use octodns
This commit is contained in:
3
.gitmodules
vendored
Normal file
3
.gitmodules
vendored
Normal file
@@ -0,0 +1,3 @@
|
||||
[submodule "infrastructure/external-dns/octodns"]
|
||||
path = infrastructure/external-dns/octodns
|
||||
url = ssh://git@git.kluster.moll.re:2222/remoll/dns.git
|
||||
18
infrastructure/external-dns/cloudflare-api.sealedsecret.yaml
Normal file
18
infrastructure/external-dns/cloudflare-api.sealedsecret.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api
|
||||
namespace: external-dns
|
||||
spec:
|
||||
encryptedData:
|
||||
CLOUDFLARE_ACCOUNT_ID: AgCq4cWeBKbpqC4MgM2qkDgThjpmuOBMAA76SrOQqV7xW7KQaqkcVgwpdSWpcI3nhkx+5bdrm4RrwU4T5+svWN7TGu9BK003b0aHEkJwi0R5EQhVqCrmc9544rUrUHbfO5zgQtzU05zxs2jigs8YRJ1xEL0RzQ5scYUj385kzasdCqaHLNx5SLE0eCDBOcoOaqdorrZN3JpvM9ObNtGAUVb+zLNac3CAtQnG4ZxcClcr6t23ybwXdq1h2q6JPauet6kW+SViaE99AbqW7UPTZ5JfQ+KRl3Sz4JiqwO17qWc8gSLrU/V2fOrjqszxcRPC8u0N9YDZQeKCcSTIq/iMG9Jjuqwpr6G9D6rfNFuXzMCWgG/u80TTbnKVF+OKjUvX9jMyQjp6C3MyL14qLWTCkLsB1gfvg9nddC+AWmR1tV9rxNDQp8RS0aPHzuICNx6BfRIT/IGk7RpSppZyYYzdhtPjpcZICp2YpXFX0djFQmnTs1H56TNek9NVsx8A73jUGp0yq7d4WNY9zWPz1sV6qZYIiStwq1gD/pAZ7UE3aRjfdY4T+AgaUvUhHNSgjazkA3cty7xj80gHe9/ys8xrUAZB2ang2bvk9/UuwuqUZQdbLrWboI2phoUp48ZA2GEOvDa0mysFI8+inTBSXR0nQTO5j3FVp2tbYytQhN9w7ND3gvvHXc1iobL6IsqygWfnoyCTlH5lpnVTJY8ZRJiojxMUVsL1alut3LcOJc5bv2FBcA==
|
||||
CLOUDFLARE_API_TOKEN: AgCiMDrPuEmucL5ZWMP6iA5VYQ+GRu7lJwyKgleitrNeFuiFOYcUg3zC+q3zot9xTTcZSTknzvT97lbvO8pIuN0HqSoL5DOi+b06Tl8vQ+LDPbjMRonULzt69EaRuU0XZIW0cPd5LxLVrRmKkNoV2y0z7BHZuR0GGGd5esfSLmUx9AJj27MQC+ucAV3QtyXaAoNtgK+E4h6ZlhIzUWGijtrBKc+A5oCtg3TunXvJ7EhiFDaWCvlNQAakrxrffT7GEmJcMN2j2ZMzChlMB6dpvH9xy7aj59JaQJHdzr8J5LU3n5aTDTZbRYAQNiYe6M/nmiiVWdob3XeZNXSdjskrw/sb6EIZbTeckVxQK0lbSoQ9ER5ihgL/WpKNRJytksm/7c0FD7NI4rBdyn7YrIllVUnQX/g7MOfNRdrveW47mNl2m2/y8jHBguYXn21YLTqKaZvRydtsJ1h+UnFyMmM7h5vH3iJ4WGdE7UHNitvZU5FuvcaZU79Xmd7KzG/Bo1NoPQFZ8bBteHoDYy7M9ROXXjVsXq60pLL8MO7nHz2XWKTu8QxgoehxW+xksN4HUZw1u4mcVo0vHAdoAn747MrEL0E58c1a7L9XMOlgofFshFbgOC6ieI2hbge5huVFTIlevxSzAGMYIZ6QcUPnKBdyayC2Njmgpeh5xGl8NV5Mt6v92wI5mzLVH9UblmbcfMuf4FJx2UprUSXdC6dc6XeaghXGJDHK2hEyoIwuqb4nRp2nlrYCfUYs8UbU
|
||||
CLOUDFLARE_EMAIL: AgCuaYGqT6kY2bMazYHkzFe09btYA6NT3GpX7ZOyJceplv3IKGxl4b9FRuGI22qtzV2B7y/g2lRpeLMsFobk8sIRsk76wBE5LzQ6WdM3rXQ1QvIIodrzwlcwNreafh7vad85zcVb5RDMcTJGmkNAwGkThfmUIlUpuUBEgbc6q1KHUxVCjKFRUMvhhHMT3sQQBwwbfg2uQLP5AivC9VJXiKIw0JXc5VAWw9HbMjtagD+dW2VEwauTi3DHHTaTYfl2Jbuhcr3HtVj4cskWMkR5R8A7KugizBxfU0Gr2ac+DGG7MxN681GtmtgGymjzCdJBDrnu5B2xh12XHbl3/U5WBGb5m9OghtkbWJVpEKmypLqYpYfbWx+Kv9ryNOH8NnKoWruNTNx0bGSIeU9ZYgg3dnvT/7P7cMLJurWry8TfWcs+Q6n4P9Rhml5tYAx3Pgqew1GZgnq37ZxjSSrr8oAMoDMIOvX55Ip1MQZEeTLGTvaU47Tuc/nNqB7whTu9cskYafGIK8dKk/f33RnXWiy8JMRMjVIbj4MMbQHkxXhrvfjwDj+h00nARbSToc+7Vs7IFKbGSrss8YvyfDsKMnu8C3YU2Bj0D44IK8pxI7Onrme6SO9tUd7+rdojZFKONQZpQlRfeUNEReHwe8rFqfnkWgCN9M8xga3u4jDsFXyURXbfD9kHHkjeeoqr35gwyjOVR93iyheB/HldmH5J9LD0myLabTg5
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api
|
||||
namespace: external-dns
|
||||
type: Opaque
|
||||
@@ -1,16 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api
|
||||
namespace: external-dns
|
||||
spec:
|
||||
encryptedData:
|
||||
api-token: AgCk1ymW3g9a6kIqpZtjeaeVYB/gGw06bs7E8u2MWX0wJlegoYW5uRJ52QhKZJrD7Omh609WdfXaJlZFByteNWWUEpUO+AkpFXvUd0y8qazEzdRkhDuJBCcRS0Gi9p/FgmqOQ7q0ot3vKMPA0sqmNFeKrG1b8wCyLVbuoYSX2WD4LE1ibVUyeTBXuLTVQy+XnEI2CnQ/sq7tAHGpHxOrLqGdcW5CzVPxva1TBtBrYG9DxFpX08IaG1dIXNCm4tpCSAoceSfgTRtbWZEg2Y0MovxYS79t7NTqx7odLeZnTeqAcM0hE+fCHUwMk03MKtGhe88K9xsCKqZBe/qrY/t+1LNug0p26HoO4tjqGgXjKNEkk1Fpp2UuNq0GEJOgitIoo/TGAR4mefBZZ6KinHYTw3D3nQKphU7pDy9a5ivH+aFO+Bm7vlRvyAtjK4SHbPQOZDmbE/jkkgVZ6yP4koPMTibyLeY2gTPs3Dvviq6BhanUaAQSgjujU0T+9FagC2wKQdppzJCx0wcD9vWSn1Dikhb9SfpicTnztAKH3Ww7fA/siZvuJmMRB40e7rGXZqG3esMNtptlnt8mGlfWG4MzJ4dyRT7M67lfJVC8yDxHlGWyJic6eDEFxfzvBmiZg9kwA0GwkBFf0w/iIgXlkHlKCg8WBMa9U2gTPxcOiMJMlDi1m/NkwhrOL39++WThcP9ahJNoSkhV8feWJ632vP21ldd15TiOcr+hTOxTPj2u252X/i7OOJTgzmf5
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: cloudflare-api
|
||||
namespace: external-dns
|
||||
type: Opaque
|
||||
52
infrastructure/external-dns/cronjob.yaml
Normal file
52
infrastructure/external-dns/cronjob.yaml
Normal file
@@ -0,0 +1,52 @@
|
||||
apiVersion: batch/v1beta1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: octodns-deployment
|
||||
spec:
|
||||
schedule: "*/1 * * * *"
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: git
|
||||
image: alpine/git
|
||||
command: ["git"]
|
||||
args:
|
||||
- clone
|
||||
- https://git.kluster.moll.re/remoll/dns.git
|
||||
- /etc/octodns/dns
|
||||
volumeMounts:
|
||||
- name: octodns-config
|
||||
mountPath: /etc/octodns
|
||||
|
||||
- name: octodns
|
||||
image: octodns
|
||||
env:
|
||||
- name: CLOUDFLARE_ACCOUNT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cloudflare-api
|
||||
key: CLOUDFLARE_ACCOUNT_ID
|
||||
- name: CLOUDFLARE_API_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cloudflare-api
|
||||
key: CLOUDFLARE_API_TOKEN
|
||||
- name: CLOUDFLARE_EMAIL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cloudflare-api
|
||||
key: CLOUDFLARE_EMAIL
|
||||
|
||||
command: ["octodns-sync"]
|
||||
args:
|
||||
- octodns-sync --config-file /etc/octodns/config.yaml # --doit
|
||||
volumeMounts:
|
||||
- name: octodns-config
|
||||
mountPath: /etc/octodns
|
||||
|
||||
volumes:
|
||||
- name: octodns-config
|
||||
emptyDir: {}
|
||||
restartPolicy: Never
|
||||
@@ -1,29 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: external-dns
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: external-dns
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: external-dns
|
||||
spec:
|
||||
serviceAccountName: external-dns
|
||||
containers:
|
||||
- name: external-dns
|
||||
image: external-dns
|
||||
args:
|
||||
- --source=traefik-proxy
|
||||
- --domain-filter=moll.re
|
||||
- --provider=cloudflare
|
||||
env:
|
||||
- name: CF_API_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cloudflare-api
|
||||
key: api-token
|
||||
@@ -5,11 +5,10 @@ namespace: external-dns
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- cloudflare.sealedsecret.yaml
|
||||
- deployment.yaml
|
||||
- rbac.yaml
|
||||
- cloudflare-api.sealedsecret.yaml
|
||||
- cronjob.yaml
|
||||
|
||||
images:
|
||||
- name: external-dns
|
||||
newName: registry.k8s.io/external-dns/external-dns
|
||||
newTag: v0.14.0
|
||||
- name: octodns
|
||||
newName: octodns/octodns # has all plugins
|
||||
newTag: "2023.12"
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: external-dns
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: external-dns
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services","endpoints","pods"]
|
||||
verbs: ["get","watch","list"]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["list","watch"]
|
||||
- apiGroups: ["traefik.containo.us","traefik.io"]
|
||||
resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"]
|
||||
verbs: ["get","watch","list"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-dns-viewer
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: external-dns
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: external-dns
|
||||
namespace: external-dns
|
||||
Reference in New Issue
Block a user