kubernetes-route53-sync
Kubernetes controller to synchronize node IPs with Route53 DNS records
This project is forked from https://github.com/calebdoxsey/kubernetes-cloudflare-sync
Install
Fetch the configuration templates in this repository.
We recommend just cloning this repository.
git clone https://github.com/jlandowner/kubernetes-route53-sync.git
cd kubernetes-route53-sync
Then update DNS name to sync and the other settings in kubernetes/common/deployment.yaml
env:
- name: DNS_NAME
value: "example.com"
For the options details, See the following Available variable environments.
Create AWS IAM Policy
aws iam create-policy --policy-name kubernetes-route53-sync --policy-document file://policy.json
The Output PolicyArn will be used later.
There are 2 ways to configure credentials. Choose one of them for your environment.
- Using Access Key
- Using IRSA (IAM Role for ServiceAccount) for EKS
Using Access Key
- Create IAM User
Replace YOUR_ACCOUNT_ID to yours.
aws iam create-user --user-name kubernetes-route53-sync
aws iam attach-user-policy --user-name kubernetes-route53-sync --policy-arn arn:aws:iam::YOUR_ACCOUNT_ID:policy/kubernetes-route53-sync
aws iam create-access-key --user-name kubernetes-route53-sync
Then replace <YOUR_AWS_ACCESS_KEY_ID> and <YOUR_AWS_SECRET_ACCESS_KEY> in kubernetes/accesskey/kustomization.yaml
- Deploy
kustomize build kubernetes/accesskey | kubectl apply -f -
Using IRSA (IAM Role for ServiceAccount) for EKS
You can also use IRSA if you run it on EKS.
Replace YOUR_EKS_CLUSTER_NAME and YOUR_ACCOUNT_ID to yours.
- Create OIDC ID Provider
Note: See the official docs if you do not use eksctl.
https://docs.aws.amazon.com/ja_jp/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
eksctl utils associate-iam-oidc-provider --cluster YOUR_EKS_CLUSTER_NAME --approve
- Create IAM Role
Note: See the official docs if you do not use eksctl.
https://docs.aws.amazon.com/ja_jp/eks/latest/userguide/create-service-account-iam-policy-and-role.html
eksctl create iamserviceaccount \
--name kubernetes-route53-sync \
--namespace kube-system \
--cluster YOUR_EKS_CLUSTER_NAME \
--attach-policy-arn arn:aws:iam::YOUR_ACCOUNT_ID:policy/kubernetes-route53-sync \
--approve \
--override-existing-serviceaccounts
- Configure ServiceAccount to use IAM Role
Replace YOUR_ACCOUNT_ID in kubernetes/irsa/kustomization.yaml
commonAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::YOUR_ACCOUNT_ID:role/kubernetes-route53-sync
- Deploy
kustomize build kubernetes/irsa | kubectl apply -f -
Available variable environments
name |
description |
example value |
required |
DNS_NAME |
Route53 A Record to sync. Find Hostedzone ID by its sufix. |
'k8s.example.com' (A Record in Hostedzone named "example.com") |
true |
DNS_TTL |
Route53 Record TTL (default 300s) |
'60' |
false |
HOSTEDZONE_ID |
Specify Route53 Hostedzone ID especially when you have the subdomain at another hostedzone from root (default auto find by DNS_NAME suffix) |
'XXXXXXXXXXXXX' |
false |
USE_INTERNAL_IP |
Use Node Internal IP (default External IP) |
'1' |
false |
ENABLE_DNS_ACCESS |
Access to DNS for the reconciliation from the Pods (default 0) |
'1' |
false |
NODE_SELECTOR |
node selector query |
'disktype=ssd' (default non) |
false |
HTTPS_PROXY |
use proxy (protocol://host:port) |
'http://your-proxy:1080' |
false |
NO_PROXY |
not use proxy for specific endpoints |
'sts.amazonaws.com' |
false |
LICENSE
MIT License