From 4ebf4d6e819db936affc0f8cdcd59daa69b58acc Mon Sep 17 00:00:00 2001
From: Sebastian <thrawn235@gmail.com>
Date: Mon, 25 Aug 2025 20:59:53 +0200
Subject: [PATCH] dn

---
 dns/external-dns.yaml | 51 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 9 deletions(-)

diff --git a/dns/external-dns.yaml b/dns/external-dns.yaml
index de07281..f5e7ff0 100644
--- a/dns/external-dns.yaml
+++ b/dns/external-dns.yaml
@@ -18,6 +18,36 @@ rules:
   resources: ["ingresses","ingressclasses"]
   verbs: ["get","list","watch"]
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata: { name: external-dns-viewer }
+roleRef: { apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: external-dns }
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: dns
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata: { name: external-dns }
+rules:
+- apiGroups: [""]
+  resources: ["services","endpoints","pods","nodes","namespaces"]
+  verbs: ["get","list","watch"]
+- apiGroups: ["discovery.k8s.io"]
+  resources: ["endpointslices"]
+  verbs: ["get","list","watch"]
+- apiGroups: ["networking.k8s.io","extensions"]
+  resources: ["ingresses","ingressclasses"]
+  verbs: ["get","list","watch"]
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -42,6 +72,12 @@ spec:
       labels: { app: external-dns }
     spec:
       serviceAccountName: external-dns
+      initContainers:
+        - name: wait-etcd
+          image: curlimages/curl
+          command: ["/bin/sh","-c"]
+          args:
+            - for i in $(seq 1 60); do curl -4s --max-time 2 http://etcd.dns.svc:2379/health | grep -q true && exit 0; sleep 1; done; exit 1
       containers:
         - name: external-dns
           image: registry.k8s.io/external-dns/external-dns:v0.14.2
@@ -49,13 +85,10 @@ spec:
             - --source=ingress
             - --provider=coredns
             - --domain-filter=apps.undercloud.dev
-            #- --policy=sync
-            #- --registry=txt
-            - --managed-record-types=CNAME,TXT,AAAA
-            #- --txt-owner-id=k8s-undercloud
+            - --policy=sync
+            - --registry=txt
+            - --txt-owner-id=k8s-undercloud
+            - --managed-record-types=A,AAAA,CNAME,TXT
             - --log-level=debug
-          env:
-            - name: ETCD_URLS
-              value: "http://etcd.dns.svc:2379"
-
-            
\ No newline at end of file
+            - --coredns-etcd-endpoints=http://etcd.dns.svc:2379
+            - --coredns-etcd-prefix=/skydns