Integrate kube-external-dns with pihole for autonomous dns
This commit is contained in:
parent
8f89896394
commit
7e521afe6b
11
manifests/external-dns/README.md
Normal file
11
manifests/external-dns/README.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
External DNS with pihole
|
||||||
|
|
||||||
|
Make sure to run where `somesecret` will be the password for your pihole
|
||||||
|
```
|
||||||
|
kubectl create secret generic external-dns-pihole-password \
|
||||||
|
--from-literal EXTERNAL_DNS_PIHOLE_PASSWORD=somesecret
|
||||||
|
```
|
||||||
|
|
||||||
|
Add the annotation `external-dns.alpha.kubernetes.io/hostname:
|
||||||
|
\ nginx.external-dns-test.homelab.local` to your services, so external dns can
|
||||||
|
pick up the service and a dns entry in pihole automatically.
|
74
manifests/external-dns/install.yaml
Normal file
74
manifests/external-dns/install.yaml
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: external-dns
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: external-dns
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["services","endpoints","pods"]
|
||||||
|
verbs: ["get","watch","list"]
|
||||||
|
- apiGroups: ["extensions","networking.k8s.io"]
|
||||||
|
resources: ["ingresses"]
|
||||||
|
verbs: ["get","watch","list"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["list","watch"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: external-dns-viewer
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: external-dns
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: external-dns
|
||||||
|
namespace: default
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: external-dns
|
||||||
|
spec:
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: external-dns
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: external-dns
|
||||||
|
spec:
|
||||||
|
serviceAccountName: external-dns
|
||||||
|
containers:
|
||||||
|
- name: external-dns
|
||||||
|
image: registry.k8s.io/external-dns/external-dns:v0.15.0
|
||||||
|
# If authentication is disabled and/or you didn't create
|
||||||
|
# a secret, you can remove this block.
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
# Change this if you gave the secret a different name
|
||||||
|
name: external-dns-pihole-password
|
||||||
|
args:
|
||||||
|
- --source=service
|
||||||
|
- --source=ingress
|
||||||
|
# Pihole only supports A/AAAA/CNAME records so there is no mechanism to track ownership.
|
||||||
|
# You don't need to set this flag, but if you leave it unset, you will receive warning
|
||||||
|
# logs when ExternalDNS attempts to create TXT records.
|
||||||
|
- --registry=noop
|
||||||
|
# IMPORTANT: If you have records that you manage manually in Pi-hole, set
|
||||||
|
# the policy to upsert-only so they do not get deleted.
|
||||||
|
- --policy=upsert-only
|
||||||
|
- --provider=pihole
|
||||||
|
# Change this to the actual address of your Pi-hole web server
|
||||||
|
- --pihole-server=http://pihole-web.default.svc.cluster.local
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes token files
|
@ -118,13 +118,13 @@ serviceWeb:
|
|||||||
nodePort: ""
|
nodePort: ""
|
||||||
|
|
||||||
# -- `spec.type` for the web interface Service
|
# -- `spec.type` for the web interface Service
|
||||||
type: ClusterIP
|
type: LoadBalancer
|
||||||
|
|
||||||
# -- `spec.externalTrafficPolicy` for the web interface Service
|
# -- `spec.externalTrafficPolicy` for the web interface Service
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
|
|
||||||
# -- A fixed `spec.loadBalancerIP` for the web interface Service
|
# -- A fixed `spec.loadBalancerIP` for the web interface Service
|
||||||
loadBalancerIP: ""
|
loadBalancerIP: "192.168.0.239"
|
||||||
# -- A fixed `spec.loadBalancerIP` for the IPv6 web interface Service
|
# -- A fixed `spec.loadBalancerIP` for the IPv6 web interface Service
|
||||||
loadBalancerIPv6: ""
|
loadBalancerIPv6: ""
|
||||||
|
|
||||||
@ -404,6 +404,7 @@ regex: {}
|
|||||||
ftl: {}
|
ftl: {}
|
||||||
# Add values for pihole-FTL.conf
|
# Add values for pihole-FTL.conf
|
||||||
# MAXDBDAYS: 14
|
# MAXDBDAYS: 14
|
||||||
|
#StartLimitBurst: 25
|
||||||
|
|
||||||
# -- port the container should use to expose HTTP traffic
|
# -- port the container should use to expose HTTP traffic
|
||||||
webHttp: "80"
|
webHttp: "80"
|
||||||
|
Loading…
Reference in New Issue
Block a user