diff --git a/apps/external-dns/clusterrole.yaml b/apps/external-dns/clusterrole.yaml new file mode 100644 index 0000000..adbef1f --- /dev/null +++ b/apps/external-dns/clusterrole.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: + - apiGroups: [""] + resources: ["services", "endpoints", "pods"] + verbs: ["get", "watch", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "watch"] diff --git a/apps/external-dns/clusterrolebinding.yaml b/apps/external-dns/clusterrolebinding.yaml new file mode 100644 index 0000000..7d6aa5b --- /dev/null +++ b/apps/external-dns/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: + - kind: ServiceAccount + name: external-dns + namespace: external-dns diff --git a/apps/external-dns/deployment.yaml b/apps/external-dns/deployment.yaml new file mode 100644 index 0000000..a24bf54 --- /dev/null +++ b/apps/external-dns/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: external-dns + image: registry.k8s.io/external-dns/external-dns:v0.15.1 + # If authentication is disabled and/or you didn't create + # a secret, you can remove this block. + args: + - --source=service + # Pihole only supports A/AAAA/CNAME records so there is no mechanism to track ownership. + # You don't need to set this flag, but if you leave it unset, you will receive warning + # logs when ExternalDNS attempts to create TXT records. + - --registry=noop + # IMPORTANT: If you have records that you manage manually in Pi-hole, set + # the policy to upsert-only so they do not get deleted. + - --policy=upsert-only + - --provider=pihole + # Change this to the actual address of your Pi-hole web server + - --pihole-server=http://10.0.0.2:8888 + - --pihole-password=1234 + securityContext: + fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes token files diff --git a/apps/external-dns/kustomization.yaml b/apps/external-dns/kustomization.yaml new file mode 100644 index 0000000..2894c31 --- /dev/null +++ b/apps/external-dns/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: external-dns +resources: + - ./namespace.yaml + - ./serviceaccount.yaml + - ./clusterrole.yaml + - ./clusterrolebinding.yaml + - ./deployment.yaml diff --git a/apps/external-dns/namespace.yaml b/apps/external-dns/namespace.yaml new file mode 100644 index 0000000..d18e962 --- /dev/null +++ b/apps/external-dns/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns diff --git a/apps/external-dns/serviceaccount.yaml b/apps/external-dns/serviceaccount.yaml new file mode 100644 index 0000000..5b02240 --- /dev/null +++ b/apps/external-dns/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 88746dd..513df92 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -9,3 +9,4 @@ resources: - ./whoami.yaml - ./akri-demo.yaml - ./minecraft + - ./external-dns diff --git a/apps/minecraft/helmrelease.yaml b/apps/minecraft/helmrelease.yaml index 487e8ec..4f6c3df 100644 --- a/apps/minecraft/helmrelease.yaml +++ b/apps/minecraft/helmrelease.yaml @@ -18,6 +18,8 @@ spec: difficulty: hard serviceType: LoadBalancer externalTrafficPolicy: Local + serviceAnnotations: + external-dns.alpha.kubernetes.io/hostname: mc.svc.${domain} persistence: dataDir: enabled: true