Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS: Change documentation to use Helm values #4577

Merged
merged 7 commits into from
Aug 9, 2024
Merged

AWS: Change documentation to use Helm values #4577

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ebd3a7e
AWS: Change documentation to use Helm values
pier-oliviert Jun 26, 2024
c7138b8
Update docs/tutorials/aws.md
pier-oliviert Jun 27, 2024
dd06678
Change header to be consistent within the section
pier-oliviert Jun 27, 2024
edb2513
Add configuration option for non-eks with Helm
pier-oliviert Jun 27, 2024
e49c141
Update docs/tutorials/aws.md
pier-oliviert Jun 27, 2024
4c86e53
Update docs/tutorials/aws.md
pier-oliviert Jun 27, 2024
bbaa3eb
Attempts at making the docs more clear with secret volume
pier-oliviert Jun 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 29 additions & 88 deletions docs/tutorials/aws.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,7 @@ Finally, install the ExternalDNS chart with Helm using the configuration specifi
helm upgrade --install external-dns external-dns/external-dns --values values.yaml
```

### Manifest (for clusters without RBAC enabled)
### When using clusters without RBAC enabled

Save the following below as `externaldns-no-rbac.yaml`.

Expand Down Expand Up @@ -475,99 +475,40 @@ kubectl create --filename externaldns-no-rbac.yaml \
--namespace ${EXTERNALDNS_NS:-"default"}
```

### Manifest (for clusters with RBAC enabled)
### When using clusters with RBAC enabled

Save the following below as `externaldns-with-rbac.yaml`.
If you're using EKS, you can update the `values.yaml` file you created earlier to include the annotations to link the Role ARN you created before.

```yaml
# comment out sa if it was previously created
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
labels:
app.kubernetes.io/name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
labels:
app.kubernetes.io/name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods","nodes"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
labels:
app.kubernetes.io/name: external-dns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: default # change to desired namespace: externaldns, kube-addons
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
labels:
app.kubernetes.io/name: external-dns
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: external-dns
template:
metadata:
labels:
app.kubernetes.io/name: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: registry.k8s.io/external-dns/external-dns:v0.14.2
args:
- --source=service
- --source=ingress
- --domain-filter=example.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
- --provider=aws
- --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt
- --txt-owner-id=external-dns
env:
- name: AWS_DEFAULT_REGION
value: us-east-1 # change to region where EKS is installed
# # Uncommend below if using static credentials
# - name: AWS_SHARED_CREDENTIALS_FILE
# value: /.aws/credentials
# volumeMounts:
# - name: aws-credentials
# mountPath: /.aws
# readOnly: true
# volumes:
# - name: aws-credentials
# secret:
# secretName: external-dns
provider:
name: aws
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${EXTERNALDNS_ROLE_NAME:-"external-dns"}
```

When ready deploy:
If you need to provide credentials directly using a secret (ie. You're not using EKS), you can change the `values.yaml` file to include volume and volume mounts.

```bash
kubectl create --filename externaldns-with-rbac.yaml \
--namespace ${EXTERNALDNS_NS:-"default"}
```yaml
provider:
name: aws
env:
- name: AWS_SHARED_CREDENTIALS_FILE
value: /etc/aws/credentials/my_credentials
extraVolumes:
- name: aws-credentials
secret:
secretName: external-dns # In this example, the secret will have the data stored in a key named `my_credentials`
extraVolumeMounts:
- name: aws-credentials
mountPath: /etc/aws/credentials
readOnly: true
```

When ready, update your Helm installation:

```shell
helm upgrade --install external-dns external-dns/external-dns --values values.yaml
```

## Arguments
Expand Down