This is a Kubernetes service that polls Services and Ingresses on its cluster that are configured and adds an entry to Route 53.
Services are configured with the label dns=route53 and annotation domainName=test-app.
Ingresses are configured with the annotation elb=unique-id.eu-west-1.elb.amazonaws.com.
The app requires the following environment variables to be set in order to run:
HOSTED_ZONE_ID=EXAMPLEID- The hosted zone ID of the route53 zone you wish the app to modifyAWS_REGION=ap-southeast-2- The region of your hosted zoneROUTE53_TTL=60- Time to live sent in the API call to route53, defaults to 60KUBERNETES_SERVICE_HOST=127.0.0.1- IP of Kubernetes service API, should be in env by defaultKUBERNETES_PORT_443_TCP_PORT=443- Port of Kubernetes service API, should be in env by defaultTOKEN_PATH=/var/run/secrets/kubernetes.io/serviceaccount/token- path to token file for kube service account, set to path shown by defaultELB=unique-id.eu-west-1.elb.amazonaws.com- the address of the default ELB to use for Ingress based addresses, if not specified Ingresses will not be watched
For example, given the below Kubernetes service definition:
apiVersion: v1
kind: Service
metadata:
name: my-app
labels:
app: my-app
role: web
dns: route53
annotations:
domainName: "test-app"
spec:
selector:
app: my-app
role: web
ports:
- name: web
port: 80
protocol: TCP
targetPort: web
- name: web-ssl
port: 443
protocol: TCP
targetPort: web-ssl
type: LoadBalancerA DNS CNAME record is created/modified for
test-app.myhostedzonedomain.com pointing to the Elastic Load Balancer
that is configured by Kubernetes.
This service expects that it is running on a Kubernetes node on AWS and that the IAM profile for that node is set up to allow the following, along with the default permissions needed by Kubernetes:
{
"Effect": "Allow",
"Action": "route53:ListHostedZonesByName",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:GetHostedZone"
],
"Resource": "*"
}