From 5cc6b9c9001760bee47e5b79d1c84892f9b23d0b Mon Sep 17 00:00:00 2001
From: aggarwalakshun <aggarwalakshun@gmail.com>
Date: Sat, 27 Dec 2025 13:50:05 +0000
Subject: [PATCH] add external-dns

---
 clusters/ipv6/external-dns/deployment.yml | 37 +++++++++++++++++++++++
 clusters/ipv6/external-dns/rbac.yml       | 31 +++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 clusters/ipv6/external-dns/deployment.yml
 create mode 100644 clusters/ipv6/external-dns/rbac.yml

diff --git a/clusters/ipv6/external-dns/deployment.yml b/clusters/ipv6/external-dns/deployment.yml
new file mode 100644
index 0000000..7db35da
--- /dev/null
+++ b/clusters/ipv6/external-dns/deployment.yml
@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+  namespace: external-dns
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      serviceAccountName: external-dns
+      containers:
+      - name: external-dns
+        image: registry.k8s.io/external-dns/external-dns:v0.15.0
+        args:
+          - --source=ingress
+          - --provider=cloudflare
+          - --domain-filter=akshun-lab.cc
+          - --policy=sync
+          - --registry=txt
+          - --txt-owner-id=k3s
+          - --log-level=info
+          - --interval=60s
+          - --cloudflare-proxied
+          - --exclude-record-types=A
+        env:
+        - name: CF_API_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-api-token
+              key: CF_API_TOKEN
+
diff --git a/clusters/ipv6/external-dns/rbac.yml b/clusters/ipv6/external-dns/rbac.yml
new file mode 100644
index 0000000..3e98138
--- /dev/null
+++ b/clusters/ipv6/external-dns/rbac.yml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+  namespace: external-dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+rules:
+- apiGroups: [""]
+  resources: ["services", "endpoints", "pods"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: external-dns
+