ExternalDNS

The integration helps configure public DNS servers with information about Kubernetes services to make them discoverable.

Prerequisites

Providers have to be set up for this pack to get deployed and work seamlessly. For a list of supported providers and the prerequisites to be set up, visit providers section

Components

Integration deploys the following components:

External DNS

References

ExternalDNS for Services on AWS Route53 Example

Setup prerequisites for AWS Route53

Create the following IAM policy in the AWS account. This is needed for externalDNS to list and create Route53 resources.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "route53:ChangeResourceRecordSets"
      ],
      "Resource": [
        "arn:aws:route53:::hostedzone/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "route53:ListHostedZones",
        "route53:ListResourceRecordSets"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Create an IAM role and associate the policy created above. Make a note of the role ARN which will be used in ExternalDNS deployment later

Setup hosted zone in AWS Route53

# Create a DNS zone through AWS CLI
aws route53 create-hosted-zone --name "external-dns-test.my-org.com." --caller-reference "external-dns-test-$(date +%s)"

Deploy ExternalDNS on the cluster

Add ExternalDNS pack to the desired profile and deploy it to the cluster. You may want to configure the following in pack values.yaml
- Configure AWS provider details (line #86)
  - Credentials, Zone Type
  - AssumeRoleArn with the Role ARN created above
- Configure txtOwnerId with the ID of the hosted zone created above (line #366)
```
aws route53 list-hosted-zones-by-name --output json --dns-name "external-dns-test.my-org.com." | jq -r '.HostedZones[0].Id'
```
- Optionally change externalDNS policy and logLevel

Deploy Ingress Controller on the cluster

Deploy one of the Ingress Controller on the cluster

Deploy Applications with Ingress on the cluster

Add Prometheus-Operator addon to the same profile where ExternalDNS is added

Change serviceType to ClusterIP (line #408)

Enable Ingress for the add-on packs. In this example, let us use Prometheus-Operator integration. Ingress config for Grafana will look like the following :

#Ingress config
ingress:
  ## If true, Grafana Ingress will be created
  ##
  enabled: true
  hosts:
    - grafana.external-dns-test.my-org.com
  ## Path for grafana ingress
  path: /

When Prometheus-Operator gets deployed in the Cluster, Ingress resource for Grafana will also get created and will look like

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: grafana-ingress
  namespace: monitoring
spec:
  rules:
  - host: grafana.external-dns-test.my-org.com
    http:
      paths:
      - backend:
          serviceName: grafana
          servicePort: 80
        path: /
status:
  loadBalancer:
    ingress:
    - hostname: a9a2eadb64c8e4c2fb37a1f69afb0a30-330939473.us-west-2.elb.amazonaws.com

Verify ExternalDNS (Ingress example)

If all goes well, after 2 minutes, ExternalDNS would have inserted 2 records on your hosted zone

aws route53 list-resource-record-sets --output json --hosted-zone-id "/hostedzone/ZEWFWZ4R16P7IB" \
    --query "ResourceRecordSets[?Name == 'grafana.external-dns-test.my-org.com.']|[?Type == 'A']"

After which, if you access http://grafana.external-dns-test.my-org.com on your browser, you should be able to see Grafana login page

Troubleshooting

Make sure Ingress resource gets created for the Applications deployed and a LoadBalancer hostname / IP address is set on the Ingress resource
Check the external-dns pod for any issues with ExternalDNS not inserting records. If required, change logLevel to debug to see additional info on the logs

Edit on GitHub