rob
/
netflux-kubernetes
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Add external-dns

This commit is contained in:
Rob Watson 2022-11-18 08:40:06 +01:00
parent 6e20cea9f8
commit 0d95914e8a
7 changed files with 288 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
deploy/base/deploy-external-dns.yaml Normal file
View File

@ -0,0 +1,20 @@
# Patch external-dns with AWS credentials because helm chart inflation happens
# too early.
---
- op: add
path: /spec/template/spec/containers/0/volumeMounts
value:
- name: aws-credentials
mountPath: /.aws
readOnly: true
- op: replace
path: /spec/template/spec/volumes
value:
- name: aws-credentials
secret:
secretName: aws-do-external-dns-credentials
- op: add
path: /spec/template/spec/containers/0/env
value:
- name: AWS_SHARED_CREDENTIALS_FILE
value: /.aws/credentials

92
deploy/base/inflated/external-dns/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,92 @@
---
# Source: external-dns/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- services
- pods
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io"
- getambassador.io
resources:
- ingresses
- hosts
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- networking.istio.io
resources:
- gateways
- virtualservices
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups/status
verbs:
- patch
- update
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- watch
- list
- apiGroups:
- gloo.solo.io
- gateway.solo.io
resources:
- proxies
- virtualservices
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses
verbs:
- get
- list
- watch

19
deploy/base/inflated/external-dns/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,19 @@
---
# Source: external-dns/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: default

106
deploy/base/inflated/external-dns/templates/deployment.yaml Normal file
View File

@ -0,0 +1,106 @@
---
# Source: external-dns/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
namespace: default
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: external-dns
app.kubernetes.io/instance: external-dns
template:
metadata:
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
annotations:
spec:
securityContext:
fsGroup: 1001
runAsUser: 1001
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: external-dns
app.kubernetes.io/instance: external-dns
namespaces:
- "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
serviceAccountName: external-dns
containers:
- name: external-dns
image: "docker.io/bitnami/external-dns:0.11.1-debian-10-r1"
imagePullPolicy: "IfNotPresent"
args:
# Generic arguments
- --metrics-address=:7979
- --log-level=info
- --log-format=text
- --policy=upsert-only
- --provider=aws
- --registry=txt
- --interval=1m
- --source=service
- --source=ingress
# AWS arguments
- --aws-api-retries=3
- --aws-zone-type=
- --aws-batch-change-size=1000
env:
# AWS environment variables
- name: AWS_DEFAULT_REGION
value: us-east-1
envFrom:
ports:
- name: http
containerPort: 7979
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 2
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
limits: {}
requests: {}
volumeMounts:
# AWS mountPath(s)
- name: aws-credentials
mountPath: /.aws
readOnly: true
volumes:
# AWS volume(s)
- name: aws-credentials
secret:
secretName: foo

22
deploy/base/inflated/external-dns/templates/service.yaml Normal file
View File

@ -0,0 +1,22 @@
---
# Source: external-dns/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: external-dns
namespace: default
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
spec:
ports:
- name: http
port: 7979
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/name: external-dns
app.kubernetes.io/instance: external-dns
type: ClusterIP

13
deploy/base/inflated/external-dns/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,13 @@
---
# Source: external-dns/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: default
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
automountServiceAccountToken: true

16
deploy/base/kustomization.yaml
View File

@ -72,6 +72,12 @@ resources:
# kubernetes-replicator # kubernetes-replicator
- inflated/kubernetes-replicator/templates/deployment.yaml - inflated/kubernetes-replicator/templates/deployment.yaml
- inflated/kubernetes-replicator/templates/rbac.yaml - inflated/kubernetes-replicator/templates/rbac.yaml
# external-dns
- inflated/external-dns/templates/serviceaccount.yaml
- inflated/external-dns/templates/deployment.yaml
- inflated/external-dns/templates/service.yaml
- inflated/external-dns/templates/clusterrole.yaml
- inflated/external-dns/templates/clusterrolebinding.yaml
- ingress.yaml - ingress.yaml
@ -108,6 +114,11 @@ configMapGenerator:
- init-directory-structure.sh=gitea-init-directory-structure.sh - init-directory-structure.sh=gitea-init-directory-structure.sh
- setup.sh=gitea-setup.sh - setup.sh=gitea-setup.sh
secretGenerator:
- name: aws-do-external-dns-credentials
files:
- credentials=secrets/aws-do-external-dns-credentials
patches: patches:
# Patch the ingress-nginx service to expose port 22 for Gitea SSH access. # Patch the ingress-nginx service to expose port 22 for Gitea SSH access.
- target: - target:
@ -119,3 +130,8 @@ patches:
kind: Deployment kind: Deployment
name: ingress-nginx-controller name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml path: deploy-ingress-nginx.yaml
- target:
kind: Deployment
name: external-dns
path: deploy-external-dns.yaml