Add external-dns
This commit is contained in:
parent
6e20cea9f8
commit
0d95914e8a
20
deploy/base/deploy-external-dns.yaml
Normal file
20
deploy/base/deploy-external-dns.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
# Patch external-dns with AWS credentials because helm chart inflation happens
|
||||
# too early.
|
||||
---
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/volumeMounts
|
||||
value:
|
||||
- name: aws-credentials
|
||||
mountPath: /.aws
|
||||
readOnly: true
|
||||
- op: replace
|
||||
path: /spec/template/spec/volumes
|
||||
value:
|
||||
- name: aws-credentials
|
||||
secret:
|
||||
secretName: aws-do-external-dns-credentials
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/env
|
||||
value:
|
||||
- name: AWS_SHARED_CREDENTIALS_FILE
|
||||
value: /.aws/credentials
|
92
deploy/base/inflated/external-dns/templates/clusterrole.yaml
Normal file
92
deploy/base/inflated/external-dns/templates/clusterrole.yaml
Normal file
@ -0,0 +1,92 @@
|
||||
---
|
||||
# Source: external-dns/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: external-dns
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- pods
|
||||
- nodes
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- "networking.k8s.io"
|
||||
- getambassador.io
|
||||
resources:
|
||||
- ingresses
|
||||
- hosts
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- route.openshift.io
|
||||
resources:
|
||||
- routes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- networking.istio.io
|
||||
resources:
|
||||
- gateways
|
||||
- virtualservices
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- zalando.org
|
||||
resources:
|
||||
- routegroups
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- zalando.org
|
||||
resources:
|
||||
- routegroups/status
|
||||
verbs:
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- projectcontour.io
|
||||
resources:
|
||||
- httpproxies
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- gloo.solo.io
|
||||
- gateway.solo.io
|
||||
resources:
|
||||
- proxies
|
||||
- virtualservices
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- tcpingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
@ -0,0 +1,19 @@
|
||||
---
|
||||
# Source: external-dns/templates/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-dns
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: external-dns
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: external-dns
|
||||
namespace: default
|
106
deploy/base/inflated/external-dns/templates/deployment.yaml
Normal file
106
deploy/base/inflated/external-dns/templates/deployment.yaml
Normal file
@ -0,0 +1,106 @@
|
||||
---
|
||||
# Source: external-dns/templates/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: external-dns
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
app.kubernetes.io/instance: external-dns
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
spec:
|
||||
|
||||
securityContext:
|
||||
fsGroup: 1001
|
||||
runAsUser: 1001
|
||||
affinity:
|
||||
podAffinity:
|
||||
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
app.kubernetes.io/instance: external-dns
|
||||
namespaces:
|
||||
- "default"
|
||||
topologyKey: kubernetes.io/hostname
|
||||
weight: 1
|
||||
nodeAffinity:
|
||||
|
||||
serviceAccountName: external-dns
|
||||
containers:
|
||||
- name: external-dns
|
||||
image: "docker.io/bitnami/external-dns:0.11.1-debian-10-r1"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
# Generic arguments
|
||||
- --metrics-address=:7979
|
||||
- --log-level=info
|
||||
- --log-format=text
|
||||
- --policy=upsert-only
|
||||
- --provider=aws
|
||||
- --registry=txt
|
||||
- --interval=1m
|
||||
- --source=service
|
||||
- --source=ingress
|
||||
# AWS arguments
|
||||
- --aws-api-retries=3
|
||||
- --aws-zone-type=
|
||||
- --aws-batch-change-size=1000
|
||||
env:
|
||||
# AWS environment variables
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: us-east-1
|
||||
envFrom:
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 7979
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 2
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
volumeMounts:
|
||||
# AWS mountPath(s)
|
||||
- name: aws-credentials
|
||||
mountPath: /.aws
|
||||
readOnly: true
|
||||
volumes:
|
||||
# AWS volume(s)
|
||||
- name: aws-credentials
|
||||
secret:
|
||||
secretName: foo
|
22
deploy/base/inflated/external-dns/templates/service.yaml
Normal file
22
deploy/base/inflated/external-dns/templates/service.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
# Source: external-dns/templates/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: external-dns
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 7979
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
selector:
|
||||
app.kubernetes.io/name: external-dns
|
||||
app.kubernetes.io/instance: external-dns
|
||||
type: ClusterIP
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
# Source: external-dns/templates/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: external-dns
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
automountServiceAccountToken: true
|
@ -72,6 +72,12 @@ resources:
|
||||
# kubernetes-replicator
|
||||
- inflated/kubernetes-replicator/templates/deployment.yaml
|
||||
- inflated/kubernetes-replicator/templates/rbac.yaml
|
||||
# external-dns
|
||||
- inflated/external-dns/templates/serviceaccount.yaml
|
||||
- inflated/external-dns/templates/deployment.yaml
|
||||
- inflated/external-dns/templates/service.yaml
|
||||
- inflated/external-dns/templates/clusterrole.yaml
|
||||
- inflated/external-dns/templates/clusterrolebinding.yaml
|
||||
|
||||
- ingress.yaml
|
||||
|
||||
@ -108,6 +114,11 @@ configMapGenerator:
|
||||
- init-directory-structure.sh=gitea-init-directory-structure.sh
|
||||
- setup.sh=gitea-setup.sh
|
||||
|
||||
secretGenerator:
|
||||
- name: aws-do-external-dns-credentials
|
||||
files:
|
||||
- credentials=secrets/aws-do-external-dns-credentials
|
||||
|
||||
patches:
|
||||
# Patch the ingress-nginx service to expose port 22 for Gitea SSH access.
|
||||
- target:
|
||||
@ -119,3 +130,8 @@ patches:
|
||||
kind: Deployment
|
||||
name: ingress-nginx-controller
|
||||
path: deploy-ingress-nginx.yaml
|
||||
|
||||
- target:
|
||||
kind: Deployment
|
||||
name: external-dns
|
||||
path: deploy-external-dns.yaml
|
||||
|
Loading…
x
Reference in New Issue
Block a user