sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/akamai-edgedns.md (about)

     1  # Setting up External-DNS for Services on Akamai Edge DNS
     2  
     3  ## Prerequisites
     4  
     5  External-DNS v0.8.0 or greater.
     6  
     7  ### Zones
     8  
     9  External-DNS manages service endpoints in existing DNS zones. The Akamai provider does not add, remove or configure new zones. The [Akamai Control Center](https://control.akamai.com) or [Akamai DevOps Tools](https://developer.akamai.com/devops), [Akamai CLI](https://developer.akamai.com/cli) and [Akamai Terraform Provider](https://developer.akamai.com/tools/integrations/terraform) can create and manage Edge DNS zones. 
    10  
    11  ### Akamai Edge DNS Authentication
    12  
    13  The Akamai Edge DNS provider requires valid Akamai Edgegrid API authentication credentials to access zones and manage  DNS records. 
    14  
    15  Either directly by key or indirectly via a file can set credentials for the provider. The Akamai credential keys and mappings to the Akamai provider utilizing different presentation methods are:
    16  
    17  | Edgegrid Auth Key | External-DNS Cmd Line Key | Environment/ConfigMap Key | Description |
    18  | ----------------- | ------------------------- | ------------------------- | ----------- |
    19  | host | akamai-serviceconsumerdomain | EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN | Akamai Edgegrid API server |
    20  | access_token | akamai-access-token | EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN | Akamai Edgegrid API access token |
    21  | client_token | akamai-client-token  | EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN |Akamai Edgegrid API client token |
    22  | client-secret | akamai-client-secret | EXTERNAL_DNS_AKAMAI_CLIENT_SECRET |Akamai Edgegrid API client secret |
    23  
    24  In addition to specifying auth credentials individually, an Akamai Edgegrid .edgerc file convention can set credentials.
    25  
    26  | External-DNS Cmd Line | Environment/ConfigMap | Description |
    27  | --------------------- | --------------------- | ----------- |
    28  | akamai-edgerc-path | EXTERNAL_DNS_AKAMAI_EDGERC_PATH | Accessible path to Edgegrid credentials file, e.g /home/test/.edgerc |
    29  | akamai-edgerc-section | EXTERNAL_DNS_AKAMAI_EDGERC_SECTION | Section in Edgegrid credentials file containing credentials |
    30  
    31  [Akamai API Authentication](https://developer.akamai.com/getting-started/edgegrid) provides an overview and further information about authorization credentials for API base applications and tools.
    32  
    33  ## Deploy External-DNS
    34  
    35  An operational External-DNS deployment consists of an External-DNS container and service. The following sections demonstrate the ConfigMap objects that would make up an example functional external DNS kubernetes configuration utilizing NGINX as the service.
    36  
    37  Connect your `kubectl` client to the External-DNS cluster, and then apply one of the following manifest files:
    38  
    39  ### Manifest (for clusters without RBAC enabled)
    40  
    41  ```yaml
    42  apiVersion: apps/v1
    43  kind: Deployment
    44  metadata:
    45    name: external-dns
    46  spec:
    47    strategy:
    48      type: Recreate
    49    selector:
    50      matchLabels:
    51        app: external-dns
    52    template:
    53      metadata:
    54        labels:
    55          app: external-dns
    56      spec:
    57        serviceAccountName: external-dns
    58        containers:
    59        - name: external-dns
    60          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    61          args:
    62          - --source=service  # or ingress or both
    63          - --provider=akamai
    64          - --domain-filter=example.com
    65          # zone-id-filter may be specified as well to filter on contract ID
    66          - --registry=txt
    67          - --txt-owner-id={{ owner-id-for-this-external-dns }}
    68          - --txt-prefix={{ prefix label for TXT record }}.
    69          env:
    70          - name: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
    71            valueFrom:
    72              secretKeyRef:
    73                name: external-dns
    74                key: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
    75          - name: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
    76            valueFrom:
    77              secretKeyRef:
    78                name: external-dns
    79                key: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
    80          - name: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
    81            valueFrom:
    82              secretKeyRef:
    83                name: external-dns
    84                key: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
    85          - name: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
    86            valueFrom:
    87              secretKeyRef:
    88                name: external-dns
    89                key: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
    90  ```
    91  
    92  ### Manifest (for clusters with RBAC enabled)
    93  
    94  ```yaml
    95  apiVersion: v1
    96  kind: ServiceAccount
    97  metadata:
    98    name: external-dns
    99  ---
   100  apiVersion: rbac.authorization.k8s.io/v1
   101  kind: ClusterRole
   102  metadata:
   103    name: external-dns
   104  rules:
   105  - apiGroups: [""]
   106    resources: ["services","endpoints","pods"]
   107    verbs: ["get","watch","list"]
   108  - apiGroups: ["extensions","networking.k8s.io"]
   109    resources: ["ingresses"]
   110    verbs: ["get","watch","list"]
   111  - apiGroups: [""]
   112    resources: ["nodes"]
   113    verbs: ["watch", "list"]
   114  ---
   115  apiVersion: rbac.authorization.k8s.io/v1
   116  kind: ClusterRoleBinding
   117  metadata:
   118    name: external-dns-viewer
   119  roleRef:
   120    apiGroup: rbac.authorization.k8s.io
   121    kind: ClusterRole
   122    name: external-dns
   123  subjects:
   124  - kind: ServiceAccount
   125    name: external-dns
   126    namespace: default
   127  ---
   128  apiVersion: apps/v1
   129  kind: Deployment
   130  metadata:
   131    name: external-dns
   132  spec:
   133    strategy:
   134      type: Recreate
   135    selector:
   136      matchLabels:
   137        app: external-dns
   138    template:
   139      metadata:
   140        labels:
   141          app: external-dns
   142      spec:
   143        serviceAccountName: external-dns
   144        containers:
   145        - name: external-dns
   146          image: registry.k8s.io/external-dns/external-dns:v0.14.0
   147          args:
   148          - --source=service  # or ingress or both
   149          - --provider=akamai
   150          - --domain-filter=example.com
   151          # zone-id-filter may be specified as well to filter on contract ID
   152          - --registry=txt
   153          - --txt-owner-id={{ owner-id-for-this-external-dns }}
   154          - --txt-prefix={{ prefix label for TXT record }}.
   155          env:
   156          - name: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
   157            valueFrom:
   158              secretKeyRef:
   159                name: external-dns
   160                key: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
   161          - name: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
   162            valueFrom:
   163              secretKeyRef:
   164                name: external-dns
   165                key: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
   166          - name: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
   167            valueFrom:
   168              secretKeyRef:
   169                name: external-dns
   170                key: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
   171          - name: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
   172            valueFrom:
   173              secretKeyRef:
   174                name: external-dns
   175                key: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
   176  ```
   177  
   178  Create the deployment for External-DNS:
   179  
   180  ```
   181  $ kubectl apply -f externaldns.yaml
   182  ```
   183  
   184  ## Deploying an Nginx Service
   185  
   186  Create a service file called 'nginx.yaml' with the following contents:
   187  
   188  ```yaml
   189  apiVersion: apps/v1
   190  kind: Deployment
   191  metadata:
   192    name: nginx
   193  spec:
   194    selector:
   195      matchLabels:
   196        app: nginx
   197    template:
   198      metadata:
   199        labels:
   200          app: nginx
   201      spec:
   202        containers:
   203        - image: nginx
   204          name: nginx
   205          ports:
   206          - containerPort: 80
   207  ---
   208  apiVersion: v1
   209  kind: Service
   210  metadata:
   211    name: nginx
   212    annotations:
   213      external-dns.alpha.kubernetes.io/hostname: nginx.example.com
   214      external-dns.alpha.kubernetes.io/ttl: "600" #optional
   215  spec:
   216    selector:
   217      app: nginx
   218    type: LoadBalancer
   219    ports:
   220      - protocol: TCP
   221        port: 80
   222        targetPort: 80
   223  ```
   224  
   225  Create the deployment and service object:
   226  
   227  ```
   228  $ kubectl apply -f nginx.yaml
   229  ```
   230  
   231  ## Verify Akamai Edge DNS Records
   232  
   233  Wait 3-5 minutes before validating the records to allow the record changes to propagate to all the Akamai name servers.
   234  
   235  Validate records using the [Akamai Control Center](http://control.akamai.com) or by executing a dig, nslookup or similar DNS command.
   236   
   237  ## Cleanup
   238  
   239  Once you successfully configure and verify record management via External-DNS, you can delete the tutorial's examples:
   240  
   241  ```
   242  $ kubectl delete -f nginx.yaml
   243  $ kubectl delete -f externaldns.yaml
   244  ```
   245  
   246  ## Additional Information
   247  
   248  * The Akamai provider allows the administrative user to filter zones by both name (`domain-filter`) and contract Id (`zone-id-filter`). The Edge DNS API will return a '500 Internal Error' for invalid contract Ids.
   249  * The provider will substitute quotes in TXT records with a `` ` `` (back tick) when writing records with the API.