diff --git a/deployments/dns/externaldns.yaml b/deployments/dns/externaldns.yaml new file mode 100644 index 0000000..638f403 --- /dev/null +++ b/deployments/dns/externaldns.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: + - apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] + # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: + - kind: ServiceAccount + name: external-dns + namespace: external-dns +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: external-dns +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns + namespace: external-dns +spec: + replicas: 1 + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: external-dns + image: bitnami/external-dns:latest + args: + - --source=service + - --source=ingress + - --provider=rfc2136 + - --rfc2136-host=bind-master.dns.svc.cluster.local + - --rfc2136-port=53 + - --rfc2136-zone=hxme.net + - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) + - --rfc2136-tsig-secret-alg=hmac-sha256 + - --rfc2136-tsig-keyname=externaldns-key + - --rfc2136-tsig-ttl=300 + - --policy=sync + - --registry=txt + - --txt-owner-id=my-cluster + env: + - name: RFC2136_TSIG_SECRET + valueFrom: + secretKeyRef: + name: rfc2136-tsig-secret + key: tsig-secret +