From 914f3628612fdba760ce8daead1c7ae77fe13c55 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 22:41:30 +1000 Subject: [PATCH 1/3] Add gpt gen exdns manifest with bind master point. --- deployments/dns/externaldns.yaml | 81 ++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 deployments/dns/externaldns.yaml diff --git a/deployments/dns/externaldns.yaml b/deployments/dns/externaldns.yaml new file mode 100644 index 0000000..638f403 --- /dev/null +++ b/deployments/dns/externaldns.yaml @@ -0,0 +1,81 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: + - apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] + # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: + - kind: ServiceAccount + name: external-dns + namespace: external-dns +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: external-dns +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns + namespace: external-dns +spec: + replicas: 1 + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: external-dns + image: bitnami/external-dns:latest + args: + - --source=service + - --source=ingress + - --provider=rfc2136 + - --rfc2136-host=bind-master.dns.svc.cluster.local + - --rfc2136-port=53 + - --rfc2136-zone=hxme.net + - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) + - --rfc2136-tsig-secret-alg=hmac-sha256 + - --rfc2136-tsig-keyname=externaldns-key + - --rfc2136-tsig-ttl=300 + - --policy=sync + - --registry=txt + - --txt-owner-id=my-cluster + env: + - name: RFC2136_TSIG_SECRET + valueFrom: + secretKeyRef: + name: rfc2136-tsig-secret + key: tsig-secret + From 57610517ed13e7f05b6bc3d74501d9696e5bcbb9 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 22:42:24 +1000 Subject: [PATCH 2/3] Move prometheus into monitoring --- deployments/{operators => monitoring}/prometheus.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename deployments/{operators => monitoring}/prometheus.yaml (100%) diff --git a/deployments/operators/prometheus.yaml b/deployments/monitoring/prometheus.yaml similarity index 100% rename from deployments/operators/prometheus.yaml rename to deployments/monitoring/prometheus.yaml From 8a3e96af1b68cbe1e16bb36c5d8dae678e9daab6 Mon Sep 17 00:00:00 2001 From: j Date: Tue, 1 Jul 2025 22:42:37 +1000 Subject: [PATCH 3/3] Remove dupe namespace dec --- deployments/monitoring/prometheus.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/deployments/monitoring/prometheus.yaml b/deployments/monitoring/prometheus.yaml index 6efbe86..3372aab 100644 --- a/deployments/monitoring/prometheus.yaml +++ b/deployments/monitoring/prometheus.yaml @@ -1,9 +1,4 @@ --- -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring ---- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: