sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/dyn.md

sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/dyn.md (about)

     1  # Setting up ExternalDNS for Dyn
     2  
     3  ## Creating a Dyn Configuration Secret
     4  
     5  For ExternalDNS to access the Dyn API, create a Kubernetes secret.
     6  
     7  To create the secret:
     8  
     9  ```
    10  $ kubectl create secret generic external-dns \
    11        --from-literal=EXTERNAL_DNS_DYN_CUSTOMER_NAME=${DYN_CUSTOMER_NAME} \
    12        --from-literal=EXTERNAL_DNS_DYN_USERNAME=${DYN_USERNAME} \
    13        --from-literal=EXTERNAL_DNS_DYN_PASSWORD=${DYN_PASSWORD}
    14  ```
    15  
    16  The credentials are the same ones created during account registration. As best practise, you are advised to
    17  create an API-only user that is entitled to only the zones intended to be changed by ExternalDNS
    18  
    19  ## Deploy ExternalDNS
    20  The rest of this tutorial assumes you own `example.com` domain and your DNS provider is Dyn. Change `example.com`
    21  with a domain/zone that you really own.
    22  
    23  In case of the dyn provider, the flag `--zone-id-filter` is mandatory as it specifies which zones to scan for records. Without it
    24  
    25  
    26  Create a deployment file called `externaldns.yaml` with the following contents:
    27  
    28  ```yaml
    29  apiVersion: apps/v1
    30  kind: Deployment
    31  metadata:
    32    name: external-dns
    33  spec:
    34    strategy:
    35      type: Recreate
    36    selector:
    37      matchLabels:
    38        app: external-dns
    39    template:
    40      metadata:
    41        labels:
    42          app: external-dns
    43      spec:
    44        containers:
    45        - name: external-dns
    46          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    47          args:
    48          - --source=ingress
    49          - --txt-prefix=_d
    50          - --namespace=example
    51          - --zone-id-filter=example.com
    52          - --domain-filter=example.com
    53          - --provider=dyn
    54          env:
    55          - name: EXTERNAL_DNS_DYN_CUSTOMER_NAME
    56            valueFrom:
    57              secretKeyRef:
    58                name: external-dns
    59                key: EXTERNAL_DNS_DYN_CUSTOMER_NAME
    60          - name: EXTERNAL_DNS_DYN_USERNAME
    61            valueFrom:
    62              secretKeyRef:
    63                name: external-dns
    64                key: EXTERNAL_DNS_DYN_USERNAME
    65          - name: EXTERNAL_DNS_DYN_PASSWORD
    66            valueFrom:
    67              secretKeyRef:
    68                name: external-dns
    69                key: EXTERNAL_DNS_DYN_PASSWORD
    70  EOF
    71  ```
    72  
    73  As we'll be creating an Ingress resource, you need `--txt-prefix=_d` as a CNAME cannot coexist with a TXT record. You can change the prefix to
    74  any valid start of a FQDN.
    75  
    76  Create the deployment for ExternalDNS:
    77  
    78  ```
    79  $ kubectl create -f externaldns.yaml
    80  ```
    81  
    82  ## Running a locally build version
    83  If you just want to test ExternalDNS in dry-run mode locally without doing the above deployment you can also do it.
    84  Make sure your kubectl is configured correctly . Assuming you have the sources, build and run it like so:
    85  
    86  ```bash
    87  make 
    88  # output skipped
    89  
    90  ./build/external-dns \
    91      --provider=dyn \
    92      --dyn-customer-name=${DYN_CUSTOMER_NAME} \
    93      --dyn-username=${DYN_USERNAME} \
    94      --dyn-password=${DYN_PASSWORD} \
    95      --domain-filter=example.com \
    96      --zone-id-filter=example.com \
    97      --namespace=example \
    98      --log-level=debug \
    99      --txt-prefix=_ \
   100      --dry-run=true
   101  INFO[0000] running in dry-run mode. No changes to DNS records will be made. 
   102  INFO[0000] Connected to cluster at https://some-k8s-cluster.example.com 
   103  INFO[0001] Zones: [example.com]
   104  # output skipped
   105  ```
   106  
   107  Having `--dry-run=true` and `--log-level=debug` is a great way to see _exactly_ what DynamicDNS is doing or is about to do.
   108  
   109  ## Deploying an Ingress Resource
   110  
   111  Create a file called 'test-ingress.yaml' with the following contents:
   112  
   113  ```yaml
   114  apiVersion: networking.k8s.io/v1
   115  kind: Ingress
   116  metadata:  
   117    name: test-ingress
   118    namespace: example
   119  spec:
   120    rules:
   121    - host: test-ingress.example.com
   122      http:
   123        paths:
   124        - backend:
   125            service:
   126              name: my-awesome-service
   127              port:
   128                number: 8080
   129          pathType: Prefix
   130  ```
   131  
   132  As the DNS name `test-ingress.example.com` matches the filter, external-dns will create two records:
   133  a CNAME for test-ingress.example.com and TXT for _dtest-ingress.example.com. 
   134  
   135  Create the Ingress:
   136  
   137  ```
   138  $ kubectl create -f test-ingress.yaml
   139  ```
   140  
   141  By default external-dns scans for changes every minute so give it some time to catch up with the 
   142  ## Verifying Dyn DNS records
   143  
   144  Login to the console at https://portal.dynect.net/login/ and verify records are created
   145  
   146  ## Clean up
   147  
   148  Login to the console at https://portal.dynect.net/login/ and delete the records created. Alternatively, just delete the sample
   149  Ingress resources and external-dns will delete the records.