forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
route53_template.go
76 lines (72 loc) · 1.78 KB
/
route53_template.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package globaldns
var Route53DeploymentTemplate = `
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{.deploymentName}}
spec:
strategy:
type: Recreate
template:
metadata:
labels:
app: {{.deploymentName}}
spec:
serviceAccountName: external-dns
containers:
- name: {{.deploymentName}}
image: registry.opensource.zalan.do/teapot/external-dns:latest
env:
- name: AWS_SECRET_ACCESS_KEY
value: {{.awsSecretKey}}
- name: AWS_ACCESS_KEY_ID
value: {{.awsAccessKey}}
args:
- --source=service
- --source=ingress
- --domain-filter={{.route53Domain}}
- --provider=aws
- --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
- --registry=txt
- --txt-owner-id=my-identifier
- --log-level=debug
- --publish-internal-services`
var ExternalDNSServiceAcct = `
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
`
var ExternalDNSClusterRole = `
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
`
var ExternalDNSClusterRoleBinding = `
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: cattle-global-data
`