The external DNS service reserves DNS hostnames for applications, using a declarative, Kubernetes-native interface. It is packaged as an extension in the Tanzu Kubernetes Grid extensions bundle.
This blogs explains how to deploy the external DNS service to a workload or shared services cluster in Tanzu Kubernetes Grid. In this blog, I use AWS Route53 as my external DNS.
kapp-controller, cert-manager and tanzu-addons-controller-manager have been installed and are up/running.
root@topgun01 [ ~/tkg-extensions-v1.3.1+vmware.1/extensions/service-discovery/external-dns ]# k create -f namespace-role.yaml
namespace/tanzu-system-service-discovery created
serviceaccount/external-dns-extension-sa created
role.rbac.authorization.k8s.io/external-dns-extension-role created
rolebinding.rbac.authorization.k8s.io/tanzu-system-service-discovery-rolebinding created
clusterrole.rbac.authorization.k8s.io/external-dns-extension-cluster-role created
clusterrolebinding.rbac.authorization.k8s.io/external-dns-extension-cluster-rolebinding created
root@topgun01 [ ~/tkg-extensions-v1.3.1+vmware.1/extensions/service-discovery/external-dns ]# kubectl -n tanzu-system-service-discovery create secret generic route53-credentials --from-literal=aws_access_key_id=***aws_access_key_id*** --from-literal=aws_secret_access_key=***aws_secret_access_key***
secret/route53-credentials created
#@data/values
#@overlay/match-child-defaults missing_ok=True
---
externalDns:
image:
repository: projects.registry.vmware.com/tkg
deployment:
annotations: {}
#@overlay/replace
args:
- --source=service
- --source=ingress
- --source=contour-httpproxy #! configure external-dns to read Contour HTTPProxy resources
- --domain-filter=vmconaws.net #! zone where services are deployed
- --provider=aws
- --policy=upsert-only #! would prevent ExternalDNS from deleting any records, omit to enable full synchronization
- --aws-zone-type=public #! only look at public hosted zones (valid values are public, private or no value for both)
- --aws-prefer-cname
- --registry=txt
- --txt-owner-id=Z0xxxxxxxxxxxxxxx3NN #! Route53 hosted zone identifier for my-zone.example.org
- --txt-prefix=txt #! disambiguates TXT records from CNAME records
#@overlay/replace
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: route53-credentials #! Kubernetes secret for route53 credentials
key: aws_access_key_id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: route53-credentials #! Kubernetes secret for route53 credentials
key: aws_secret_access_key
root@topgun01 [ ~/tkg-extensions-v1.3.1+vmware.1/extensions/service-discovery/external-dns ]# kubectl create secret generic external-dns-data-values --from-file=values.yaml=external-dns-data-values.yaml -n tanzu-system-service-discovery
secret/external-dns-data-values created
root@topgun01 [ ~/tkg-extensions-v1.3.1+vmware.1/extensions/service-discovery/external-dns ]# kubectl apply -f external-dns-extension.yaml
app.kappctrl.k14s.io/external-dns created
root@topgun01 [ ~/tkg-extensions-v1.3.1+vmware.1/extensions/service-discovery/external-dns ]# kubectl get app external-dns -n tanzu-system-service-discovery
NAME DESCRIPTION SINCE-DEPLOY AGE
external-dns Reconcile succeeded 44s 51s
root@topgun01 [ ~/tkg-extensions-v1.3.1+vmware.1/extensions/service-discovery/external-dns ]# k get all -n tanzu-system-service-discovery
NAME READY STATUS RESTARTS AGE
pod/external-dns-7c855dfb76-t7xsg 1/1 Running 0 2m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/external-dns 1/1 1 1 2m
NAME DESIRED CURRENT READY AGE
replicaset.apps/external-dns-7c855dfb76 1 1 1 2m