Compare commits
2 Commits
e44e15c7cf
...
0d95914e8a
Author | SHA1 | Date |
---|---|---|
Rob Watson | 0d95914e8a | |
Rob Watson | 6e20cea9f8 |
|
@ -0,0 +1,20 @@
|
|||
# Patch external-dns with AWS credentials because helm chart inflation happens
|
||||
# too early.
|
||||
---
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/volumeMounts
|
||||
value:
|
||||
- name: aws-credentials
|
||||
mountPath: /.aws
|
||||
readOnly: true
|
||||
- op: replace
|
||||
path: /spec/template/spec/volumes
|
||||
value:
|
||||
- name: aws-credentials
|
||||
secret:
|
||||
secretName: aws-do-external-dns-credentials
|
||||
- op: add
|
||||
path: /spec/template/spec/containers/0/env
|
||||
value:
|
||||
- name: AWS_SHARED_CREDENTIALS_FILE
|
||||
value: /.aws/credentials
|
|
@ -0,0 +1,92 @@
|
|||
---
|
||||
# Source: external-dns/templates/clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: external-dns
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- pods
|
||||
- nodes
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- "networking.k8s.io"
|
||||
- getambassador.io
|
||||
resources:
|
||||
- ingresses
|
||||
- hosts
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- route.openshift.io
|
||||
resources:
|
||||
- routes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- networking.istio.io
|
||||
resources:
|
||||
- gateways
|
||||
- virtualservices
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- zalando.org
|
||||
resources:
|
||||
- routegroups
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- zalando.org
|
||||
resources:
|
||||
- routegroups/status
|
||||
verbs:
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- projectcontour.io
|
||||
resources:
|
||||
- httpproxies
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- gloo.solo.io
|
||||
- gateway.solo.io
|
||||
resources:
|
||||
- proxies
|
||||
- virtualservices
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- configuration.konghq.com
|
||||
resources:
|
||||
- tcpingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
# Source: external-dns/templates/clusterrolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-dns
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: external-dns
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: external-dns
|
||||
namespace: default
|
|
@ -0,0 +1,106 @@
|
|||
---
|
||||
# Source: external-dns/templates/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: external-dns
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
app.kubernetes.io/instance: external-dns
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
spec:
|
||||
|
||||
securityContext:
|
||||
fsGroup: 1001
|
||||
runAsUser: 1001
|
||||
affinity:
|
||||
podAffinity:
|
||||
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
app.kubernetes.io/instance: external-dns
|
||||
namespaces:
|
||||
- "default"
|
||||
topologyKey: kubernetes.io/hostname
|
||||
weight: 1
|
||||
nodeAffinity:
|
||||
|
||||
serviceAccountName: external-dns
|
||||
containers:
|
||||
- name: external-dns
|
||||
image: "docker.io/bitnami/external-dns:0.11.1-debian-10-r1"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
args:
|
||||
# Generic arguments
|
||||
- --metrics-address=:7979
|
||||
- --log-level=info
|
||||
- --log-format=text
|
||||
- --policy=upsert-only
|
||||
- --provider=aws
|
||||
- --registry=txt
|
||||
- --interval=1m
|
||||
- --source=service
|
||||
- --source=ingress
|
||||
# AWS arguments
|
||||
- --aws-api-retries=3
|
||||
- --aws-zone-type=
|
||||
- --aws-batch-change-size=1000
|
||||
env:
|
||||
# AWS environment variables
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: us-east-1
|
||||
envFrom:
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 7979
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 2
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
volumeMounts:
|
||||
# AWS mountPath(s)
|
||||
- name: aws-credentials
|
||||
mountPath: /.aws
|
||||
readOnly: true
|
||||
volumes:
|
||||
# AWS volume(s)
|
||||
- name: aws-credentials
|
||||
secret:
|
||||
secretName: foo
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
# Source: external-dns/templates/service.yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: external-dns
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 7979
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
selector:
|
||||
app.kubernetes.io/name: external-dns
|
||||
app.kubernetes.io/instance: external-dns
|
||||
type: ClusterIP
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
# Source: external-dns/templates/serviceaccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: external-dns
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns
|
||||
helm.sh/chart: external-dns-6.3.0
|
||||
app.kubernetes.io/instance: external-dns
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
automountServiceAccountToken: true
|
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
# Source: kubernetes-replicator/templates/deployment.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kubernetes-replicator
|
||||
labels:
|
||||
helm.sh/chart: kubernetes-replicator-2.7.3
|
||||
app.kubernetes.io/name: kubernetes-replicator
|
||||
app.kubernetes.io/instance: kubernetes-replicator
|
||||
app.kubernetes.io/version: "v2.7.3"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: kubernetes-replicator
|
||||
app.kubernetes.io/instance: kubernetes-replicator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: kubernetes-replicator
|
||||
app.kubernetes.io/instance: kubernetes-replicator
|
||||
spec:
|
||||
serviceAccountName: kubernetes-replicator
|
||||
securityContext:
|
||||
{}
|
||||
containers:
|
||||
- name: kubernetes-replicator
|
||||
securityContext:
|
||||
{}
|
||||
image: "quay.io/mittwald/kubernetes-replicator:v2.7.3"
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
[]
|
||||
ports:
|
||||
- name: health
|
||||
containerPort: 9102
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: health
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: health
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 1
|
||||
successThreshold: 1
|
||||
failureThreshold: 3
|
||||
resources:
|
||||
{}
|
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
# Source: kubernetes-replicator/templates/rbac.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kubernetes-replicator
|
||||
labels:
|
||||
helm.sh/chart: kubernetes-replicator-2.7.3
|
||||
app.kubernetes.io/name: kubernetes-replicator
|
||||
app.kubernetes.io/instance: kubernetes-replicator
|
||||
app.kubernetes.io/version: "v2.7.3"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
---
|
||||
# Source: kubernetes-replicator/templates/rbac.yaml
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: kubernetes-replicator
|
||||
labels:
|
||||
helm.sh/chart: kubernetes-replicator-2.7.3
|
||||
app.kubernetes.io/name: kubernetes-replicator
|
||||
app.kubernetes.io/instance: kubernetes-replicator
|
||||
app.kubernetes.io/version: "v2.7.3"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "namespaces" ]
|
||||
verbs: [ "get", "watch", "list" ]
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets", "configmaps"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
|
||||
- apiGroups: ["rbac.authorization.k8s.io"]
|
||||
resources: ["roles", "rolebindings"]
|
||||
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
|
||||
---
|
||||
# Source: kubernetes-replicator/templates/rbac.yaml
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: kubernetes-replicator
|
||||
labels:
|
||||
helm.sh/chart: kubernetes-replicator-2.7.3
|
||||
app.kubernetes.io/name: kubernetes-replicator
|
||||
app.kubernetes.io/instance: kubernetes-replicator
|
||||
app.kubernetes.io/version: "v2.7.3"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: kubernetes-replicator
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: kubernetes-replicator
|
||||
namespace: "default"
|
|
@ -69,6 +69,15 @@ resources:
|
|||
- inflated/grafana/templates/podsecuritypolicy.yaml
|
||||
- inflated/grafana/templates/configmap.yaml
|
||||
- inflated/grafana/templates/clusterrolebinding.yaml
|
||||
# kubernetes-replicator
|
||||
- inflated/kubernetes-replicator/templates/deployment.yaml
|
||||
- inflated/kubernetes-replicator/templates/rbac.yaml
|
||||
# external-dns
|
||||
- inflated/external-dns/templates/serviceaccount.yaml
|
||||
- inflated/external-dns/templates/deployment.yaml
|
||||
- inflated/external-dns/templates/service.yaml
|
||||
- inflated/external-dns/templates/clusterrole.yaml
|
||||
- inflated/external-dns/templates/clusterrolebinding.yaml
|
||||
|
||||
- ingress.yaml
|
||||
|
||||
|
@ -105,6 +114,11 @@ configMapGenerator:
|
|||
- init-directory-structure.sh=gitea-init-directory-structure.sh
|
||||
- setup.sh=gitea-setup.sh
|
||||
|
||||
secretGenerator:
|
||||
- name: aws-do-external-dns-credentials
|
||||
files:
|
||||
- credentials=secrets/aws-do-external-dns-credentials
|
||||
|
||||
patches:
|
||||
# Patch the ingress-nginx service to expose port 22 for Gitea SSH access.
|
||||
- target:
|
||||
|
@ -116,3 +130,8 @@ patches:
|
|||
kind: Deployment
|
||||
name: ingress-nginx-controller
|
||||
path: deploy-ingress-nginx.yaml
|
||||
|
||||
- target:
|
||||
kind: Deployment
|
||||
name: external-dns
|
||||
path: deploy-external-dns.yaml
|
||||
|
|
Loading…
Reference in New Issue