mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2025-08-07 01:56:57 +02:00
Merge pull request #4577 from pier-oliviert/helm-route-53-docs
AWS: Change documentation to use Helm values
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
852087e21c
@ -418,7 +418,7 @@ Finally, install the ExternalDNS chart with Helm using the configuration specifi
|
|||||||
helm upgrade --install external-dns external-dns/external-dns --values values.yaml
|
helm upgrade --install external-dns external-dns/external-dns --values values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
### Manifest (for clusters without RBAC enabled)
|
### When using clusters without RBAC enabled
|
||||||
|
|
||||||
Save the following below as `externaldns-no-rbac.yaml`.
|
Save the following below as `externaldns-no-rbac.yaml`.
|
||||||
|
|
||||||
@ -475,99 +475,40 @@ kubectl create --filename externaldns-no-rbac.yaml \
|
|||||||
--namespace ${EXTERNALDNS_NS:-"default"}
|
--namespace ${EXTERNALDNS_NS:-"default"}
|
||||||
```
|
```
|
||||||
|
|
||||||
### Manifest (for clusters with RBAC enabled)
|
### When using clusters with RBAC enabled
|
||||||
|
|
||||||
Save the following below as `externaldns-with-rbac.yaml`.
|
If you're using EKS, you can update the `values.yaml` file you created earlier to include the annotations to link the Role ARN you created before.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# comment out sa if it was previously created
|
provider:
|
||||||
apiVersion: v1
|
name: aws
|
||||||
kind: ServiceAccount
|
serviceAccount:
|
||||||
metadata:
|
annotations:
|
||||||
name: external-dns
|
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${EXTERNALDNS_ROLE_NAME:-"external-dns"}
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: external-dns
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: external-dns
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: external-dns
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["services","endpoints","pods","nodes"]
|
|
||||||
verbs: ["get","watch","list"]
|
|
||||||
- apiGroups: ["extensions","networking.k8s.io"]
|
|
||||||
resources: ["ingresses"]
|
|
||||||
verbs: ["get","watch","list"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: external-dns-viewer
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: external-dns
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: external-dns
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: external-dns
|
|
||||||
namespace: default # change to desired namespace: externaldns, kube-addons
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: external-dns
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: external-dns
|
|
||||||
spec:
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: external-dns
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: external-dns
|
|
||||||
spec:
|
|
||||||
serviceAccountName: external-dns
|
|
||||||
containers:
|
|
||||||
- name: external-dns
|
|
||||||
image: registry.k8s.io/external-dns/external-dns:v0.14.2
|
|
||||||
args:
|
|
||||||
- --source=service
|
|
||||||
- --source=ingress
|
|
||||||
- --domain-filter=example.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
|
|
||||||
- --provider=aws
|
|
||||||
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
|
|
||||||
- --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
|
|
||||||
- --registry=txt
|
|
||||||
- --txt-owner-id=external-dns
|
|
||||||
env:
|
|
||||||
- name: AWS_DEFAULT_REGION
|
|
||||||
value: us-east-1 # change to region where EKS is installed
|
|
||||||
# # Uncommend below if using static credentials
|
|
||||||
# - name: AWS_SHARED_CREDENTIALS_FILE
|
|
||||||
# value: /.aws/credentials
|
|
||||||
# volumeMounts:
|
|
||||||
# - name: aws-credentials
|
|
||||||
# mountPath: /.aws
|
|
||||||
# readOnly: true
|
|
||||||
# volumes:
|
|
||||||
# - name: aws-credentials
|
|
||||||
# secret:
|
|
||||||
# secretName: external-dns
|
|
||||||
```
|
```
|
||||||
|
|
||||||
When ready deploy:
|
If you need to provide credentials directly using a secret (ie. You're not using EKS), you can change the `values.yaml` file to include volume and volume mounts.
|
||||||
|
|
||||||
```bash
|
```yaml
|
||||||
kubectl create --filename externaldns-with-rbac.yaml \
|
provider:
|
||||||
--namespace ${EXTERNALDNS_NS:-"default"}
|
name: aws
|
||||||
|
env:
|
||||||
|
- name: AWS_SHARED_CREDENTIALS_FILE
|
||||||
|
value: /etc/aws/credentials/my_credentials
|
||||||
|
extraVolumes:
|
||||||
|
- name: aws-credentials
|
||||||
|
secret:
|
||||||
|
secretName: external-dns # In this example, the secret will have the data stored in a key named `my_credentials`
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: aws-credentials
|
||||||
|
mountPath: /etc/aws/credentials
|
||||||
|
readOnly: true
|
||||||
|
```
|
||||||
|
|
||||||
|
When ready, update your Helm installation:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
helm upgrade --install external-dns external-dns/external-dns --values values.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Arguments
|
## Arguments
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user