github.com/openshift/installer@v1.4.17/docs/user/aws/route53.md

github.com/openshift/installer@v1.4.17/docs/user/aws/route53.md (about)

     1  # Route53
     2  
     3  Amazon's Route53 service is used by the OpenShift installer to configure cluster DNS resolution and provide name lookup
     4  for the cluster to the outside world. To use OpenShift, you must have created a public hosted zone in Amazon Route53 in
     5  the same account as your OpenShift cluster. You must also ensure the zone is "authoritative" for the domain. There are
     6  two ways to do this outlined below: root domain and subdomain. A root domain is `openshiftcorp.com`. A subdomain is of
     7  the form `clusters.openshiftcorp.com`.
     8  
     9  The below sections identify how to ensure your hosted zone is authoritative for a domain.
    10  
    11  ## Step 1: Acquire/Identify Domain
    12  
    13  You may skip this step if using an existing domain and registrar. You will move the authoritative DNS to Route53 or
    14  submit a delegation request for a subdomain in a later step.
    15  
    16  Route53 can also purchase domains for you and act as a registrar. If you allow Route53 to purchase a new domain for you,
    17  you can skip the remainder of these steps (the domain is created and the hosted zone is created correctly for you)!
    18  
    19  ### Example: Purchasing a new domain
    20  
    21  ![Domain purchased in Route53 registrar](images/route53_registrar.png)
    22  
    23  Later:
    24  
    25  ![Automatic hosted zone in Route53](images/route53_hosted_zone.png)
    26  
    27  ## Step 2: Create Public Hosted Zone
    28  
    29  Whether using a root domain or a subdomain, you must create a public, hosted zone.
    30  
    31  [AWS: Creating a Public Hosted Zone][create-hosted-zone]
    32  
    33  To use the root domain, you'd create the hosted zone with the value `openshiftcorp.com`. To use a subdomain, you'd
    34  create a hosted zone with the value `clusters.openshiftcorp.com`. (Use appropriate domain values for your situation.)
    35  
    36  ### Example: Root Domain
    37  
    38  ![Create hosted zone in Route53](images/route53_create_hosted_zone.png)
    39  
    40  ## Step 3: Get Public Nameservers of Hosted Zone
    41  
    42  For either a root domain `openshiftcorp.com` or a subdomain `clusters.openshiftcorp.com`, you must extract the new
    43  authoritative nameservers from the hosted zone records.
    44  
    45  [AWS: Getting the Name Servers for a Public Hosted Zone][get-hosted-zone-info]
    46  
    47  ### Example: Root Domain
    48  
    49  ![Get hosted zone info from Route53](images/route53_hosted_zone_info.png)
    50  
    51  ## Step 4a: Root Domain - Update Registrar
    52  
    53  Each registrar requires a slightly different procedure. Using the four nameserver values from the previous step,
    54  you will update the registrar records to the AWS Route53 nameservers.
    55  
    56  If you have previously registered your root domain with AWS Route53 (in another account), you can follow the procedure
    57  here:
    58  
    59  [AWS: Adding or Changing Name Servers or Glue Records][set-glue-records]
    60  
    61  If you are migrating your root domain to Route53, care should be taken to migrate any existing DNS records first:
    62  
    63  [AWS: Making Amazon Route 53 the DNS Service for an Existing Domain][migrate-dns]
    64  
    65  ### Example
    66  
    67  ![Set nameservers in Route53](images/route53_set_nameservers.png)
    68  
    69  ## Step 4b: Subdomain - Perform DNS Delegation
    70  
    71  For a subdomain of `openshiftcorp.com` (e.g. `clusters.openshiftcorp.com`), you must add delegation records to the
    72  parent/root domain. This may require a request to your company's IT department or the division which controls the root
    73  domain and DNS services for your company.
    74  
    75  ### Example: BIND
    76  
    77  Delegation records in the root domain for `openshiftcorp.com` to AWS Route53 for the subdomain of
    78  `clusters.openshiftcorp.com` would take the following form:
    79  
    80  ```
    81  $ORIGIN clusters.openshiftcorp.com.
    82  	IN 	NS	ns-124.awsdns-15.com.
    83  	IN	NS	ns-1062.awsdns-04.org.
    84  	IN	NS	ns-1603.awsdns-08.co.uk.
    85  	IN	NS	ns-972.awsdns-57.net.
    86  ```
    87  
    88  ### Example: Route53
    89  
    90  Following our previous example, if using entirely AWS Route 53 for the registrar, root domain and subdomain, the root
    91  domain (`openshiftcorp.com`) hosted zone would look like the following:
    92  
    93  ![Subdomain delegation for hosted zone in Route53](images/route53_hosted_zone_delegation.png)
    94  
    95  The root domain would contain the authoritative information for the root domain and also identify a separate set of
    96  nameservers for the subdomain (the nameservers for a separate Hosted Zone in Route53)
    97  
    98  The hosted zone of the subdomain (`clusters.openshiftcorp.com`) would show:
    99  
   100  ![Subdomain hosted zone in Route53](images/route53_hosted_zone_subdomain.png)
   101  
   102  [create-hosted-zone]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html
   103  [get-hosted-zone-info]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/GetInfoAboutHostedZone.html
   104  [set-glue-records]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html#domain-name-servers-glue-records-procedure
   105  [migrate-dns]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html