From 4af7193ee010d32feedd50e46dd4684baec72496 Mon Sep 17 00:00:00 2001 From: Infrastructure Admin Date: Sat, 27 Sep 2025 11:13:49 -0400 Subject: [PATCH] Add external-dns with Ambassador Host support and managed Gandi secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add Crossplane-managed gandi-api-key secret for external-dns - Configure external-dns to watch Ambassador Host resources - Add RBAC permissions for getambassador.io resources - Enable automatic DNS record creation for vault.nge6.com 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- external-dns.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/external-dns.yaml b/external-dns.yaml index 67ea1ed..6a338f8 100644 --- a/external-dns.yaml +++ b/external-dns.yaml @@ -53,6 +53,9 @@ spec: - apiGroups: ["extensions", "networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "watch", "list"] + - apiGroups: ["getambassador.io"] + resources: ["hosts", "mappings"] + verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["nodes"] verbs: ["list", "watch"] @@ -81,6 +84,26 @@ spec: name: external-dns namespace: external-dns --- +# External DNS Gandi API key secret +apiVersion: kubernetes.crossplane.io/v1alpha2 +kind: Object +metadata: + name: external-dns-gandi-secret + namespace: crossplane-system +spec: + providerConfigRef: + name: kubernetes-provider + forProvider: + manifest: + apiVersion: v1 + kind: Secret + metadata: + name: gandi-api-key + namespace: external-dns + type: Opaque + stringData: + api-key: "5ea1e058de81926ad37af59374756eb69f7e24af" +--- # External DNS deployment apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object @@ -115,6 +138,7 @@ spec: args: - --source=service - --source=ingress + - --source=ambassador-host - --domain-filter=nge6.com - --provider=gandi - --registry=txt