9dde582cc2
https://github.com/kubernetes-sigs/external-dns/issues/6247 these are still using the alpha crd names. the feature has not been released for externaldns yet. we would need to build our own version of externaldns from master (or wait) - disable tlsroute/udproute
57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
# Service account configuration
|
|
serviceAccount:
|
|
create: true
|
|
name: externaldns
|
|
annotations: {}
|
|
|
|
# Provider configuration - using new format
|
|
provider:
|
|
name: rfc2136
|
|
|
|
# Domain filtering
|
|
domainFilters:
|
|
- "k8s.syd1.au.unkin.net"
|
|
- "200.18.198.in-addr.arpa"
|
|
|
|
# TXT registry configuration
|
|
txtOwnerId: "k8s"
|
|
registry: "txt"
|
|
|
|
# Enable deletion of records for dedicated DNS server
|
|
policy: "sync"
|
|
|
|
# Keep default sources
|
|
sources:
|
|
- service
|
|
- ingress
|
|
- gateway-httproute
|
|
- gateway-grpcroute
|
|
- gateway-tcproute
|
|
|
|
# Environment variables for TSIG secret and algorithm from Vault
|
|
env:
|
|
- name: EXTERNAL_DNS_RFC2136_TSIG_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: externaldns-tsig
|
|
key: secret
|
|
- name: EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: externaldns-tsig
|
|
key: algorithm
|
|
|
|
# RFC2136 configuration as arguments
|
|
extraArgs:
|
|
- --rfc2136-host=ausyd1nxvm2127.main.unkin.net
|
|
- --rfc2136-port=53
|
|
- --rfc2136-zone=k8s.syd1.au.unkin.net
|
|
- --rfc2136-zone=200.18.198.in-addr.arpa
|
|
- --rfc2136-tsig-keyname=externaldns-key
|
|
- --rfc2136-tsig-secret-alg=$(EXTERNAL_DNS_RFC2136_TSIG_ALGORITHM)
|
|
- --rfc2136-tsig-axfr
|
|
- --rfc2136-tsig-secret=$(EXTERNAL_DNS_RFC2136_TSIG_SECRET)
|
|
- --ingress-class=nginx
|
|
|
|
logLevel: debug
|