Skip to content

Fix external-dns #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sam-at-luther merged 2 commits into from
Oct 1, 2025
Merged

Fix external-dns #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2328fe9
Fix external-dns
sam-at-luther Oct 1, 2025
5b45b54
Do not use bitnami
sam-at-luther Oct 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions ansible-roles/k8s_external_dns/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,8 @@ k8s_external_dns_namespace: external-dns
k8s_external_dns_public_helm_release: external-dns-public
k8s_external_dns_private_helm_release: external-dns-private

k8s_external_dns_chart: bitnami/external-dns
k8s_external_dns_chart_version: 6.28.6
k8s_external_dns_image_tag: 0.13.6-debian-11-r33
k8s_external_dns_chart: external-dns/external-dns
k8s_external_dns_chart_version: 1.19.0

k8s_external_dns_public_chart_values: {}
k8s_external_dns_private_chart_values: {}
120 changes: 62 additions & 58 deletions ansible-roles/k8s_external_dns/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,85 +1,89 @@
---
# tasks file for k8s_external_dns

- name: Add bitnami repository
- name: Add official external-dns repository
kubernetes.core.helm_repository:
name: bitnami
repo_url: https://charts.bitnami.com/bitnami
no_log: True
name: external-dns
repo_url: https://kubernetes-sigs.github.io/external-dns/
no_log: true

- name: Install public external-dns release
# -----------------------------
# Public external-dns
# -----------------------------
- name: Install public external-dns release (official chart)
kubernetes.core.helm:
name: "{{k8s_external_dns_public_helm_release}}"
chart_ref: "{{k8s_external_dns_chart}}"
chart_version: "{{k8s_external_dns_chart_version}}"
namespace: "{{k8s_external_dns_namespace}}"
create_namespace: yes
update_repo_cache: yes
name: "{{ k8s_external_dns_public_helm_release }}"
chart_ref: "{{ k8s_external_dns_chart }}" # external-dns/external-dns
chart_version: "{{ k8s_external_dns_chart_version }}" # e.g. 1.19.0
namespace: "{{ k8s_external_dns_namespace }}"
create_namespace: true
update_repo_cache: true
wait: true
values: "{{k8s_external_dns_public_chart_values | default(default_values, true)}}"
wait_timeout: 5m
force: true # recreate Deployment to avoid merge issues
atomic: true # rollback on failure
values: "{{ k8s_external_dns_public_chart_values | default(default_values, true) }}"
environment: "{{ kubectl_env }}"
vars:
service_account_v2:
rbac:
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: "{{k8s_external_dns_public_service_account_iam_role_arn}}"
service_account_v3:
service_account:
serviceAccount:
create: true # let the chart create the SA
name: "{{ k8s_external_dns_public_helm_release }}"
annotations:
eks.amazonaws.com/role-arn: "{{k8s_external_dns_public_service_account_iam_role_arn}}"
service_account: "{{service_account_v2 if k8s_external_dns_chart_version is version('3.0.0', '<') else service_account_v3}}"
eks.amazonaws.com/role-arn: "{{ k8s_external_dns_public_service_account_iam_role_arn }}"
default_base_values:
image:
tag: "{{k8s_external_dns_image_tag}}"
txtOwnerId: "{{luther_project_id}}-{{luther_env}}-public"
txtOwnerId: "{{ luther_project_id }}-{{ luther_env }}-public"
policy: sync
provider: aws
aws:
zoneType: public
rbac:
create: true
default_values: "{{default_base_values | combine(service_account, recursive=True)}}"
# Ensure the container port has a name so default HTTP probes work
containerPorts:
http: 7979
extraArgs:
- --aws-zone-type=public
- --aws-api-retries=3
- --aws-batch-change-size=1000
default_values: "{{ default_base_values | combine(service_account, recursive=true) }}"

- name: Install private external-dns release
# -----------------------------
# Private external-dns
# -----------------------------
- name: Install private external-dns release (official chart)
kubernetes.core.helm:
name: "{{k8s_external_dns_private_helm_release}}"
chart_ref: "{{k8s_external_dns_chart}}"
chart_version: "{{k8s_external_dns_chart_version}}"
namespace: "{{k8s_external_dns_namespace}}"
create_namespace: yes
update_repo_cache: yes
name: "{{ k8s_external_dns_private_helm_release }}"
chart_ref: "{{ k8s_external_dns_chart }}"
chart_version: "{{ k8s_external_dns_chart_version }}"
namespace: "{{ k8s_external_dns_namespace }}"
create_namespace: true
update_repo_cache: true
wait: true
values: "{{k8s_external_dns_private_chart_values | default(default_values, true)}}"
wait_timeout: 5m
force: true
atomic: true
values: "{{ k8s_external_dns_private_chart_values | default(default_values, true) }}"
environment: "{{ kubectl_env }}"
vars:
service_account_v2:
rbac:
serviceAccountAnnotations:
eks.amazonaws.com/role-arn: "{{k8s_external_dns_private_service_account_iam_role_arn}}"
service_account_v3:
service_account:
serviceAccount:
create: true
name: "{{ k8s_external_dns_private_helm_release }}"
annotations:
eks.amazonaws.com/role-arn: "{{k8s_external_dns_private_service_account_iam_role_arn}}"
service_account: "{{service_account_v2 if k8s_external_dns_chart_version is version('3.0.0', '<') else service_account_v3}}"
eks.amazonaws.com/role-arn: "{{ k8s_external_dns_private_service_account_iam_role_arn }}"
default_base_values:
image:
tag: "{{k8s_external_dns_image_tag}}"
txtOwnerId: "{{luther_project_id}}-{{luther_env}}-private"
txtOwnerId: "{{ luther_project_id }}-{{ luther_env }}-private"
policy: sync
provider: aws
aws:
zoneType: private
# external-dns managing private hosted zones needs to filter by tag to
# handle private zones with the same name existing in different
# environments/vpcs.
zoneTags:
- Project={{luther_project_id}}
- Environment={{luther_env}}
rbac:
create: true
default_values: "{{default_base_values | combine(service_account, recursive=True)}}"
containerPorts:
http: 7979
extraArgs:
- --aws-zone-type=private
- --aws-api-retries=3
- --aws-batch-change-size=1000
# Filter private zones by tags so same-name zones in other VPCs aren't touched
- "--aws-zone-tags=Project={{ luther_project_id }},Environment={{ luther_env }}"
default_values: "{{ default_base_values | combine(service_account, recursive=true) }}"

- name: Purge old values files
# Optional: clean up any old on-disk values dirs your role used before
- name: Purge old values files (legacy)
file:
path: "{{kubectl_asset_root_path}}/external-dns"
path: "{{ kubectl_asset_root_path }}/external-dns"
state: absent