Skip to content

Create test setup for AWS integration #1849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
abaguas wants to merge 6 commits into from
Closed

Create test setup for AWS integration #1849

abaguas wants to merge 6 commits into from

Conversation

@abaguas
Copy link
Collaborator

@abaguas abaguas commented Mar 3, 2025

Similar to the Azure setup done in #1773

@abaguas abaguas force-pushed the aws/dnsintegration branch 4 times, most recently from fbda006 to c7bfd37 Compare March 3, 2025 18:36
abaguas added 5 commits March 11, 2025 07:14
@abaguas
Use upstream chart for external-dns for AWS integration
d8f8122 
The latest version of the external-dns image requires setting the AWS_DEFAULT_REGION environment variable.
The introduction of this variable demands changes in our chart as well as changes to the user configuration. Therefore, it is a good oportunity to introduce the upstream external-dns helm chart.
By using the upstream chart we can profit from all the features of the external dns community out-of-the-box, we no longer have to develop a wrapper on our side. These features include both authentication options and new upstream providers.

The following configuration changes should be included in the release notes:
1.
```
route53:
  enabled: true
  secret: credentials
```
becomes
```
extdns:
  enabled: true
  provider:
    name: aws
  extraVolumes:
  - name: aws-credentials
    secret:
      secretName: credentials
  extraVolumeMounts:
  - name: aws-credentials
    mountPath: /.aws
    readOnly: true
```

2.
```
route53:
  enabled: true
  irsaRole: arn:aws:iam::111111:role/external-dns
```
becomes:
```
extdns:
  enabled: true
  provider:
    name: aws
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::111111:role/external-dns
```

3.
```
route53:
  enabled: true
  assumeRoleArn: role
```
becomes:
```
extdns:
  enabled: true
  provider:
    name: aws
  extraArgs:
    aws-assume-role: role
```

In addition, the AWS_DEFAULT_REGION must be specified using an environment variable, for example:
```
extdns:
  env:
  - name: AWS_DEFAULT_REGION
    value: "us-east-1"
```
And a couple of variables must be manually specified (there are helm validation function that make sure they are correct). Replace `<GEOTAG>` with the same value as `k8gb.clusterGeoTag`, and `domainFilters` with the same values as `k8gb.dnsZones.zone`/`k8gb.dnsZone`:
```
extdns:
  txtPrefix: "k8gb-<GEOTAG>"
  txtOwnerId: "k8gb-<GEOTAG>"
  domainFilters:
  - "<domain>"
```
Note: if you used to set `hostedZoneID`, then txtOwnerId will take the value `k8gb-<hostZoneID>-<GEOTAG>`.

Signed-off-by: Andre Aguas <[email protected]>
@abaguas
remove route53 configuration
38a8d86 
Signed-off-by: Andre Aguas <[email protected]>
@abaguas
Use upstream chart for external-dns for AWS integration
306d9ea 
The latest version of the external-dns image requires setting the AWS_DEFAULT_REGION environment variable.
The introduction of this variable demands changes in our chart as well as changes to the user configuration. Therefore, it is a good oportunity to introduce the upstream external-dns helm chart.
By using the upstream chart we can profit from all the features of the external dns community out-of-the-box, we no longer have to develop a wrapper on our side. These features include both authentication options and new upstream providers.

The following configuration changes should be included in the release notes:
1.
```
route53:
  enabled: true
  secret: credentials
```
becomes
```
extdns:
  enabled: true
  provider:
    name: aws
  extraVolumes:
  - name: aws-credentials
    secret:
      secretName: credentials
  extraVolumeMounts:
  - name: aws-credentials
    mountPath: /.aws
    readOnly: true
```

2.
```
route53:
  enabled: true
  irsaRole: arn:aws:iam::111111:role/external-dns
```
becomes:
```
extdns:
  enabled: true
  provider:
    name: aws
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::111111:role/external-dns
```

3.
```
route53:
  enabled: true
  assumeRoleArn: role
```
becomes:
```
extdns:
  enabled: true
  provider:
    name: aws
  extraArgs:
    aws-assume-role: role
```

In addition, the AWS_DEFAULT_REGION must be specified using an environment variable, for example:
```
extdns:
  env:
  - name: AWS_DEFAULT_REGION
    value: "us-east-1"
```
And a couple of variables must be manually specified (there are helm validation function that make sure they are correct). Replace `<GEOTAG>` with the same value as `k8gb.clusterGeoTag`, and `domainFilters` with the same values as `k8gb.dnsZones.zone`/`k8gb.dnsZone`:
```
extdns:
  txtPrefix: "k8gb-<GEOTAG>"
  txtOwnerId: "k8gb-<GEOTAG>"
  domainFilters:
  - "<domain>"
```
Note: if you used to set `hostedZoneID`, then txtOwnerId will take the value `k8gb-<hostZoneID>-<GEOTAG>`.

Signed-off-by: Andre Aguas <[email protected]>
@abaguas
remove route53 configuration
1167c16 
Signed-off-by: Andre Aguas <[email protected]>
@abaguas
Use upstream chart for external-dns for AWS integration
020ac4f 
The latest version of the external-dns image requires setting the AWS_DEFAULT_REGION environment variable.
The introduction of this variable demands changes in our chart as well as changes to the user configuration. Therefore, it is a good oportunity to introduce the upstream external-dns helm chart.
By using the upstream chart we can profit from all the features of the external dns community out-of-the-box, we no longer have to develop a wrapper on our side. These features include both authentication options and new upstream providers.

The following configuration changes should be included in the release notes:
1.
```
route53:
  enabled: true
  secret: credentials
```
becomes
```
extdns:
  enabled: true
  provider:
    name: aws
  extraVolumes:
  - name: aws-credentials
    secret:
      secretName: credentials
  extraVolumeMounts:
  - name: aws-credentials
    mountPath: /.aws
    readOnly: true
```

2.
```
route53:
  enabled: true
  irsaRole: arn:aws:iam::111111:role/external-dns
```
becomes:
```
extdns:
  enabled: true
  provider:
    name: aws
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::111111:role/external-dns
```

3.
```
route53:
  enabled: true
  assumeRoleArn: role
```
becomes:
```
extdns:
  enabled: true
  provider:
    name: aws
  extraArgs:
    aws-assume-role: role
```

In addition, the AWS_DEFAULT_REGION must be specified using an environment variable, for example:
```
extdns:
  env:
  - name: AWS_DEFAULT_REGION
    value: "us-east-1"
```
And a couple of variables must be manually specified (there are helm validation function that make sure they are correct). Replace `<GEOTAG>` with the same value as `k8gb.clusterGeoTag`, and `domainFilters` with the same values as `k8gb.dnsZones.zone`/`k8gb.dnsZone`:
```
extdns:
  txtPrefix: "k8gb-<GEOTAG>"
  txtOwnerId: "k8gb-<GEOTAG>"
  domainFilters:
  - "<domain>"
```
Note: if you used to set `hostedZoneID`, then txtOwnerId will take the value `k8gb-<hostZoneID>-<GEOTAG>`.

Signed-off-by: Andre Aguas <[email protected]>
@abaguas abaguas force-pushed the aws/dnsintegration branch from c7bfd37 to 03c33c2 Compare March 11, 2025 06:20
@abaguas
Create test setup for AWS integration
5e11934 
Similar to the Azure setup done in k8gb-io#1773

Signed-off-by: Andre Aguas <[email protected]>
@abaguas abaguas force-pushed the aws/dnsintegration branch from 03c33c2 to 5e11934 Compare March 11, 2025 06:30
@abaguas abaguas mentioned this pull request May 5, 2025
Merged
abaguas added a commit that referenced this pull request May 28, 2025
@abaguas
Create automated test setup for AWS route53 (#1897)
d04664b 
Automates testing of k8gb's integration with AWS route53. Previously this required manual steps (#1849), now fully automated.

To test, simply install opentofu, create an AWS account, retrieve credentials and run `./test.sh`.

---------

Signed-off-by: Andre Aguas <[email protected]>
@abaguas
Copy link
Collaborator Author

abaguas commented Aug 30, 2025

Tackled in #1897

@abaguas abaguas closed this Aug 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@donovanmuller donovanmuller Awaiting requested review from donovanmuller donovanmuller will be requested when the pull request is marked ready for review donovanmuller is a code owner

@k0da k0da Awaiting requested review from k0da k0da will be requested when the pull request is marked ready for review k0da is a code owner

@kuritka kuritka Awaiting requested review from kuritka kuritka will be requested when the pull request is marked ready for review kuritka is a code owner

@ytsarev ytsarev Awaiting requested review from ytsarev ytsarev will be requested when the pull request is marked ready for review ytsarev is a code owner

@jkremser jkremser Awaiting requested review from jkremser jkremser will be requested when the pull request is marked ready for review jkremser is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abaguas