RFC2136: Update tutorial to show Helm example with TSIG in secret

This commit is contained in:
Bas Janssen 2025-04-24 13:13:15 +02:00
parent f6cd8b9bab
commit 7d57ac2394

View File

@ -497,6 +497,35 @@ external-dns \
--rfc2136-insecure
```
### Helm
```yaml
extraArgs:
- --rfc2136-host="dns-host-1.yourdomain.com"
- --rfc2136-port=53
- --rfc2136-zone=example.com
- --rfc2136-tsig-secret-alg=hmac-sha256
- --rfc2136-tsig-axfr
env:
- name: "EXTERNAL_DNS_RDC2136_TSIG_SECRET"
valueFrom:
secretKeyRef:
name: rfc2136-keys
key: rfc2136-tsig-secret
- name: "EXTERNAL_DNS_RDC2136_TSIG_KEYNAME"
valueFrom:
secretKeyRef:
name: rfc2136-keys
key: rfc2136-tsig-keyname
```
#### Secret creation
```shell
kubectl create secret generic rfc2136-keys --from-literal=rfc2136-tsig-secret='xxx' --from-literal=rfc2136-tsig-keyname='k8s-external-dns-key' -n external-dns
```
### Benefits
- Distributes the load of DNS updates across multiple data centers, preventing any single DC from becoming a bottleneck.