up

2025-04-03 03:06:32 +04:00 · 2025-04-03 03:06:32 +04:00 · fe37517129
commit fe37517129
parent 235b50c492
8 changed files with 59 additions and 8 deletions
--- a/ingress-system/cloudflare-api-token.yaml
+++ b/ingress-system/cloudflare-api-token.yaml
@ -4,4 +4,4 @@ metadata:
  name: cloudflare-api-token
  namespace: ingress-system
 stringData:
-  token: 9gCqm5J98tBKKZlcH5oUvQ5GmNKAxtSoRa5TfWea
+  apiToken: 9gCqm5J98tBKKZlcH5oUvQ5GmNKAxtSoRa5TfWea
--- a/ingress-system/external-dns-service-account.yaml
+++ b/ingress-system/external-dns-service-account.yaml
@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: ingress-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+  namespace: ingress-system
+rules:
+  - apiGroups: [""]
+    resources: ["services", "endpoints", "pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["externaldns.k8s.io"]
+    resources: ["dnsendpoints"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["externaldns.k8s.io"]
+    resources: ["dnsendpoints/status"]
+    verbs: ["update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+  namespace: ingress-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+  - kind: ServiceAccount
+    name: external-dns
+    namespace: ingress-system
--- a/ingress-system/external-dns.yaml
+++ b/ingress-system/external-dns.yaml
@ -14,9 +14,20 @@ spec:
      labels:
        app.kubernetes.io/name: external-dns
    spec:
+      serviceAccountName: external-dns
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: topology.kubernetes.io/region
+                    operator: NotIn
+                    values:
+                      - russia-west
+                      - russia-east
      containers:
        - name: external-dns
-          image: registry.k8s.io/external-dns/external-dns:v0.15.1
+          image: registry.k8s.io/external-dns/external-dns:v0.16.1
          args:
            - --source=crd
            - --provider=cloudflare