sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/exoscale.md

sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/exoscale.md (about)

     1  # Setting up ExternalDNS for Exoscale
     2  
     3  ## Prerequisites
     4  
     5  Exoscale provider support was added via [this PR](https://github.com/kubernetes-sigs/external-dns/pull/625), thus you need to use external-dns v0.5.5.
     6  
     7  The Exoscale provider expects that your Exoscale zones, you wish to add records to, already exists
     8  and are configured correctly. It does not add, remove or configure new zones in anyway.
     9  
    10  To do this please refer to the [Exoscale DNS documentation](https://community.exoscale.com/documentation/dns/).
    11  
    12  Additionally you will have to provide the Exoscale...:
    13  
    14  * API Key
    15  * API Secret
    16  * Elastic IP address, to access the workers
    17  
    18  ## Deployment
    19  
    20  Deploying external DNS for Exoscale is actually nearly identical to deploying
    21  it for other providers. This is what a sample `deployment.yaml` looks like:
    22  
    23  ```yaml
    24  apiVersion: apps/v1
    25  kind: Deployment
    26  metadata:
    27    name: external-dns
    28  spec:
    29    strategy:
    30      type: Recreate
    31    selector:
    32      matchLabels:
    33        app: external-dns
    34    template:
    35      metadata:
    36        labels:
    37          app: external-dns
    38      spec:
    39        # Only use if you're also using RBAC
    40        # serviceAccountName: external-dns
    41        containers:
    42        - name: external-dns
    43          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    44          args:
    45          - --source=ingress # or service or both
    46          - --provider=exoscale
    47          - --domain-filter={{ my-domain }}
    48          - --policy=sync # if you want DNS entries to get deleted as well
    49          - --txt-owner-id={{ owner-id-for-this-external-dns }}
    50          - --exoscale-apikey={{ api-key}}
    51          - --exoscale-apisecret={{ api-secret }}
    52          # - --exoscale-apizone={{ api-zone }}
    53          # - --exoscale-apienv={{ api-env }}
    54  ```
    55  
    56  Optional arguments `--exoscale-apizone` and `--exoscale-apienv` define [Exoscale API Zone](https://community.exoscale.com/documentation/platform/exoscale-datacenter-zones/)
    57  (default `ch-gva-2`) and Exoscale API environment (default `api`, can be used to target non-production API server) respectively.
    58  
    59  ## RBAC
    60  
    61  If your cluster is RBAC enabled, you also need to setup the following, before you can run external-dns:
    62  
    63  ```yaml
    64  apiVersion: v1
    65  kind: ServiceAccount
    66  metadata:
    67    name: external-dns
    68    namespace: default
    69  
    70  ---
    71  
    72  apiVersion: rbac.authorization.k8s.io/v1
    73  kind: ClusterRole
    74  metadata:
    75    name: external-dns
    76  rules:
    77  - apiGroups: [""]
    78    resources: ["services","endpoints","pods"]
    79    verbs: ["get","watch","list"]
    80  - apiGroups: ["extensions","networking.k8s.io"]
    81    resources: ["ingresses"]
    82    verbs: ["get","watch","list"]
    83  - apiGroups: [""]
    84    resources: ["nodes"]
    85    verbs: ["list"]
    86  
    87  ---
    88  
    89  apiVersion: rbac.authorization.k8s.io/v1
    90  kind: ClusterRoleBinding
    91  metadata:
    92    name: external-dns-viewer
    93  roleRef:
    94    apiGroup: rbac.authorization.k8s.io
    95    kind: ClusterRole
    96    name: external-dns
    97  subjects:
    98  - kind: ServiceAccount
    99    name: external-dns
   100    namespace: default
   101  ```
   102  
   103  ## Testing and Verification
   104  
   105  **Important!**: Remember to change `example.com` with your own domain throughout the following text.
   106  
   107  Spin up a simple nginx HTTP server with the following spec (`kubectl apply -f`):
   108  
   109  ```yaml
   110  apiVersion: networking.k8s.io/v1
   111  kind: Ingress
   112  metadata:
   113    name: nginx
   114    annotations:
   115      external-dns.alpha.kubernetes.io/target: {{ Elastic-IP-address }}
   116  spec:
   117    ingressClassName: nginx
   118    rules:
   119    - host: via-ingress.example.com
   120      http:
   121        paths:
   122        - backend:
   123            service:
   124              name: "nginx"
   125              port:
   126                number: 80
   127          path: /
   128          pathType: Prefix
   129  
   130  ---
   131  
   132  apiVersion: v1
   133  kind: Service
   134  metadata:
   135    name: nginx
   136  spec:
   137    ports:
   138    - port: 80
   139      targetPort: 80
   140    selector:
   141      app: nginx
   142  
   143  ---
   144  
   145  apiVersion: apps/v1
   146  kind: Deployment
   147  metadata:
   148    name: nginx
   149  spec:
   150    selector:
   151      matchLabels:
   152        app: nginx
   153    template:
   154      metadata:
   155        labels:
   156          app: nginx
   157      spec:
   158        containers:
   159        - image: nginx
   160          name: nginx
   161          ports:
   162          - containerPort: 80
   163  ```
   164  
   165  **Important!**: Don't run dig, nslookup or similar immediately (until you've
   166  confirmed the record exists). You'll get hit by [negative DNS caching](https://tools.ietf.org/html/rfc2308), which is hard to flush.
   167  
   168  Wait about 30s-1m (interval for external-dns to kick in), then check Exoscales [portal](https://portal.exoscale.com/dns/example.com)... via-ingress.example.com should appear as a A and TXT record with your Elastic-IP-address.