2020-10-01 ML: add config file for create the ExternalDNS component

f5deba40 · Marco Lorini · cfc6aba1 · f5deba40 · f5deba40
Commit f5deba40 authored Oct 01, 2020 by Marco Lorini
--- a/externalDNS/externaldns.yaml
+++ b/externalDNS/externaldns.yaml
+# create_externaldns.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: fed-namespace
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      # Only use if you're also using RBAC
+      serviceAccountName: external-dns
+      containers:
+      - name: external-dns
+        image: registry.opensource.zalan.do/teapot/external-dns:latest
+        args:
+        - --source=crd # or service or ingress
+        - --crd-source-apiversion=multiclusterdns.kubefed.io/v1alpha1
+        - --crd-source-kind=DNSEndpoint
+        - --provider=pdns
+        - --pdns-server=http://<ip>:<port>
+        - --pdns-api-key=<api-key>
+        - --registry=txt
+        - --txt-prefix=cname
+        - --domain-filter=<domain> # will make ExternalDNS see only the zones matching provided domain; omit to process all available zones in PowerDNS 
+        - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
--- a/externalDNS/rbac_externaldns.yaml
+++ b/externalDNS/rbac_externaldns.yaml
+# create_rbac_externaldns.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: fed-namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: external-dns
+  namespace: fed-namespace
+rules:
+- apiGroups: [""]
+  resources: ["services","endpoints","pods"]
+  verbs: ["get","watch","list"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses"]
+  verbs: ["get","watch","list"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get","watch","list"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+  namespace: fed-namespace
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: fed-namespace