The integration helps configure public DNS servers with information about Kubernetes services to make them discoverable.
Providers have to be set up for this pack to get deployed and work seamlessly. For a list of supported providers and the prerequisites to be set up, visit providers section
Integration deploys the following components:
- External DNS
- https://github.com/kubernetes-sigs/external-dns
- https://github.com/bitnami/charts/tree/master/bitnami/external-dns
Setup prerequisites for AWS Route53
- Create the following IAM policy in the AWS account. This is needed for externalDNS to list and create Route53 resources.
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["route53:ChangeResourceRecordSets"],"Resource": ["arn:aws:route53:::hostedzone/*"]},{"Effect": "Allow","Action": ["route53:ListHostedZones","route53:ListResourceRecordSets"],"Resource": ["*"]}]}
- Create an IAM role and associate the policy created above. Make a note of the role ARN which will be used in ExternalDNS deployment later
- Setup hosted zone in AWS Route53# Create a DNS zone through AWS CLIaws route53 create-hosted-zone --name "external-dns-test.my-org.com." --caller-reference "external-dns-test-$(date +%s)"
Deploy ExternalDNS on the cluster
Add ExternalDNS pack to the desired profile and deploy it to the cluster. You may want to configure the following in pack values.yaml
Configure AWS provider details (line #86)
- Credentials, Zone Type
- AssumeRoleArn with the Role ARN created above
Configure txtOwnerId with the ID of the hosted zone created above (line #366)
aws route53 list-hosted-zones-by-name --output json --dns-name "external-dns-test.my-org.com." | jq -r '.HostedZones[0].Id'Optionally change externalDNS policy and logLevel
Deploy Ingress Controller on the cluster
- Deploy one of the Ingress Controller on the cluster
Deploy Applications with Ingress on the cluster
Add Prometheus-Operator addon to the same profile where ExternalDNS is added
Change serviceType to ClusterIP (line #408)
Enable Ingress for the add-on packs. In this example, let us use Prometheus-Operator integration. Ingress config for Grafana will look like the following:
#Ingress configingress:## If true, Grafana Ingress will be created##enabled: truehosts:- grafana.external-dns-test.my-org.com## Path for grafana ingresspath: /When Prometheus-Operator gets deployed in the Cluster, Ingress resource for Grafana will also get created and will look like
apiVersion: extensions/v1beta1kind: Ingressmetadata:name: grafana-ingressnamespace: monitoringspec:rules:- host: grafana.external-dns-test.my-org.comhttp:paths:- backend:serviceName: grafanaservicePort: 80path: /status:loadBalancer:ingress:- hostname: a9a2eadb64c8e4c2fb37a1f69afb0a30-330939473.us-west-2.elb.amazonaws.com
Verify ExternalDNS (Ingress example)
- If all goes well, after 2 minutes, ExternalDNS would have inserted 2 records on your hosted zoneaws route53 list-resource-record-sets --output json --hosted-zone-id "/hostedzone/ZEWFWZ4R16P7IB" \--query "ResourceRecordSets[?Name == 'grafana.external-dns-test.my-org.com.']|[?Type == 'A']"
- After which, if you access http://grafana.external-dns-test.my-org.com on your browser, you should be able to see Grafana login page
Troubleshooting
- Make sure Ingress resource gets created for the Applications deployed and a LoadBalancer hostname / IP address is set on the Ingress resource
- Check the
external-dns
pod for any issues with ExternalDNS not inserting records. If required, changelogLevel
to debug to see additional info on the logs