mirror of
https://github.com/rocky-linux/peridot.git
synced 2024-12-22 10:48:30 +00:00
77 lines
1.8 KiB
YAML
77 lines
1.8 KiB
YAML
|
apiVersion: v1
|
||
|
kind: Namespace
|
||
|
metadata:
|
||
|
name: external-dns
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: external-dns
|
||
|
namespace: external-dns
|
||
|
annotations:
|
||
|
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/peridot_cert_manager_role
|
||
|
---
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: ClusterRole
|
||
|
metadata:
|
||
|
name: external-dns
|
||
|
namespace: external-dns
|
||
|
rules:
|
||
|
- apiGroups: [""]
|
||
|
resources: ["services","endpoints","pods"]
|
||
|
verbs: ["get","watch","list"]
|
||
|
- apiGroups: ["extensions","networking.k8s.io"]
|
||
|
resources: ["ingresses"]
|
||
|
verbs: ["get","watch","list"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["nodes"]
|
||
|
verbs: ["list","watch"]
|
||
|
- apiGroups: ["networking.istio.io"]
|
||
|
resources: ["gateways", "virtualservices"]
|
||
|
verbs: ["get", "watch", "list"]
|
||
|
---
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: ClusterRoleBinding
|
||
|
metadata:
|
||
|
name: external-dns-viewer
|
||
|
namespace: external-dns
|
||
|
roleRef:
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
kind: ClusterRole
|
||
|
name: external-dns
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: external-dns
|
||
|
namespace: external-dns
|
||
|
---
|
||
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
name: external-dns
|
||
|
namespace: external-dns
|
||
|
spec:
|
||
|
strategy:
|
||
|
type: Recreate
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: external-dns
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app: external-dns
|
||
|
spec:
|
||
|
serviceAccountName: external-dns
|
||
|
containers:
|
||
|
- name: external-dns
|
||
|
image: k8s.gcr.io/external-dns/external-dns:v0.7.6
|
||
|
args:
|
||
|
- --source=istio-virtualservice
|
||
|
- --domain-filter=build.resf.org
|
||
|
- --provider=aws
|
||
|
- --aws-zone-type=public
|
||
|
- --registry=txt
|
||
|
- --txt-owner-id=peridotprod
|
||
|
- --txt-prefix=peridotprod
|
||
|
securityContext:
|
||
|
fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes and AWS token files
|