# Packages
# README
kubernetes-route53-sync
Kubernetes controller to synchronize node IPs with Route53 DNS records
This project is forked from https://github.com/calebdoxsey/kubernetes-cloudflare-sync
Install
Configure DNS settings to sync
Fetch the configuration templates in this repository. We recommend just cloning this repository.
git clone https://github.com/jlandowner/kubernetes-route53-sync.git
cd kubernetes-route53-sync
Then update DNS name to sync and the other settings in kubernetes/common/deployment.yaml
env:
- name: DNS_NAME
value: "example.com"
For the options details, See the following Available variable environments.
Create AWS IAM Policy
aws iam create-policy --policy-name kubernetes-route53-sync --policy-document file://policy.json
The Output PolicyArn will be used later.
Configure AWS IAM Credentials and Deploy
There are 2 ways to configure credentials. Choose one of them for your environment.
- Using Access Key
- Using IRSA (IAM Role for ServiceAccount) for EKS
Using Access Key
- Create IAM User
Replace YOUR_ACCOUNT_ID to yours.
aws iam create-user --user-name kubernetes-route53-sync
aws iam attach-user-policy --user-name kubernetes-route53-sync --policy-arn arn:aws:iam::YOUR_ACCOUNT_ID:policy/kubernetes-route53-sync
aws iam create-access-key --user-name kubernetes-route53-sync
Then replace <YOUR_AWS_ACCESS_KEY_ID> and <YOUR_AWS_SECRET_ACCESS_KEY> in kubernetes/accesskey/kustomization.yaml
- Deploy
kustomize build kubernetes/accesskey | kubectl apply -f -
Using IRSA (IAM Role for ServiceAccount) for EKS
You can also use IRSA if you run it on EKS.
Replace YOUR_EKS_CLUSTER_NAME and YOUR_ACCOUNT_ID to yours.
- Create OIDC ID Provider
Note: See the official docs if you do not use eksctl. https://docs.aws.amazon.com/ja_jp/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
eksctl utils associate-iam-oidc-provider --cluster YOUR_EKS_CLUSTER_NAME --approve
- Create IAM Role
Note: See the official docs if you do not use eksctl. https://docs.aws.amazon.com/ja_jp/eks/latest/userguide/create-service-account-iam-policy-and-role.html
eksctl create iamserviceaccount \
--name kubernetes-route53-sync \
--namespace kube-system \
--cluster YOUR_EKS_CLUSTER_NAME \
--attach-policy-arn arn:aws:iam::YOUR_ACCOUNT_ID:policy/kubernetes-route53-sync \
--approve \
--override-existing-serviceaccounts
- Configure ServiceAccount to use IAM Role
Replace YOUR_ACCOUNT_ID in kubernetes/irsa/kustomization.yaml
commonAnnotations:
eks.amazonaws.com/role-arn: arn:aws:iam::YOUR_ACCOUNT_ID:role/kubernetes-route53-sync
- Deploy
kustomize build kubernetes/irsa | kubectl apply -f -
Available variable environments
| name | description | example value | required |
|---|---|---|---|
| DNS_NAME | Route53 A Record to sync. Find Hostedzone ID by its sufix. | 'k8s.example.com' (A Record in Hostedzone named "example.com") | true |
| DNS_TTL | Route53 Record TTL (default 300s) | '60' | false |
| HOSTEDZONE_ID | Specify Route53 Hostedzone ID especially when you have the subdomain at another hostedzone from root (default auto find by DNS_NAME suffix) | 'XXXXXXXXXXXXX' | false |
| USE_INTERNAL_IP | Use Node Internal IP (default External IP) | '1' | false |
| ENABLE_DNS_ACCESS | Access to DNS for the reconciliation from the Pods (default 0) | '1' | false |
| NODE_SELECTOR | node selector query | 'disktype=ssd' (default non) | false |
| HTTPS_PROXY | use proxy (protocol://host:port) | 'http://your-proxy:1080' | false |
| NO_PROXY | not use proxy for specific endpoints | 'sts.amazonaws.com' | false |
LICENSE
MIT License