0bf6e80d6f
- Add externaldns base ArgoCD application with namespace and Vault integration - Create externaldns overlay for au-syd1 with Helm chart configuration - Update platform ApplicationSet to include externaldns deployment - Configure external-dns v1.19.0 with RFC2136 provider for DNS updates - Maintain one-to-one migration from Terraform configuration including TSIG secrets Reviewed-on: #43
52 lines
1.2 KiB
YAML
52 lines
1.2 KiB
YAML
# Service account configuration
|
|
serviceAccount:
|
|
create: true
|
|
name: externaldns
|
|
annotations: {}
|
|
|
|
# Provider configuration - using new format
|
|
provider:
|
|
name: rfc2136
|
|
|
|
# Domain filtering
|
|
domainFilters:
|
|
- "k8s.syd1.au.unkin.net"
|
|
- "200.18.198.in-addr.arpa"
|
|
|
|
# TXT registry configuration
|
|
txtOwnerId: "k8s"
|
|
registry: "txt"
|
|
|
|
# Enable deletion of records for dedicated DNS server
|
|
policy: "sync"
|
|
|
|
# Keep default sources
|
|
sources:
|
|
- service
|
|
- ingress
|
|
|
|
# Environment variables for TSIG secret and algorithm from Vault
|
|
env:
|
|
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: externaldns-tsig
|
|
key: secret
|
|
- name: EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: externaldns-tsig
|
|
key: algorithm
|
|
|
|
# RFC2136 configuration as arguments
|
|
extraArgs:
|
|
- --rfc2136-host=ausyd1nxvm2127.main.unkin.net
|
|
- --rfc2136-port=53
|
|
- --rfc2136-zone=k8s.syd1.au.unkin.net
|
|
- --rfc2136-zone=200.18.198.in-addr.arpa
|
|
- --rfc2136-tsig-keyname=externaldns-key
|
|
- --rfc2136-tsig-secret-alg=$(EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM)
|
|
- --rfc2136-tsig-axfr
|
|
- --rfc2136-tsig-secret=$(EXTERNAL_DNS_RFC2136_TSIG_SECRET)
|
|
- --ingress-class=nginx
|