External DNS with DigitalOcean - help wanted?

Hi all,
I’m looking for a little help getting external DNS working on Rancher 2. I’ve used it before on Rancher 1, with no issues, and now I’m looking to deploy on 2.0.

Here’s my YAML:

apiVersion: apps/v1beta2

kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: “2”
creationTimestamp: 2018-11-20T22:31:31Z
generation: 2
labels:
app: external-dns
chart: external-dns-1.0.2
heritage: Tiller
io.cattle.field/appId: external-dns
release: external-dns
name: external-dns
namespace: external-dns
resourceVersion: “2859”
selfLink: /apis/apps/v1beta2/namespaces/external-dns/deployments/external-dns
uid: 07378f71-ed14-11e8-9eef-4afb01c9c056
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: external-dns
heritage: Tiller
release: external-dns
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
cattle.io/timestamp: 2018-11-20T22:34:02Z
field.cattle.io/ports: ‘[[{“containerPort”:7979,“dnsName”:“external-dns-”,“name”:“7979tcp00”,“protocol”:“TCP”,“sourcePort”:0}]]’
creationTimestamp: null
labels:
app: external-dns
heritage: Tiller
release: external-dns
spec:
containers:
- args:
- --log-level=debug
- --policy=upsert-only
- --provider=digitalocean
- --registry=txt
- --source=service
- --source=ingress
env:
- name: DO_TOKEN
value: 123123123123123123123
image: registry.opensource.zalan.do/teapot/external-dns:v0.5.7
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 7979
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: external-dns
ports:
- containerPort: 7979
name: 7979tcp00
protocol: TCP
resources: {}
securityContext:
capabilities: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
status:
availableReplicas: 1
conditions:

• lastTransitionTime: 2018-11-20T22:31:31Z
  lastUpdateTime: 2018-11-20T22:31:31Z
  message: Deployment has minimum availability.
  reason: MinimumReplicasAvailable
  status: “True”
  type: Available
• lastTransitionTime: 2018-11-20T22:31:31Z
  lastUpdateTime: 2018-11-20T22:32:42Z
  message: ReplicaSet “external-dns-7559c65d74” has successfully progressed.
  reason: NewReplicaSetAvailable
  status: “True”
  type: Progressing
  observedGeneration: 2
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

But this doesn’t seem up to update DigitalOcean DNS.

In the pod logs, i’m getting "time=“2018-11-20T23:01:42Z” level=error msg=“services is forbidden: User “system:serviceaccount:external-dns:default” cannot list services at the cluster scope” filling the errorlog.

Any thoughts you can offier would be great appreciated.

Hey Andrew,
if it’s still relevant, I had the same issue.
The setting: rbac.create=true did the trick (looks like k8s is now using rbac by default)

Hi Pavel,
Thanks for getting back to me, and apologies for my delay.

I did end up getting this working OK, but it’s been so long I can’t remember how, unfortunately. If anyone else reads this later, let me know and I’ll share the config details.

Regards,
Andy