sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/ANS_Group_SafeDNS.md (about) 1 # Setting up ExternalDNS for Services on ANS Group's SafeDNS 2 3 This tutorial describes how to setup ExternalDNS for usage within a Kubernetes cluster using SafeDNS. 4 5 Make sure to use **>=0.11.0** version of ExternalDNS for this tutorial. 6 7 ## Managing DNS with SafeDNS 8 9 If you want to learn about how to use the SafeDNS service read the following tutorials: 10 To learn more about the use of SafeDNS in general, see the following page: 11 12 [ANS Group's SafeDNS documentation](https://docs.ukfast.co.uk/domains/safedns/index.html). 13 14 ## Creating SafeDNS credentials 15 16 Generate a fresh API token for use with ExternalDNS, following the instructions 17 at the ANS Group developer [Getting-Started](https://developers.ukfast.io/getting-started) 18 page. You will need to grant read/write access to the SafeDNS API. No access to 19 any other ANS Group service is required. 20 21 The environment variable `SAFEDNS_TOKEN` must have a value of this token to run 22 ExternalDNS with SafeDNS integration. 23 24 ## Deploy ExternalDNS 25 26 Connect your `kubectl` client to the cluster you want to test ExternalDNS with. 27 Then apply one of the following manifests file to deploy ExternalDNS. 28 29 ### Manifest (for clusters without RBAC enabled) 30 31 ```yaml 32 apiVersion: apps/v1 33 kind: Deployment 34 metadata: 35 name: external-dns 36 spec: 37 strategy: 38 type: Recreate 39 selector: 40 matchLabels: 41 app: external-dns 42 template: 43 metadata: 44 labels: 45 app: external-dns 46 spec: 47 containers: 48 - name: external-dns 49 # You will need to check what the latest version is yourself: 50 # https://github.com/kubernetes-sigs/external-dns/releases 51 image: registry.k8s.io/external-dns/external-dns:v0.14.0 52 args: 53 - --source=service # ingress is also possible 54 # (optional) limit to only example.com domains; change to match the 55 # zone created above. 56 - --domain-filter=example.com 57 - --provider=safedns 58 env: 59 - name: SAFEDNS_TOKEN 60 value: "SAFEDNSTOKENSAFEDNSTOKEN" 61 ``` 62 63 ### Manifest (for clusters with RBAC enabled) 64 65 ```yaml 66 apiVersion: v1 67 kind: ServiceAccount 68 metadata: 69 name: external-dns 70 --- 71 apiVersion: rbac.authorization.k8s.io/v1 72 kind: ClusterRole 73 metadata: 74 name: external-dns 75 rules: 76 - apiGroups: [""] 77 resources: ["services","endpoints","pods"] 78 verbs: ["get","watch","list"] 79 - apiGroups: ["extensions","networking.k8s.io"] 80 resources: ["ingresses"] 81 verbs: ["get","watch","list"] 82 - apiGroups: [""] 83 resources: ["nodes"] 84 verbs: ["list"] 85 --- 86 apiVersion: rbac.authorization.k8s.io/v1 87 kind: ClusterRoleBinding 88 metadata: 89 name: external-dns-viewer 90 roleRef: 91 apiGroup: rbac.authorization.k8s.io 92 kind: ClusterRole 93 name: external-dns 94 subjects: 95 - kind: ServiceAccount 96 name: external-dns 97 namespace: default 98 --- 99 apiVersion: apps/v1 100 kind: Deployment 101 metadata: 102 name: external-dns 103 spec: 104 strategy: 105 type: Recreate 106 selector: 107 matchLabels: 108 app: external-dns 109 template: 110 metadata: 111 labels: 112 app: external-dns 113 spec: 114 serviceAccountName: external-dns 115 containers: 116 - name: external-dns 117 image: registry.k8s.io/external-dns/external-dns:v0.14.0 118 args: 119 - --source=service # ingress is also possible 120 # (optional) limit to only example.com domains; change to match the 121 # zone created above. 122 - --domain-filter=example.com 123 - --provider=safedns 124 env: 125 - name: SAFEDNS_TOKEN 126 value: "SAFEDNSTOKENSAFEDNSTOKEN" 127 ``` 128 129 ## Deploying an Nginx Service 130 131 Create a service file called 'nginx.yaml' with the following contents: 132 133 ```yaml 134 apiVersion: apps/v1 135 kind: Deployment 136 metadata: 137 name: nginx 138 spec: 139 selector: 140 matchLabels: 141 app: nginx 142 template: 143 metadata: 144 labels: 145 app: nginx 146 spec: 147 containers: 148 - image: nginx 149 name: nginx 150 ports: 151 - containerPort: 80 152 --- 153 apiVersion: v1 154 kind: Service 155 metadata: 156 name: nginx 157 annotations: 158 external-dns.alpha.kubernetes.io/hostname: my-app.example.com 159 spec: 160 selector: 161 app: nginx 162 type: LoadBalancer 163 ports: 164 - protocol: TCP 165 port: 80 166 targetPort: 80 167 ``` 168 169 Note the annotation on the service; use a hostname that matches the domain 170 filter specified above. 171 172 ExternalDNS uses this annotation to determine what services should be registered 173 with DNS. Removing the annotation will cause ExternalDNS to remove the 174 corresponding DNS records. 175 176 Create the deployment and service: 177 178 ```console 179 $ kubectl create -f nginx.yaml 180 ``` 181 182 Depending where you run your service it can take a little while for your cloud 183 provider to create an external IP for the service. 184 185 Once the service has an external IP assigned, ExternalDNS will notice the new 186 service IP address and synchronize the SafeDNS records. 187 188 ## Verifying SafeDNS records 189 190 Check your [SafeDNS UI](https://my.ukfast.co.uk/safedns/index.php) and select 191 the appropriate domain to view the records for your SafeDNS zone. 192 193 This should show the external IP address of the service as the A record for your 194 domain. 195 196 Alternatively, you can perform a DNS lookup for the hostname specified: 197 ```console 198 $ dig +short my-app.example.com 199 an.ip.addr.ess 200 ``` 201 202 ## Cleanup 203 204 Now that we have verified that ExternalDNS will automatically manage SafeDNS 205 records, we can delete the tutorial's example: 206 207 ``` 208 $ kubectl delete service -f nginx.yaml 209 $ kubectl delete service -f externaldns.yaml 210 ```