Name: route53-kubernetes
Owner: CCP Games
Description: Sync Kubernetes Services with AWS Route53
Created: 2016-09-13 19:13:17.0
Updated: 2017-07-06 16:16:21.0
Pushed: 2017-02-28 21:57:22.0
Homepage: null
Size: 2791
Language: Go
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
This is a Kubernetes service that polls services (in all namespaces) that are configured
with the label dns=route53 and adds the appropriate alias to the domain specified by
the annotation domainName=sub.mydomain.io. Multiple domains and top level domains are also supported:
domainName=.mydomain.io,sub1.mydomain.io,sub2.mydomain.io
The following is an example ReplicationController definition for route53-kubernetes:
Create the ReplicationController via kubectl create -f <name_of_route53-kubernetes-rc.yaml>
Note: We don't currently sign our docker images. So, please use our images at your own risk.
ersion: extensions/v1beta1
: Deployment
data:
me: route53-kubernetes
mespace: kube-system
bels:
app: route53-kubernetes
:
plicas: 1
mplate:
metadata:
labels:
app: route53-kubernetes
spec:
containers:
- image: quay.io/molecule/route53-kubernetes:v1.3.0
name: route53-kubernetes
This service expects that it's running on a Kubernetes node on AWS and that the IAM profile for that node is set up to allow the following, along with the default permissions needed by Kubernetes:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:DescribeLoadBalancers",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "*"
}
]
Given the following Kubernetes service definition:
ersion: v1
: Service
data:
me: my-app
bels:
app: my-app
role: web
dns: route53
notations:
domainName: "test.mydomain.com"
:
lector:
app: my-app
role: web
rts:
name: web
port: 80
protocol: TCP
targetPort: web
name: web-ssl
port: 443
protocol: TCP
targetPort: web-ssl
pe: LoadBalancer
An “A” record for test.mydomain.com will be created as an alias to the ELB that is
configured by kubernetes. This assumes that a hosted zone exists in Route53 for mydomain.com.
Any record that previously existed for that dns record will be updated.
This setup shows some alternative ways to configure route53-kubernetes. First, you can specify kubernetes certs manually if you do not have service accounts enabled. Second, access to AWS can be configured through a Shared Credentials File.
ersion: v1
: ReplicationController
data:
me: route53-kubernetes
mespace: kube-system
bels:
app: route53-kubernetes
:
plicas: 1
lector:
app: route53-kubernetes
mplate:
metadata:
labels:
app: route53-kubernetes
spec:
volumes:
- name: ssl-cert
secret:
secretName: kube-ssl
- name: aws-creds
secret:
secretName: aws-creds
containers:
- image: quay.io/molecule/route53-kubernetes:v1.3.0
name: route53-kubernetes
volumeMounts:
- name: ssl-cert
mountPath: /opt/certs
readOnly: true
- name: aws-creds
mountPath: /opt/creds
readOnly: true
env:
- name: "CA_FILE_PATH"
value: "/opt/certs/ca.pem"
- name: "CERT_FILE_PATH"
value: "/opt/certs/cert.pem"
- name: "KEY_FILE_PATH"
value: "/opt/certs/key.pem"
- name: "AWS_SHARED_CREDENTIALS_FILE"
value: "/opt/creds/credentials"
We use glide to manage dependencies. To fetch the dependencies to your local vendor/ folder please run:
e install -v
You may choose to use Docker images for route53-kubernetes on our Quay namespace or to build the binary, docker image, and push the docker image from scratch. See the Makefile for more information on doing this process manually.