external-dns username as secret

k8s/external-dns/overlays/configuration.yaml

@@ -17,6 +17,12 @@
   path: /spec/template/spec/containers/0/env
   value:
     - name: AWS_ACCESS_KEY_ID
-      value: "AKIA2SXEHOQFBQRGCSST"
+      valueFrom:
+        secretKeyRef:
+          name: aws-user-external-dns
+          key: username
     - name: AWS_SECRET_ACCESS_KEY
-      value: "lj85CIIik/83V980VKEPfqlOWtutEM3s7bSqMZNH"
+      valueFrom:
+        secretKeyRef:
+          name: aws-user-external-dns
+          key: password

terraform/.terraform.lock.hcl

@@ -1,6 +1,42 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "3.63.0"
+  hashes = [
+    "h1:Z+2GvXLgqQ/uPMH8dv+dXJ/t+jd6sriYjhCJS6kSO6g=",
+    "zh:42c6c98b294953a4e1434a331251e539f5372bf6779bd61ab5df84cac0545287",
+    "zh:5493773762a470889c9a23db97582d3a82035847c8d3bd13323b4c3012abf325",
+    "zh:550d22ff9fed4d817a922e7b84bd9d1f2ef8d3afa00832cf66b8cd5f0e6dc748",
+    "zh:632cb5e2d9d5041875f57174236eafe5b05dbf26750c1041ab57eb08c5369fe2",
+    "zh:7cfeaf5bde1b28bd010415af1f3dc494680a8374f1a26ec19db494d99938cc4e",
+    "zh:99d871606b67c8aefce49007315de15736b949c09a9f8f29ad8af1e9ce383ed3",
+    "zh:c4fc8539ffe90df5c7ae587fde495fac6bc0186fec2f2713a8988a619cef265f",
+    "zh:d0a26493206575c99ca221d78fe64f96a8fbcebe933af92eea6b39168c1f1c1d",
+    "zh:e156fdc964fdd4a7586ec15629e20d2b06295b46b4962428006e088145db07d6",
+    "zh:eb04fc80f652b5c92f76822f0fec1697581543806244068506aed69e1bb9b2af",
+    "zh:f5638a533cf9444f7d02b5527446cdbc3b2eab8bcc4ec4b0ca32035fe6f479d3",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version = "2.6.1"
+  hashes = [
+    "h1:DWgawNO2C7IuXC2v9IjTSsqs1vZHSAbP4ilWQ0LdbwI=",
+    "zh:081fbaf9441ebb278753dcf05f318fa7d445e9599a600d7c525e9a18b871d4c8",
+    "zh:143bfbe871c628981d756ead47486e807fce876232d05607e0b8852ebee4eed8",
+    "zh:34f413a644eb952e3f041d67ef19200f4c286d374eae87b60fafdd8bf6bb5654",
+    "zh:370562be70233be730e1876d565710c3ef477e047f209cb3dff8a4a3217a6461",
+    "zh:443021df6d56e59e4d8dda8e57b506affff32b8a22de09661d21b98bc781fefb",
+    "zh:51a9501360b58adf9ee6e09fb81f555042ebc909ab36e06ccfc5e701e91f9923",
+    "zh:7d41d48b8291b98e0a4b7a1f79a9d1fe140a2e0d8df422c5b48cbae4c3fa615a",
+    "zh:881b3e44814d7d49a5820e2e4b13ee3d000b5baf7957df774a909f17472ece8a",
+    "zh:b860ff68a944de63fbe0a624c41f2e373711a2da4298c0f0cb151e00fb32a6b3",
+    "zh:c4ab48ea6e0f8d4a6db1abab1877addb2b21ecd126e505c74b8c85804bd92cbe",
+    "zh:e96589575dfd31eab48fcc85466dd49895925473c60c802b346cdb4037953350",
+  ]
+}
+
 provider "registry.terraform.io/linode/linode" {
   version = "1.18.0"
   hashes = [

terraform/aws-dns.tf

@@ -0,0 +1,42 @@
+
+provider "aws" {
+  region = "us-east-1"
+}
+resource "aws_iam_user" "lke-external-dns" {
+  name = "lke-external-dns"
+}
+
+resource "aws_iam_access_key" "lke-external-dns" {
+  user = aws_iam_user.lke-external-dns.name
+}
+
+resource "aws_iam_user_policy" "lke-external-dns" {
+  name   = "route-53"
+  user   = aws_iam_user.lke-external-dns.name
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ChangeResourceRecordSets"
+            ],
+            "Resource": [
+                "arn:aws:route53:::hostedzone/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ListHostedZones",
+                "route53:ListResourceRecordSets"
+            ],
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+EOF
+}

terraform/lke.tf

@@ -22,6 +22,31 @@ resource "linode_lke_cluster" "stg-video-cluster" {
 
 }
 
+provider "kubernetes" {
+  config_path = "../k8s/stg-video-cluster-kubeconfig.yaml"
+  alias       = "cluster-staging"
+}
+# resource "kubernetes_namespace" "example" {
+#   metadata {
+#     name = "my-first-namespace"
+#   }
+#   provider = kubernetes.cluster-staging
+# }
+
+resource "kubernetes_secret" "aws_user_external_dns" {
+  metadata {
+    name = "aws-user-external-dns"
+  }
+
+  data = {
+    username = aws_iam_access_key.lke-external-dns.id
+    password = aws_iam_access_key.lke-external-dns.secret
+  }
+
+  type     = "kubernetes.io/basic-auth"
+  provider = kubernetes.cluster-staging
+}
+
 resource "linode_lke_cluster" "prd-video-cluster" {
   label       = "prd-video-cluster"
   k8s_version = "1.21"