Added external dns for testing

apps/external-dns/clusterrole.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+rules:
+  - apiGroups: [""]
+    resources: ["services", "endpoints", "pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list", "watch"]

apps/external-dns/clusterrolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+  - kind: ServiceAccount
+    name: external-dns
+    namespace: external-dns

apps/external-dns/deployment.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      serviceAccountName: external-dns
+      containers:
+        - name: external-dns
+          image: registry.k8s.io/external-dns/external-dns:v0.15.1
+          # If authentication is disabled and/or you didn't create
+          # a secret, you can remove this block.
+          args:
+            - --source=service
+            # Pihole only supports A/AAAA/CNAME records so there is no mechanism to track ownership.
+            # You don't need to set this flag, but if you leave it unset, you will receive warning
+            # logs when ExternalDNS attempts to create TXT records.
+            - --registry=noop
+            # IMPORTANT: If you have records that you manage manually in Pi-hole, set
+            # the policy to upsert-only so they do not get deleted.
+            - --policy=upsert-only
+            - --provider=pihole
+            # Change this to the actual address of your Pi-hole web server
+            - --pihole-server=http://10.0.0.2:8888
+            - --pihole-password=1234
+      securityContext:
+        fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes token files

apps/external-dns/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: external-dns
+resources:
+  - ./namespace.yaml
+  - ./serviceaccount.yaml
+  - ./clusterrole.yaml
+  - ./clusterrolebinding.yaml
+  - ./deployment.yaml

apps/external-dns/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-dns

apps/external-dns/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns

apps/kustomization.yaml

@@ -9,3 +9,4 @@ resources:
   - ./whoami.yaml
   - ./akri-demo.yaml
   - ./minecraft
+  - ./external-dns

apps/minecraft/helmrelease.yaml

@@ -18,6 +18,8 @@ spec:
       difficulty: hard
       serviceType: LoadBalancer
       externalTrafficPolicy: Local
+    serviceAnnotations:
+      external-dns.alpha.kubernetes.io/hostname: mc.svc.${domain}
     persistence:
       dataDir:
         enabled: true