feat: migrate externaldns from Terraform to ArgoCD #43
@@ -0,0 +1,8 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: externaldns
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: default
|
||||
namespace: externaldns
|
||||
spec:
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
allowedNamespaces:
|
||||
- externaldns
|
||||
kubernetes:
|
||||
role: externaldns
|
||||
serviceAccount: externaldns
|
||||
audiences:
|
||||
- vault
|
||||
tokenExpirationSeconds: 600
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: externaldns-tsig
|
||||
namespace: externaldns
|
||||
spec:
|
||||
vaultAuthRef: default
|
||||
mount: kv
|
||||
type: kv-v2
|
||||
path: service/kubernetes/au/syd1/externaldns/tsig
|
||||
refreshAfter: 5m
|
||||
destination:
|
||||
name: externaldns-tsig
|
||||
create: true
|
||||
rolloutRestartTargets:
|
||||
- kind: Deployment
|
||||
name: externaldns
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../base/externaldns
|
||||
|
||||
helmCharts:
|
||||
- name: external-dns
|
||||
repo: https://kubernetes-sigs.github.io/external-dns/
|
||||
version: "1.19.0"
|
||||
releaseName: externaldns
|
||||
namespace: externaldns
|
||||
valuesFile: values.yaml
|
||||
@@ -0,0 +1,51 @@
|
||||
# Service account configuration
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: externaldns
|
||||
annotations: {}
|
||||
|
||||
# Provider configuration - using new format
|
||||
provider:
|
||||
name: rfc2136
|
||||
|
||||
# Domain filtering
|
||||
domainFilters:
|
||||
- "k8s.syd1.au.unkin.net"
|
||||
- "200.18.198.in-addr.arpa"
|
||||
|
||||
# TXT registry configuration
|
||||
txtOwnerId: "k8s"
|
||||
registry: "txt"
|
||||
|
||||
# Enable deletion of records for dedicated DNS server
|
||||
policy: "sync"
|
||||
|
||||
# Keep default sources
|
||||
sources:
|
||||
- service
|
||||
- ingress
|
||||
|
||||
# Environment variables for TSIG secret and algorithm from Vault
|
||||
env:
|
||||
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: externaldns-tsig
|
||||
key: secret
|
||||
- name: EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: externaldns-tsig
|
||||
key: algorithm
|
||||
|
||||
# RFC2136 configuration as arguments
|
||||
extraArgs:
|
||||
- --rfc2136-host=ausyd1nxvm2127.main.unkin.net
|
||||
- --rfc2136-port=53
|
||||
- --rfc2136-zone=k8s.syd1.au.unkin.net
|
||||
- --rfc2136-zone=200.18.198.in-addr.arpa
|
||||
- --rfc2136-tsig-keyname=externaldns-key
|
||||
- --rfc2136-tsig-secret-alg=$(EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM)
|
||||
- --rfc2136-tsig-axfr
|
||||
- --rfc2136-tsig-secret=$(EXTERNAL_DNS_RFC2136_TSIG_SECRET)
|
||||
- --ingress-class=nginx
|
||||
@@ -14,6 +14,7 @@ spec:
|
||||
- path: apps/overlays/*/cattle-system
|
||||
- path: apps/overlays/*/certificates
|
||||
- path: apps/overlays/*/cert-manager
|
||||
- path: apps/overlays/*/externaldns
|
||||
- path: apps/overlays/*/reflector-system
|
||||
- path: apps/overlays/*/reloader-system
|
||||
- path: apps/overlays/*/jfrog
|
||||
|
||||
@@ -12,6 +12,7 @@ spec:
|
||||
- oci://ghcr.io/woodpecker-ci/helm/woodpecker
|
||||
- https://releases.rancher.com/server-charts/stable
|
||||
- https://charts.jetstack.io
|
||||
- https://kubernetes-sigs.github.io/external-dns/
|
||||
destinations:
|
||||
- namespace: '*-system'
|
||||
server: https://kubernetes.default.svc
|
||||
@@ -21,6 +22,8 @@ spec:
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: 'certificates'
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: 'externaldns'
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: 'jfrog'
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: 'puppet'
|
||||
|
||||
Reference in New Issue
Block a user