This is an ExternalDNS provider for Yandex Cloud DNS. This projects externalizes the provider for Yandex Cloud DNS and offers a way forward for bugfixes.
This webhook provider is run easiest as sidecar within the external-dns pod. This can be achieved using the official
external-dns Helm chart and its support for the webhook provider type.
Setting the provider.name to webhook allows configuration of the
external-dns-yandex-webhook via a few additional values:
provider:
name: webhook
webhook:
image:
repository: ghcr.io/ismailbaskin/external-dns-yandex-webhook
tag: 1.0.0
args:
- --folder-id=YOUR_FOLDER_ID
- --auth-key-file=/etc/kubernetes/key.json
extraVolumeMounts:
- name: yandexconfig
mountPath: /etc/kubernetes/
resources: {}
securityContext:
runAsUser: 1000The referenced extraVolumeMount points to a Secret containing the service account key file for Yandex Cloud authentication.
The webhook requires the following command line arguments:
--folder-id: Yandex Cloud folder ID where your DNS zones are located.--auth-key-file: Path to the Yandex Cloud service account key file.
For authentication, this webhook uses a service account key file. To create one:
- Create a service account in Yandex Cloud with the necessary permissions for DNS management
- Create a service account key using the Yandex Cloud CLI:
# Install Yandex Cloud CLI if you haven't already
# https://cloud.yandex.com/en/docs/cli/quickstart
# Create the IAM key JSON file
yc iam key create iamkey \
--service-account-id=<your service account ID> \
--format=json \
--output=key.json- Add this file to your Kubernetes Secret
Create a Secret with the service account key file:
kubectl create secret generic yandexconfig --namespace external-dns --from-file=key.jsonand then add it as an extraVolume to within the values.yaml of external-dns:
extraVolumes:
- name: yandexconfig
secret:
secretName: yandexconfig