From 0d95914e8a5da6e10356aa6f4c51a99e1e4a6d97 Mon Sep 17 00:00:00 2001 From: Rob Watson Date: Fri, 18 Nov 2022 08:40:06 +0100 Subject: [PATCH] Add external-dns --- deploy/base/deploy-external-dns.yaml | 20 ++++ .../external-dns/templates/clusterrole.yaml | 92 +++++++++++++++ .../templates/clusterrolebinding.yaml | 19 ++++ .../external-dns/templates/deployment.yaml | 106 ++++++++++++++++++ .../external-dns/templates/service.yaml | 22 ++++ .../templates/serviceaccount.yaml | 13 +++ deploy/base/kustomization.yaml | 16 +++ 7 files changed, 288 insertions(+) create mode 100644 deploy/base/deploy-external-dns.yaml create mode 100644 deploy/base/inflated/external-dns/templates/clusterrole.yaml create mode 100644 deploy/base/inflated/external-dns/templates/clusterrolebinding.yaml create mode 100644 deploy/base/inflated/external-dns/templates/deployment.yaml create mode 100644 deploy/base/inflated/external-dns/templates/service.yaml create mode 100644 deploy/base/inflated/external-dns/templates/serviceaccount.yaml diff --git a/deploy/base/deploy-external-dns.yaml b/deploy/base/deploy-external-dns.yaml new file mode 100644 index 0000000..b486a1f --- /dev/null +++ b/deploy/base/deploy-external-dns.yaml @@ -0,0 +1,20 @@ +# Patch external-dns with AWS credentials because helm chart inflation happens +# too early. +--- +- op: add + path: /spec/template/spec/containers/0/volumeMounts + value: + - name: aws-credentials + mountPath: /.aws + readOnly: true +- op: replace + path: /spec/template/spec/volumes + value: + - name: aws-credentials + secret: + secretName: aws-do-external-dns-credentials +- op: add + path: /spec/template/spec/containers/0/env + value: + - name: AWS_SHARED_CREDENTIALS_FILE + value: /.aws/credentials diff --git a/deploy/base/inflated/external-dns/templates/clusterrole.yaml b/deploy/base/inflated/external-dns/templates/clusterrole.yaml new file mode 100644 index 0000000..aa7adb7 --- /dev/null +++ b/deploy/base/inflated/external-dns/templates/clusterrole.yaml @@ -0,0 +1,92 @@ +--- +# Source: external-dns/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns + labels: + app.kubernetes.io/name: external-dns + helm.sh/chart: external-dns-6.3.0 + app.kubernetes.io/instance: external-dns + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: + - "" + resources: + - services + - pods + - nodes + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - "networking.k8s.io" + - getambassador.io + resources: + - ingresses + - hosts + verbs: + - get + - list + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list + - watch + - apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list + - watch + - apiGroups: + - zalando.org + resources: + - routegroups + verbs: + - get + - list + - watch + - apiGroups: + - zalando.org + resources: + - routegroups/status + verbs: + - patch + - update + - apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - watch + - list + - apiGroups: + - gloo.solo.io + - gateway.solo.io + resources: + - proxies + - virtualservices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch diff --git a/deploy/base/inflated/external-dns/templates/clusterrolebinding.yaml b/deploy/base/inflated/external-dns/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..07d89d6 --- /dev/null +++ b/deploy/base/inflated/external-dns/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +--- +# Source: external-dns/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns + labels: + app.kubernetes.io/name: external-dns + helm.sh/chart: external-dns-6.3.0 + app.kubernetes.io/instance: external-dns + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: + - kind: ServiceAccount + name: external-dns + namespace: default diff --git a/deploy/base/inflated/external-dns/templates/deployment.yaml b/deploy/base/inflated/external-dns/templates/deployment.yaml new file mode 100644 index 0000000..6fefd76 --- /dev/null +++ b/deploy/base/inflated/external-dns/templates/deployment.yaml @@ -0,0 +1,106 @@ +--- +# Source: external-dns/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns + namespace: default + labels: + app.kubernetes.io/name: external-dns + helm.sh/chart: external-dns-6.3.0 + app.kubernetes.io/instance: external-dns + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: external-dns + app.kubernetes.io/instance: external-dns + template: + metadata: + labels: + app.kubernetes.io/name: external-dns + helm.sh/chart: external-dns-6.3.0 + app.kubernetes.io/instance: external-dns + app.kubernetes.io/managed-by: Helm + annotations: + spec: + + securityContext: + fsGroup: 1001 + runAsUser: 1001 + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: external-dns + app.kubernetes.io/instance: external-dns + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + serviceAccountName: external-dns + containers: + - name: external-dns + image: "docker.io/bitnami/external-dns:0.11.1-debian-10-r1" + imagePullPolicy: "IfNotPresent" + args: + # Generic arguments + - --metrics-address=:7979 + - --log-level=info + - --log-format=text + - --policy=upsert-only + - --provider=aws + - --registry=txt + - --interval=1m + - --source=service + - --source=ingress + # AWS arguments + - --aws-api-retries=3 + - --aws-zone-type= + - --aws-batch-change-size=1000 + env: + # AWS environment variables + - name: AWS_DEFAULT_REGION + value: us-east-1 + envFrom: + ports: + - name: http + containerPort: 7979 + livenessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 2 + readinessProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + limits: {} + requests: {} + volumeMounts: + # AWS mountPath(s) + - name: aws-credentials + mountPath: /.aws + readOnly: true + volumes: + # AWS volume(s) + - name: aws-credentials + secret: + secretName: foo diff --git a/deploy/base/inflated/external-dns/templates/service.yaml b/deploy/base/inflated/external-dns/templates/service.yaml new file mode 100644 index 0000000..49b04c1 --- /dev/null +++ b/deploy/base/inflated/external-dns/templates/service.yaml @@ -0,0 +1,22 @@ +--- +# Source: external-dns/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: external-dns + namespace: default + labels: + app.kubernetes.io/name: external-dns + helm.sh/chart: external-dns-6.3.0 + app.kubernetes.io/instance: external-dns + app.kubernetes.io/managed-by: Helm +spec: + ports: + - name: http + port: 7979 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: external-dns + app.kubernetes.io/instance: external-dns + type: ClusterIP diff --git a/deploy/base/inflated/external-dns/templates/serviceaccount.yaml b/deploy/base/inflated/external-dns/templates/serviceaccount.yaml new file mode 100644 index 0000000..514ffcb --- /dev/null +++ b/deploy/base/inflated/external-dns/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +--- +# Source: external-dns/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: default + labels: + app.kubernetes.io/name: external-dns + helm.sh/chart: external-dns-6.3.0 + app.kubernetes.io/instance: external-dns + app.kubernetes.io/managed-by: Helm +automountServiceAccountToken: true diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index f424562..7e9bed2 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -72,6 +72,12 @@ resources: # kubernetes-replicator - inflated/kubernetes-replicator/templates/deployment.yaml - inflated/kubernetes-replicator/templates/rbac.yaml +# external-dns +- inflated/external-dns/templates/serviceaccount.yaml +- inflated/external-dns/templates/deployment.yaml +- inflated/external-dns/templates/service.yaml +- inflated/external-dns/templates/clusterrole.yaml +- inflated/external-dns/templates/clusterrolebinding.yaml - ingress.yaml @@ -108,6 +114,11 @@ configMapGenerator: - init-directory-structure.sh=gitea-init-directory-structure.sh - setup.sh=gitea-setup.sh +secretGenerator: +- name: aws-do-external-dns-credentials + files: + - credentials=secrets/aws-do-external-dns-credentials + patches: # Patch the ingress-nginx service to expose port 22 for Gitea SSH access. - target: @@ -119,3 +130,8 @@ patches: kind: Deployment name: ingress-nginx-controller path: deploy-ingress-nginx.yaml + +- target: + kind: Deployment + name: external-dns + path: deploy-external-dns.yaml