b7a1f79a9d1fe140a2e0d8df422c5b48cbae4c3fa615a",
"zh:881b3e44814d7d49a5820e2e4b13ee3d000b5baf7957df774a909f17472ece8a",
"zh:b860ff68a944de63fbe0a624c41f2e373711a2da4298c0f0cb151e00fb32a6b3",
"zh:c4ab48ea6e0f8d4a6db1abab1877addb2b21ecd126e505c74b8c85804bd92cbe",
"zh:e96589575dfd31eab48fcc85466dd49895925473c60c802b346cdb4037953350",
]
}
provider "registry.terraform.io/linode/linode" { provider "registry.terraform.io/linode/linode" {
version = "1.18.0" version = "1.18.0"
hashes = [ hashes = [

42
terraform/aws-dns.tf Normal file
View File

@ -0,0 +1,42 @@
provider "aws" {
region = "us-east-1"
}
resource "aws_iam_user" "lke-external-dns" {
name = "lke-external-dns"
}
resource "aws_iam_access_key" "lke-external-dns" {
user = aws_iam_user.lke-external-dns.name
}
resource "aws_iam_user_policy" "lke-external-dns" {
name = "route-53"
user = aws_iam_user.lke-external-dns.name
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"Resource": [
"*"
]
}
]
}
EOF
}

25
terraform/lke.tf
View File

@ -22,6 +22,31 @@ resource "linode_lke_cluster" "stg-video-cluster" {
} }
provider "kubernetes" {
config_path = "../k8s/stg-video-cluster-kubeconfig.yaml"
alias = "cluster-staging"
}
# resource "kubernetes_namespace" "example" {
# metadata {
# name = "my-first-namespace"
# }
# provider = kubernetes.cluster-staging
# }
resource "kubernetes_secret" "aws_user_external_dns" {
metadata {
name = "aws-user-external-dns"
}
data = {
username = aws_iam_access_key.lke-external-dns.id
password = aws_iam_access_key.lke-external-dns.secret
}
type = "kubernetes.io/basic-auth"
provider = kubernetes.cluster-staging
}
resource "linode_lke_cluster" "prd-video-cluster" { resource "linode_lke_cluster" "prd-video-cluster" {
label = "prd-video-cluster" label = "prd-video-cluster"
k8s_version = "1.21" k8s_version = "1.21"