---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-dns
  namespace: dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata: { name: external-dns }
rules:
- apiGroups: [""]
  resources: ["services","endpoints","pods","nodes","namespaces"]
  verbs: ["get","list","watch"]
- apiGroups: ["discovery.k8s.io"]
  resources: ["endpointslices"]
  verbs: ["get","list","watch"]
- apiGroups: ["networking.k8s.io","extensions"]
  resources: ["ingresses","ingressclasses"]
  verbs: ["get","list","watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata: { name: external-dns-viewer }
roleRef: { apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: external-dns }
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: dns
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
  namespace: dns
spec:
  replicas: 1
  selector:
    matchLabels: { app: external-dns }
  template:
    metadata:
      labels: { app: external-dns }
    spec:
      serviceAccountName: external-dns
      initContainers:
        - name: wait-etcd
          image: curlimages/curl
          command: ["/bin/sh","-c"]
          args:
            - for i in $(seq 1 60); do curl -4s --max-time 2 http://etcd.dns.svc:2379/health | grep -q true && exit 0; sleep 1; done; exit 1
      containers:
        - name: external-dns
          image: registry.k8s.io/external-dns/external-dns:v0.14.2
          args:
            - --source=ingress
            - --provider=coredns
            - --domain-filter=apps.undercloud.dev
            - --policy=sync
            - --registry=txt
            #- --txt-owner-id=k8s-undercloud
            - --managed-record-types=AAAA,CNAME,TXT
            - --log-level=debug
          env:
          - name: ETCD_URLS
            value: "http://etcd.dns.svc:2379"
          - name: ETCD_PREFIX
            value: "/skydns"