CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Add ExternalDNS configuration and setup script for Cloudflare integration

Browse Source
This commit is contained in:
Paul Payne
2025-05-05 09:43:28 -07:00
parent 1b8604db79
commit 405a4bc306
4 changed files with 67 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
infrastructure_setup/externaldns/README.md Normal file
View File

@@ -0,0 +1,14 @@
# External DNS
See: https://github.com/kubernetes-sigs/external-dns
ExternalDNS allows you to keep selected zones (via --domain-filter) synchronized with Ingresses and Services of type=LoadBalancer and nodes in various DNS providers.
Currently, we are only configured to use CloudFlare.
Docs: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/cloudflare.md
Any Ingress that has metatdata.annotions with
external-dns.alpha.kubernetes.io/hostname: `<something>.${DOMAIN}`
will have Cloudflare records created by External DNS.

44
infrastructure_setup/externaldns/externaldns.yaml → infrastructure_setup/externaldns/externaldns-cloudflare.yaml
View File

@@ -1,38 +1,5 @@
--- ---
apiVersion: v1 # CloudFlare provider for ExternalDNS
kind: ServiceAccount
metadata:
name: external-dns
namespace: externaldns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services", "endpoints", "pods"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: externaldns
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@@ -56,14 +23,17 @@ spec:
args: args:
- --source=service - --source=service
- --source=ingress - --source=ingress
- --provider=cloudflare
- --txt-owner-id=${OWNER_ID} - --txt-owner-id=${OWNER_ID}
- --log-level=debug - --provider=cloudflare
- --domain-filter=${DOMAIN}
#- --exclude-domains=internal.${DOMAIN}
- --cloudflare-dns-records-per-page=5000
- --publish-internal-services - --publish-internal-services
- --no-cloudflare-proxied - --no-cloudflare-proxied
- --log-level=debug
env: env:
- name: CF_API_TOKEN - name: CF_API_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: cloudflare-api-token name: cloudflare-api-token
key: api-token key: api-token

35
infrastructure_setup/externaldns/externaldns-rbac.yaml Normal file
View File

@@ -0,0 +1,35 @@
---
# Common RBAC resources for all ExternalDNS deployments
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: externaldns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services", "endpoints", "pods"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: externaldns

14
infrastructure_setup/setup-externaldns.sh
View File

@@ -28,16 +28,24 @@ else
exit 1 exit 1
fi fi
# Apply common RBAC resources
echo "Deploying ExternalDNS RBAC resources..."
cat ${SCRIPT_DIR}/externaldns/externaldns-rbac.yaml | envsubst | kubectl apply -f -
# Apply ExternalDNS manifests with environment variables # Apply ExternalDNS manifests with environment variables
echo "Deploying ExternalDNS..." echo "Deploying ExternalDNS for external DNS (Cloudflare)..."
cat ${SCRIPT_DIR}/externaldns/externaldns.yaml | envsubst | kubectl apply -f - cat ${SCRIPT_DIR}/externaldns/externaldns-cloudflare.yaml | envsubst | kubectl apply -f -
# Wait for ExternalDNS to be ready # Wait for ExternalDNS to be ready
echo "Waiting for ExternalDNS to be ready..." echo "Waiting for Cloudflare ExternalDNS to be ready..."
kubectl rollout status deployment/external-dns -n externaldns --timeout=60s kubectl rollout status deployment/external-dns -n externaldns --timeout=60s
# echo "Waiting for CoreDNS ExternalDNS to be ready..."
# kubectl rollout status deployment/external-dns-coredns -n externaldns --timeout=60s
echo "ExternalDNS setup complete!" echo "ExternalDNS setup complete!"
echo "" echo ""
echo "To verify the installation:" echo "To verify the installation:"
echo " kubectl get pods -n externaldns" echo " kubectl get pods -n externaldns"
echo " kubectl logs -n externaldns -l app=external-dns -f" echo " kubectl logs -n externaldns -l app=external-dns -f"
echo " kubectl logs -n externaldns -l app=external-dns-coredns -f"