Public | Automated Build

Last pushed: 9 days ago
Short Description
Kubernetes => Route53 Mapping Service, published version of https://github.com/fairfaxmedia/area53
Full Description

Kubernetes => Route53 Mapping Service

This is a Kubernetes service that polls Services and Ingresses on its cluster that are configured
and adds an entry to Route 53.

Services are configured with the label dns=route53 and annotation domainName=test-app.

Ingresses are configured with the annotation elb=unique-id.eu-west-1.elb.amazonaws.com.

The app requires the following environment variables to be set in order to run:

  • HOSTED_ZONE_ID=EXAMPLEID - The hosted zone ID of the route53 zone you wish the app to modify
  • AWS_REGION=ap-southeast-2 - The region of your hosted zone
  • ROUTE53_TTL=60 - Time to live sent in the API call to route53, defaults to 60
  • KUBERNETES_SERVICE_HOST=127.0.0.1 - IP of Kubernetes service API, should be in env by default
  • KUBERNETES_PORT_443_TCP_PORT=443 - Port of Kubernetes service API, should be in env by default
  • TOKEN_PATH=/var/run/secrets/kubernetes.io/serviceaccount/token - path to token file for kube service account, set to path shown by default
  • ELB=unique-id.eu-west-1.elb.amazonaws.com - the address of the default ELB to use for Ingress based addresses, if not specified Ingresses will not be watched

Example

For example, given the below Kubernetes service definition:

apiVersion: v1
kind: Service
metadata:
  name: my-app
  labels:
    app: my-app
    role: web
    dns: route53
  annotations:
    domainName: "test-app"
spec:
  selector:
    app: my-app
    role: web
  ports:
  - name: web
    port: 80
    protocol: TCP
    targetPort: web
  - name: web-ssl
    port: 443
    protocol: TCP
    targetPort: web-ssl
  type: LoadBalancer

A DNS CNAME record is created/modified for
test-app.myhostedzonedomain.com pointing to the Elastic Load Balancer
that is configured by Kubernetes.

IAM Actions Required

This service expects that it is running on a Kubernetes node on AWS and
that the IAM profile for that node is set up to allow the following,
along with the default permissions needed by Kubernetes:

{
    "Effect": "Allow",
    "Action": "route53:ListHostedZonesByName",
    "Resource": "*"
},
{
    "Effect": "Allow",
    "Action": [
      "route53:ChangeResourceRecordSets",
      "route53:GetHostedZone"
    ],
    "Resource": "*"
}
Docker Pull Command
Owner
cknowles
Source Repository

Comments (0)