dn

2025-08-25 20:59:53 +02:00
parent 467ba5afc5
commit 4ebf4d6e81
1 changed files with 42 additions and 9 deletions
--- a/dns/external-dns.yaml
+++ b/dns/external-dns.yaml
@@ -18,6 +18,36 @@ rules:
  resources: ["ingresses","ingressclasses"]
  verbs: ["get","list","watch"]

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata: { name: external-dns-viewer }
+roleRef: { apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: external-dns }
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: dns
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata: { name: external-dns }
+rules:
+- apiGroups: [""]
+  resources: ["services","endpoints","pods","nodes","namespaces"]
+  verbs: ["get","list","watch"]
+- apiGroups: ["discovery.k8s.io"]
+  resources: ["endpointslices"]
+  verbs: ["get","list","watch"]
+- apiGroups: ["networking.k8s.io","extensions"]
+  resources: ["ingresses","ingressclasses"]
+  verbs: ["get","list","watch"]
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -42,6 +72,12 @@ spec:
      labels: { app: external-dns }
    spec:
      serviceAccountName: external-dns
+      initContainers:
+        - name: wait-etcd
+          image: curlimages/curl
+          command: ["/bin/sh","-c"]
+          args:
+            - for i in $(seq 1 60); do curl -4s --max-time 2 http://etcd.dns.svc:2379/health | grep -q true && exit 0; sleep 1; done; exit 1
      containers:
        - name: external-dns
          image: registry.k8s.io/external-dns/external-dns:v0.14.2
@@ -49,13 +85,10 @@ spec:
            - --source=ingress
            - --provider=coredns
            - --domain-filter=apps.undercloud.dev
-            #- --policy=sync
-            #- --registry=txt
-            - --managed-record-types=CNAME,TXT,AAAA
-            #- --txt-owner-id=k8s-undercloud
+            - --policy=sync
+            - --registry=txt
+            - --txt-owner-id=k8s-undercloud
+            - --managed-record-types=A,AAAA,CNAME,TXT
            - --log-level=debug
-          env:
-            - name: ETCD_URLS
-              value: "http://etcd.dns.svc:2379"
-
-            
+            - --coredns-etcd-endpoints=http://etcd.dns.svc:2379
+            - --coredns-etcd-prefix=/skydns