From ebd3a7eafb30cb3d29904989c7031b976317588c Mon Sep 17 00:00:00 2001 From: Pier-Olivier Thibault <23230+pier-oliviert@users.noreply.github.com> Date: Wed, 26 Jun 2024 10:46:34 -0400 Subject: [PATCH] AWS: Change documentation to use Helm values The Helm section includes templates files that aren't needed as those values can all be generated from the values.yaml file. It seems that the current documentation also missed the role arn annotation so it was added as well. --- docs/tutorials/aws.md | 95 ++++--------------------------------------- 1 file changed, 9 insertions(+), 86 deletions(-) diff --git a/docs/tutorials/aws.md b/docs/tutorials/aws.md index d4ac65741d..762e89fb5b 100644 --- a/docs/tutorials/aws.md +++ b/docs/tutorials/aws.md @@ -477,97 +477,20 @@ kubectl create --filename externaldns-no-rbac.yaml \ ### Manifest (for clusters with RBAC enabled) -Save the following below as `externaldns-with-rbac.yaml`. +Update the `values.yaml` file you created earlier to include the annotations to link the Role ARN you created before. ```yaml -# comment out sa if it was previously created -apiVersion: v1 -kind: ServiceAccount -metadata: - name: external-dns - labels: - app.kubernetes.io/name: external-dns ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: external-dns - labels: - app.kubernetes.io/name: external-dns -rules: - - apiGroups: [""] - resources: ["services","endpoints","pods","nodes"] - verbs: ["get","watch","list"] - - apiGroups: ["extensions","networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get","watch","list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: external-dns-viewer - labels: - app.kubernetes.io/name: external-dns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: external-dns -subjects: - - kind: ServiceAccount - name: external-dns - namespace: default # change to desired namespace: externaldns, kube-addons ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: external-dns - labels: - app.kubernetes.io/name: external-dns -spec: - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: external-dns - template: - metadata: - labels: - app.kubernetes.io/name: external-dns - spec: - serviceAccountName: external-dns - containers: - - name: external-dns - image: registry.k8s.io/external-dns/external-dns:v0.14.2 - args: - - --source=service - - --source=ingress - - --domain-filter=example.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones - - --provider=aws - - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization - - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both) - - --registry=txt - - --txt-owner-id=external-dns - env: - - name: AWS_DEFAULT_REGION - value: us-east-1 # change to region where EKS is installed - # # Uncommend below if using static credentials - # - name: AWS_SHARED_CREDENTIALS_FILE - # value: /.aws/credentials - # volumeMounts: - # - name: aws-credentials - # mountPath: /.aws - # readOnly: true - # volumes: - # - name: aws-credentials - # secret: - # secretName: external-dns +provider: + name: aws +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${EXTERNALDNS_ROLE_NAME:-"external-dns"} ``` -When ready deploy: +When ready deploy, update your Helm installation: -```bash -kubectl create --filename externaldns-with-rbac.yaml \ - --namespace ${EXTERNALDNS_NS:-"default"} +```shell +helm upgrade --install external-dns external-dns/external-dns --values values.yaml ``` ## Arguments