Setup dir rename.

setup/cluster-services/externaldns/README.md

@@ -0,0 +1,14 @@
+# External DNS
+
+See: https://github.com/kubernetes-sigs/external-dns
+
+ExternalDNS allows you to keep selected zones (via --domain-filter) synchronized with Ingresses and Services of type=LoadBalancer and nodes in various DNS providers.
+
+Currently, we are only configured to use CloudFlare.
+
+Docs: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/cloudflare.md
+
+Any Ingress that has metatdata.annotions with
+external-dns.alpha.kubernetes.io/hostname: `<something>.${DOMAIN}`
+
+will have Cloudflare records created by External DNS.

setup/cluster-services/externaldns/install.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -e
+set -o pipefail
+
+# Initialize Wild-Cloud environment
+if [ -z "${WC_ROOT}" ]; then
+    print "WC_ROOT is not set."
+    exit 1
+else
+    source "${WC_ROOT}/scripts/common.sh"
+    init_wild_env
+fi
+
+CLUSTER_SETUP_DIR="${WC_HOME}/setup/cluster"
+EXTERNALDNS_DIR="${CLUSTER_SETUP_DIR}/externaldns"
+
+print_header "Setting up ExternalDNS"
+
+# Collect required configuration variables
+print_info "Collecting ExternalDNS configuration..."
+
+# Prompt for configuration using helper functions
+prompt_if_unset_config "cluster.externalDns.ownerId" "Enter ExternalDNS owner ID (unique identifier for this cluster)" "wild-cloud-$(hostname -s)"
+
+print_success "Configuration collected successfully"
+
+# Templates should already be compiled by wild-cluster-services-generate
+echo "Using pre-compiled ExternalDNS templates..."
+if [ ! -d "${EXTERNALDNS_DIR}/kustomize" ]; then
+    echo "Error: Compiled templates not found. Run 'wild-cluster-services-generate' first."
+    exit 1
+fi
+
+echo "Setting up ExternalDNS..."
+
+# Apply ExternalDNS manifests using kustomize
+echo "Deploying ExternalDNS..."
+kubectl apply -k ${EXTERNALDNS_DIR}/kustomize
+
+# Setup Cloudflare API token secret
+echo "Creating Cloudflare API token secret..."
+CLOUDFLARE_API_TOKEN=$(wild-secret cloudflare.token) || exit 1
+kubectl create secret generic cloudflare-api-token \
+  --namespace externaldns \
+  --from-literal=api-token="${CLOUDFLARE_API_TOKEN}" \
+  --dry-run=client -o yaml | kubectl apply -f -
+
+# Wait for ExternalDNS to be ready
+echo "Waiting for Cloudflare ExternalDNS to be ready..."
+kubectl rollout status deployment/external-dns -n externaldns --timeout=60s
+
+# echo "Waiting for CoreDNS ExternalDNS to be ready..."
+# kubectl rollout status deployment/external-dns-coredns -n externaldns --timeout=60s
+
+echo "ExternalDNS setup complete!"
+echo ""
+echo "To verify the installation:"
+echo "  kubectl get pods -n externaldns"
+echo "  kubectl logs -n externaldns -l app=external-dns -f"
+echo "  kubectl logs -n externaldns -l app=external-dns-coredns -f"

setup/cluster-services/externaldns/kustomize.template/externaldns-cloudflare.yaml

@@ -0,0 +1,39 @@
+---
+# CloudFlare provider for ExternalDNS
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: externaldns
+spec:
+  selector:
+    matchLabels:
+      app: external-dns
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      serviceAccountName: external-dns
+      containers:
+        - name: external-dns
+          image: registry.k8s.io/external-dns/external-dns:v0.13.4
+          args:
+            - --source=service
+            - --source=ingress
+            - --txt-owner-id={{ .cluster.externalDns.ownerId }}
+            - --provider=cloudflare
+            - --domain-filter=payne.io
+            #- --exclude-domains=internal.${DOMAIN}
+            - --cloudflare-dns-records-per-page=5000
+            - --publish-internal-services
+            - --no-cloudflare-proxied
+            - --log-level=debug
+          env:
+            - name: CF_API_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cloudflare-api-token
+                  key: api-token

setup/cluster-services/externaldns/kustomize.template/externaldns-rbac.yaml

@@ -0,0 +1,35 @@
+---
+# Common RBAC resources for all ExternalDNS deployments
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: externaldns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+rules:
+  - apiGroups: [""]
+    resources: ["services", "endpoints", "pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+  - kind: ServiceAccount
+    name: external-dns
+    namespace: externaldns

setup/cluster-services/externaldns/kustomize.template/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- namespace.yaml
+- externaldns-rbac.yaml
+- externaldns-cloudflare.yaml

setup/cluster-services/externaldns/kustomize.template/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: externaldns