kube_external_dns
Kubernetes External DNS
This module provides a deployment of the external-dns project.
It is set up to work with both AWS Route53 and Cloudflare as part of the complete Panfactum stack.
Usage
AWS Route53
For Route53, you can specify multiple zones and their corresponding IAM roles:
module "external_dns" {
# ... other configuration ...
route53_zones = {
"example.com" = {
record_manager_role_arn = "arn:aws:iam::123456789012:role/ExampleRole"
zone_id = "Z1234567890ABCDEF"
},
"subdomain.example.com" = {
record_manager_role_arn = "arn:aws:iam::123456789012:role/SubdomainRole"
zone_id = "Z0987654321FEDCBA"
}
}
}
Cloudflare
For Cloudflare, you can specify multiple zones:
module "external_dns" {
# ... other configuration ...
cloudflare_zones = {
"example.com" = {
zone_id = "abcdef1234567890"
},
"another-example.com" = {
zone_id = "1234567890abcdef"
}
}
cloudflare_api_token = var.cloudflare_api_token
}
Cloudflare API Token
To use Cloudflare with this module, you need to create an API token with the correct permissions. Follow these steps to create the token:
- Log in to the Cloudflare dashboard.
- Navigate to User Profile > API Tokens.
- Click "Create Token".
- Choose "Create Custom Token".
- Set the following permissions:
- Zone - Zone - Read
- Zone - DNS - Edit
- Under "Zone Resources", select "Include - All Zones".
- Expiration: recommended to not set an expiration.
- Create the token and securely store the generated values through SOPS.
For detailed instructions, refer to the official Cloudflare guide on creating API tokens.
Providers
The following providers are needed by this module:
Required Inputs
The following input variables are required:
eks_cluster_name
Description: The name of the EKS cluster.
Type: string
Optional Inputs
The following input variables are optional (have default values):
aws_iam_ip_allow_list
Description: A list of IPs that can use the service account token to authenticate with AWS API
Type: list(string)
Default: []
cloudflare_api_token
Description: Cloudflare API Token
Type: string
Default: null
cloudflare_zones
Description: A mapping of public DNS domains managed by Cloudflare to their configuration; external-dns uses this to set domain records
Type:
map(object({
zone_id = string
}))
Default: {}
external_dns_helm_version
Description: The version of the ExternalDNS helm chart to deploy
Type: string
Default: "1.14.5"
log_level
Description: The log level for the ExternalDNS pods
Type: string
Default: "warning"
monitoring_enabled
Description: Whether to add active monitoring to the deployed systems
Type: bool
Default: false
panfactum_scheduler_enabled
Description: Whether to use the Panfactum pod scheduler with enhanced bin-packing
Type: bool
Default: true
pull_through_cache_enabled
Description: Whether to use the ECR pull through cache for the deployed images
Type: bool
Default: true
route53_zones
Description: A mapping of public DNS domains managed by AWS to their configuration; external-dns uses this to set domain records
Type:
map(object({
record_manager_role_arn = string
zone_id = string
}))
Default: {}
sync_policy
Description: How should ExternalDNS handle DNS record synchronization
Type: string
Default: "upsert-only"
vpa_enabled
Description: Whether the VPA resources should be enabled
Type: bool
Default: true
Outputs
No outputs.
Usage
No notes