• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

wearemolecule/route53-kubernetes: [DEPRECATED] Sync Kubernetes Services with AWS ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

wearemolecule/route53-kubernetes

开源软件地址(OpenSource Url):

https://github.com/wearemolecule/route53-kubernetes

开源编程语言(OpenSource Language):

Go 97.6%

开源软件介绍(OpenSource Introduction):

DEPRECATED

This repo has been officially deprecated in favor of the https://github.com/kubernetes-incubator/external-dns addon. That addon offers a lot more features, better performance, and a compatibility mode for current users of route53-kubernetes. See compatibility mode docs here.

Kubernetes => Route53 Mapping Service

This is a Kubernetes service that polls services (in all namespaces) that are configured with the label dns=route53 and adds the appropriate alias to the domain specified by the annotation domainName=sub.mydomain.io. Multiple domains and top level domains are also supported: domainName=.mydomain.io,sub1.mydomain.io,sub2.mydomain.io

Usage

route53-kubernetes ReplicationController

The following is an example ReplicationController definition for route53-kubernetes:

Create the ReplicationController via kubectl create -f <name_of_route53-kubernetes-rc.yaml>

Note: We don't currently sign our docker images. So, please use our images at your own risk.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: route53-kubernetes
  namespace: kube-system
  labels:
    app: route53-kubernetes
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: route53-kubernetes
    spec:
      containers:
        - image: quay.io/molecule/route53-kubernetes:v1.3.0
          name: route53-kubernetes

This service expects that it's running on a Kubernetes node on AWS and that the IAM profile for that node is set up to allow the following, along with the default permissions needed by Kubernetes:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "route53:ListHostedZonesByName",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:DescribeLoadBalancers",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "route53:ChangeResourceRecordSets",
            "Resource": "*"
        }
    ]
}

Service Configuration

Given the following Kubernetes service definition:

apiVersion: v1
kind: Service
metadata:
  name: my-app
  labels:
    app: my-app
    role: web
    dns: route53
  annotations:
    domainName: "test.mydomain.com"
spec:
  selector:
    app: my-app
    role: web
  ports:
  - name: web
    port: 80
    protocol: TCP
    targetPort: web
  - name: web-ssl
    port: 443
    protocol: TCP
    targetPort: web-ssl
  type: LoadBalancer

An "A" record for test.mydomain.com will be created as an alias to the ELB that is configured by kubernetes. This assumes that a hosted zone exists in Route53 for mydomain.com. Any record that previously existed for that dns record will be updated.

Alternative setup

This setup shows some alternative ways to configure route53-kubernetes. First, you can specify kubernetes certs manually if you do not have service accounts enabled. Second, access to AWS can be configured through a Shared Credentials File.

apiVersion: v1
kind: ReplicationController
metadata:
  name: route53-kubernetes
  namespace: kube-system
  labels:
    app: route53-kubernetes
spec:
  replicas: 1
  selector:
    app: route53-kubernetes
  template:
    metadata:
      labels:
        app: route53-kubernetes
    spec:
      volumes:
        - name: ssl-cert
          secret:
            secretName: kube-ssl
        - name: aws-creds
          secret:
            secretName: aws-creds
      containers:
        - image: quay.io/molecule/route53-kubernetes:v1.3.0
          name: route53-kubernetes
          volumeMounts:
            - name: ssl-cert
              mountPath: /opt/certs
              readOnly: true
            - name: aws-creds
              mountPath: /opt/creds
              readOnly: true
          env:
            - name: "CA_FILE_PATH"
              value: "/opt/certs/ca.pem"
            - name: "CERT_FILE_PATH"
              value: "/opt/certs/cert.pem"
            - name: "KEY_FILE_PATH"
              value: "/opt/certs/key.pem"
            - name: "AWS_SHARED_CREDENTIALS_FILE"
              value: "/opt/creds/credentials"

Building locally

Install dependencies

We use glide to manage dependencies. To fetch the dependencies to your local vendor/ folder please run:

glide install -v

Build the Image

You may choose to use Docker images for route53-kubernetes on our Quay namespace or to build the binary, docker image, and push the docker image from scratch. See the Makefile for more information on doing this process manually.




鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap