Compare commits

...

2 Commits

Author SHA1 Message Date
Rob Watson 0d95914e8a Add external-dns 2022-11-18 08:40:06 +01:00
Rob Watson 6e20cea9f8 Add kubernetes-replicator 2022-11-16 23:10:43 +01:00
9 changed files with 404 additions and 0 deletions

View File

@ -0,0 +1,20 @@
# Patch external-dns with AWS credentials because helm chart inflation happens
# too early.
---
- op: add
path: /spec/template/spec/containers/0/volumeMounts
value:
- name: aws-credentials
mountPath: /.aws
readOnly: true
- op: replace
path: /spec/template/spec/volumes
value:
- name: aws-credentials
secret:
secretName: aws-do-external-dns-credentials
- op: add
path: /spec/template/spec/containers/0/env
value:
- name: AWS_SHARED_CREDENTIALS_FILE
value: /.aws/credentials

View File

@ -0,0 +1,92 @@
---
# Source: external-dns/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- services
- pods
- nodes
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- "networking.k8s.io"
- getambassador.io
resources:
- ingresses
- hosts
verbs:
- get
- list
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- networking.istio.io
resources:
- gateways
- virtualservices
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups
verbs:
- get
- list
- watch
- apiGroups:
- zalando.org
resources:
- routegroups/status
verbs:
- patch
- update
- apiGroups:
- projectcontour.io
resources:
- httpproxies
verbs:
- get
- watch
- list
- apiGroups:
- gloo.solo.io
- gateway.solo.io
resources:
- proxies
- virtualservices
verbs:
- get
- list
- watch
- apiGroups:
- configuration.konghq.com
resources:
- tcpingresses
verbs:
- get
- list
- watch

View File

@ -0,0 +1,19 @@
---
# Source: external-dns/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: default

View File

@ -0,0 +1,106 @@
---
# Source: external-dns/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
namespace: default
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: external-dns
app.kubernetes.io/instance: external-dns
template:
metadata:
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
annotations:
spec:
securityContext:
fsGroup: 1001
runAsUser: 1001
affinity:
podAffinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: external-dns
app.kubernetes.io/instance: external-dns
namespaces:
- "default"
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity:
serviceAccountName: external-dns
containers:
- name: external-dns
image: "docker.io/bitnami/external-dns:0.11.1-debian-10-r1"
imagePullPolicy: "IfNotPresent"
args:
# Generic arguments
- --metrics-address=:7979
- --log-level=info
- --log-format=text
- --policy=upsert-only
- --provider=aws
- --registry=txt
- --interval=1m
- --source=service
- --source=ingress
# AWS arguments
- --aws-api-retries=3
- --aws-zone-type=
- --aws-batch-change-size=1000
env:
# AWS environment variables
- name: AWS_DEFAULT_REGION
value: us-east-1
envFrom:
ports:
- name: http
containerPort: 7979
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 2
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
resources:
limits: {}
requests: {}
volumeMounts:
# AWS mountPath(s)
- name: aws-credentials
mountPath: /.aws
readOnly: true
volumes:
# AWS volume(s)
- name: aws-credentials
secret:
secretName: foo

View File

@ -0,0 +1,22 @@
---
# Source: external-dns/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: external-dns
namespace: default
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
spec:
ports:
- name: http
port: 7979
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/name: external-dns
app.kubernetes.io/instance: external-dns
type: ClusterIP

View File

@ -0,0 +1,13 @@
---
# Source: external-dns/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: default
labels:
app.kubernetes.io/name: external-dns
helm.sh/chart: external-dns-6.3.0
app.kubernetes.io/instance: external-dns
app.kubernetes.io/managed-by: Helm
automountServiceAccountToken: true

View File

@ -0,0 +1,59 @@
---
# Source: kubernetes-replicator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-replicator
labels:
helm.sh/chart: kubernetes-replicator-2.7.3
app.kubernetes.io/name: kubernetes-replicator
app.kubernetes.io/instance: kubernetes-replicator
app.kubernetes.io/version: "v2.7.3"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: kubernetes-replicator
app.kubernetes.io/instance: kubernetes-replicator
template:
metadata:
labels:
app.kubernetes.io/name: kubernetes-replicator
app.kubernetes.io/instance: kubernetes-replicator
spec:
serviceAccountName: kubernetes-replicator
securityContext:
{}
containers:
- name: kubernetes-replicator
securityContext:
{}
image: "quay.io/mittwald/kubernetes-replicator:v2.7.3"
imagePullPolicy: Always
args:
[]
ports:
- name: health
containerPort: 9102
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: health
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: health
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
resources:
{}

View File

@ -0,0 +1,54 @@
---
# Source: kubernetes-replicator/templates/rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubernetes-replicator
labels:
helm.sh/chart: kubernetes-replicator-2.7.3
app.kubernetes.io/name: kubernetes-replicator
app.kubernetes.io/instance: kubernetes-replicator
app.kubernetes.io/version: "v2.7.3"
app.kubernetes.io/managed-by: Helm
---
# Source: kubernetes-replicator/templates/rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-replicator
labels:
helm.sh/chart: kubernetes-replicator-2.7.3
app.kubernetes.io/name: kubernetes-replicator
app.kubernetes.io/instance: kubernetes-replicator
app.kubernetes.io/version: "v2.7.3"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: [ "" ]
resources: [ "namespaces" ]
verbs: [ "get", "watch", "list" ]
- apiGroups: [""]
resources: ["secrets", "configmaps"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "rolebindings"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
---
# Source: kubernetes-replicator/templates/rbac.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-replicator
labels:
helm.sh/chart: kubernetes-replicator-2.7.3
app.kubernetes.io/name: kubernetes-replicator
app.kubernetes.io/instance: kubernetes-replicator
app.kubernetes.io/version: "v2.7.3"
app.kubernetes.io/managed-by: Helm
roleRef:
kind: ClusterRole
name: kubernetes-replicator
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kubernetes-replicator
namespace: "default"

View File

@ -69,6 +69,15 @@ resources:
- inflated/grafana/templates/podsecuritypolicy.yaml
- inflated/grafana/templates/configmap.yaml
- inflated/grafana/templates/clusterrolebinding.yaml
# kubernetes-replicator
- inflated/kubernetes-replicator/templates/deployment.yaml
- inflated/kubernetes-replicator/templates/rbac.yaml
# external-dns
- inflated/external-dns/templates/serviceaccount.yaml
- inflated/external-dns/templates/deployment.yaml
- inflated/external-dns/templates/service.yaml
- inflated/external-dns/templates/clusterrole.yaml
- inflated/external-dns/templates/clusterrolebinding.yaml
- ingress.yaml
@ -105,6 +114,11 @@ configMapGenerator:
- init-directory-structure.sh=gitea-init-directory-structure.sh
- setup.sh=gitea-setup.sh
secretGenerator:
- name: aws-do-external-dns-credentials
files:
- credentials=secrets/aws-do-external-dns-credentials
patches:
# Patch the ingress-nginx service to expose port 22 for Gitea SSH access.
- target:
@ -116,3 +130,8 @@ patches:
kind: Deployment
name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml
- target:
kind: Deployment
name: external-dns
path: deploy-external-dns.yaml