seth
/
video-iac
mirror of https://bitbucket.org/jamkazam/video-iac.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

setup external dns

This commit is contained in:
Victor Barba Martin 2021-07-30 21:43:56 +02:00
parent 50f6a15814
commit f6db936e8c
3 changed files with 50 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bitbucket-pipelines.yml
View File

@ -72,4 +72,9 @@ pipelines:
variables: variables:
KUBE_CONFIG: $KUBE_CONFIG KUBE_CONFIG: $KUBE_CONFIG
KUBECTL_COMMAND: 'apply' KUBECTL_COMMAND: 'apply'
RESOURCE_PATH: 'k8s/linode-autoscaler/' RESOURCE_PATH: 'k8s/linode-autoscaler/'
- pipe: atlassian/kubectl-run:1.1.2
variables:
KUBE_CONFIG: $KUBE_CONFIG
KUBECTL_COMMAND: 'apply'
RESOURCE_PATH: 'k8s/external-dns/'

4
k8s/external-dns/credentials.yaml
View File

@ -1,4 +0,0 @@
provider: aws
aws:
secretKey: lj85CIIik/83V980VKEPfqlOWtutEM3s7bSqMZNH
accessKey: AKIA2SXEHOQFBQRGCSST

51
k8s/external-dns/deployment.yaml
View File

@ -1,3 +1,36 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: default
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -12,20 +45,24 @@ spec:
metadata: metadata:
labels: labels:
app: external-dns app: external-dns
# If you're using kiam or kube2iam, specify the following annotation.
# Otherwise, you may safely omit it.
annotations:
iam.amazonaws.com/role: arn:aws:iam::ACCOUNT-ID:role/IAM-SERVICE-ROLE-NAME
spec: spec:
serviceAccountName: external-dns
containers: containers:
- name: external-dns - name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.7.6 image: k8s.gcr.io/external-dns/external-dns:v0.7.6
env:
- name: AWS_ACCESS_KEY_ID
value: "AKIA2SXEHOQFBQRGCSST"
- name: AWS_SECRET_ACCESS_KEY
value: "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"
args: args:
- --source=service
- --source=ingress - --source=ingress
- --domain-filter=external-dns-test.my-org.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - --source=service
- --domain-filter=video.jamkazam.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- --provider=aws - --provider=aws
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both) - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt - --registry=txt
- --txt-owner-id=my-hostedzone-identifier - --txt-owner-id=my-hostedzone-identifier
securityContext:
fsGroup: 65534