sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/contour.md

sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/contour.md (about)

     1  # Setting up External DNS with Contour
     2  
     3  This tutorial describes how to configure External DNS to use the Contour `HTTPProxy` source.
     4  Using the `HTTPProxy` resource with External DNS requires Contour version 1.5 or greater.
     5  
     6  ### Example manifests for External DNS
     7  #### Without RBAC
     8  
     9  ```yaml
    10  apiVersion: apps/v1
    11  kind: Deployment
    12  metadata:
    13    name: external-dns
    14  spec:
    15    strategy:
    16      type: Recreate
    17    selector:
    18      matchLabels:
    19        app: external-dns
    20    template:
    21      metadata:
    22        labels:
    23          app: external-dns
    24      spec:
    25        containers:
    26        - name: external-dns
    27          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    28          args:
    29          - --source=service
    30          - --source=ingress
    31          - --source=contour-httpproxy
    32          - --domain-filter=external-dns-test.my-org.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
    33          - --provider=aws
    34          - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
    35          - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
    36          - --registry=txt
    37          - --txt-owner-id=my-identifier
    38  ```
    39  
    40  #### With RBAC
    41  ```yaml
    42  apiVersion: v1
    43  kind: ServiceAccount
    44  metadata:
    45    name: external-dns
    46  ---
    47  apiVersion: rbac.authorization.k8s.io/v1
    48  kind: ClusterRole
    49  metadata:
    50    name: external-dns
    51  rules:
    52  - apiGroups: [""]
    53    resources: ["services","endpoints","pods"]
    54    verbs: ["get","watch","list"]
    55  - apiGroups: ["extensions","networking.k8s.io"]
    56    resources: ["ingresses"] 
    57    verbs: ["get","watch","list"]
    58  - apiGroups: [""]
    59    resources: ["nodes"]
    60    verbs: ["list"]
    61  - apiGroups: ["projectcontour.io"]
    62    resources: ["httpproxies"]
    63    verbs: ["get","watch","list"]
    64  ---
    65  apiVersion: rbac.authorization.k8s.io/v1
    66  kind: ClusterRoleBinding
    67  metadata:
    68    name: external-dns-viewer
    69  roleRef:
    70    apiGroup: rbac.authorization.k8s.io
    71    kind: ClusterRole
    72    name: external-dns
    73  subjects:
    74  - kind: ServiceAccount
    75    name: external-dns
    76    namespace: default
    77  ---
    78  apiVersion: apps/v1
    79  kind: Deployment
    80  metadata:
    81    name: external-dns
    82  spec:
    83    strategy:
    84      type: Recreate
    85    selector:
    86      matchLabels:
    87        app: external-dns
    88    template:
    89      metadata:
    90        labels:
    91          app: external-dns
    92      spec:
    93        serviceAccountName: external-dns
    94        containers:
    95        - name: external-dns
    96          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    97          args:
    98          - --source=service
    99          - --source=ingress
   100          - --source=contour-httpproxy
   101          - --domain-filter=external-dns-test.my-org.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
   102          - --provider=aws
   103          - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
   104          - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
   105          - --registry=txt
   106          - --txt-owner-id=my-identifier
   107  ```
   108  
   109  ### Verify External DNS works
   110  The following instructions are based on the 
   111  [Contour example workload](https://github.com/projectcontour/contour/tree/master/examples/example-workload/httpproxy).
   112  
   113  #### Install a sample service
   114  ```bash
   115  $ kubectl apply -f - <<EOF
   116  apiVersion: apps/v1
   117  kind: Deployment
   118  metadata:
   119    labels:
   120      app: kuard
   121    name: kuard
   122  spec:
   123    replicas: 3
   124    selector:
   125      matchLabels:
   126        app: kuard
   127    template:
   128      metadata:
   129        labels:
   130          app: kuard
   131      spec:
   132        containers:
   133        - image: gcr.io/kuar-demo/kuard-amd64:1
   134          name: kuard
   135  ---
   136  apiVersion: v1
   137  kind: Service
   138  metadata:
   139    labels:
   140      app: kuard
   141    name: kuard
   142  spec:
   143    ports:
   144    - port: 80
   145      protocol: TCP
   146      targetPort: 8080
   147    selector:
   148      app: kuard
   149    sessionAffinity: None
   150    type: ClusterIP
   151  EOF
   152  ```
   153  
   154  Then create an `HTTPProxy`:
   155  
   156  ```
   157  $ kubectl apply -f - <<EOF
   158  apiVersion: projectcontour.io/v1
   159  kind: HTTPProxy
   160  metadata:
   161    labels:
   162      app: kuard
   163    name: kuard
   164    namespace: default
   165  spec:
   166    virtualhost:
   167      fqdn: kuard.example.com
   168    routes:
   169      - conditions:
   170        - prefix: /
   171        services:
   172          - name: kuard
   173            port: 80
   174  EOF
   175  ```
   176  
   177  #### Access the sample service using `curl`
   178  ```bash
   179  $ curl -i http://kuard.example.com/healthy
   180  HTTP/1.1 200 OK
   181  Content-Type: text/plain
   182  Date: Thu, 27 Jun 2019 19:42:26 GMT
   183  Content-Length: 2
   184  
   185  ok
   186  ```