From 914f3628612fdba760ce8daead1c7ae77fe13c55 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Tue, 1 Jul 2025 22:41:30 +1000
Subject: [PATCH] Add gpt gen exdns manifest with bind master point.

---
 deployments/dns/externaldns.yaml | 81 ++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 deployments/dns/externaldns.yaml

diff --git a/deployments/dns/externaldns.yaml b/deployments/dns/externaldns.yaml
new file mode 100644
index 0000000..638f403
--- /dev/null
+++ b/deployments/dns/externaldns.yaml
@@ -0,0 +1,81 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+rules:
+  - apiGroups: [""]
+    resources: ["services","endpoints","pods"]
+    verbs: ["get","watch","list"]
+  - apiGroups: ["extensions","networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get","watch","list"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list","watch"]
+  # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.)
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+  - kind: ServiceAccount
+    name: external-dns
+    namespace: external-dns
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: external-dns
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: external-dns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      serviceAccountName: external-dns
+      containers:
+      - name: external-dns
+        image: bitnami/external-dns:latest
+        args:
+          - --source=service
+          - --source=ingress
+          - --provider=rfc2136
+          - --rfc2136-host=bind-master.dns.svc.cluster.local
+          - --rfc2136-port=53
+          - --rfc2136-zone=hxme.net
+          - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET)
+          - --rfc2136-tsig-secret-alg=hmac-sha256
+          - --rfc2136-tsig-keyname=externaldns-key
+          - --rfc2136-tsig-ttl=300
+          - --policy=sync
+          - --registry=txt
+          - --txt-owner-id=my-cluster
+        env:
+            - name: RFC2136_TSIG_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: rfc2136-tsig-secret
+                  key: tsig-secret
+