sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/openshift.md

sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/openshift.md (about)

     1  # Configuring ExternalDNS to use the OpenShift Route Source
     2  This tutorial describes how to configure ExternalDNS to use the OpenShift Route source.
     3  It is meant to supplement the other provider-specific setup tutorials.
     4  
     5  ### For OCP 4.x
     6  
     7  In OCP 4.x, if you have multiple [OpenShift ingress controllers](https://docs.openshift.com/container-platform/4.9/networking/ingress-operator.html) then you must specify an ingress controller name (also called router name), you can get it from the route's `status.ingress[*].routerName` field.
     8  If you don't specify a router name when you have multiple ingress controllers in your cluster then the first router from the route's `status.ingress` will be used. Note that the router must have admitted the route in order to be selected.
     9  Once the router is known, ExternalDNS will use this router's canonical hostname as the target for the CNAME record.
    10  
    11  Starting from OCP 4.10 you can use [ExternalDNS Operator](https://github.com/openshift/external-dns-operator) to manage ExternalDNS instances. Example of its custom resource for AWS provider:
    12  ```yaml
    13    apiVersion: externaldns.olm.openshift.io/v1alpha1
    14    kind: ExternalDNS
    15    metadata:
    16      name: sample
    17    spec:
    18      provider:
    19        type: AWS
    20      source:
    21        openshiftRouteOptions:
    22          routerName: default
    23        type: OpenShiftRoute
    24      zones:
    25        - Z05387772BD5723IZFRX3
    26  ```
    27  
    28  This will create an ExternalDNS POD with the following container args in `external-dns` namespace:
    29  ```
    30  spec:
    31    containers:
    32    - args:
    33      - --metrics-address=127.0.0.1:7979
    34      - --txt-owner-id=external-dns-sample
    35      - --provider=aws
    36      - --source=openshift-route
    37      - --policy=sync
    38      - --registry=txt
    39      - --log-level=debug
    40      - --zone-id-filter=Z05387772BD5723IZFRX3
    41      - --openshift-router-name=default
    42      - --txt-prefix=external-dns-
    43  ```
    44  
    45  ### For OCP 3.11 environment
    46  ### Prepare ROUTER_CANONICAL_HOSTNAME in default/router deployment
    47  Read and go through [Finding the Host Name of the Router](https://docs.openshift.com/container-platform/3.11/install_config/router/default_haproxy_router.html#finding-router-hostname).
    48  If no ROUTER_CANONICAL_HOSTNAME is set, you must annotate each route with external-dns.alpha.kubernetes.io/target!
    49  
    50  ### Manifest (for clusters without RBAC enabled)
    51  ```yaml
    52  apiVersion: apps/v1
    53  kind: Deployment
    54  metadata:
    55    name: external-dns
    56  spec:
    57    strategy:
    58      type: Recreate
    59    selector:
    60      matchLabels:
    61        app: external-dns
    62    template:
    63      metadata:
    64        labels:
    65          app: external-dns
    66      spec:
    67        containers:
    68        - name: external-dns
    69          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    70          args:
    71          - --source=openshift-route
    72          - --domain-filter=external-dns-test.my-org.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
    73          - --provider=aws
    74          - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
    75          - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
    76          - --registry=txt
    77          - --txt-owner-id=my-identifier
    78  ```
    79  
    80  ### Manifest (for clusters with RBAC enabled)
    81  ```yaml
    82  apiVersion: v1
    83  kind: ServiceAccount
    84  metadata:
    85    name: external-dns
    86  ---
    87  apiVersion: rbac.authorization.k8s.io/v1
    88  kind: ClusterRole
    89  metadata:
    90    name: external-dns
    91  rules:
    92  - apiGroups: [""]
    93    resources: ["services","endpoints","pods"]
    94    verbs: ["get","watch","list"]
    95  - apiGroups: ["extensions","networking.k8s.io"]
    96    resources: ["ingresses"] 
    97    verbs: ["get","watch","list"]
    98  - apiGroups: [""]
    99    resources: ["nodes"]
   100    verbs: ["list"]
   101  - apiGroups: ["route.openshift.io"]
   102    resources: ["routes"]
   103    verbs: ["get","watch","list"]
   104  ---
   105  apiVersion: rbac.authorization.k8s.io/v1
   106  kind: ClusterRoleBinding
   107  metadata:
   108    name: external-dns-viewer
   109  roleRef:
   110    apiGroup: rbac.authorization.k8s.io
   111    kind: ClusterRole
   112    name: external-dns
   113  subjects:
   114  - kind: ServiceAccount
   115    name: external-dns
   116    namespace: default
   117  ---
   118  apiVersion: apps/v1
   119  kind: Deployment
   120  metadata:
   121    name: external-dns
   122  spec:
   123    strategy:
   124      type: Recreate
   125    selector:
   126      matchLabels:
   127        app: external-dns
   128    template:
   129      metadata:
   130        labels:
   131          app: external-dns
   132      spec:
   133        serviceAccountName: external-dns
   134        containers:
   135        - name: external-dns
   136          image: registry.k8s.io/external-dns/external-dns:v0.14.0
   137          args:
   138          - --source=openshift-route
   139          - --domain-filter=external-dns-test.my-org.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
   140          - --provider=aws
   141          - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
   142          - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
   143          - --registry=txt
   144          - --txt-owner-id=my-identifier
   145  ```
   146  
   147  ### Verify External DNS works (OpenShift Route example)
   148  The following instructions are based on the 
   149  [Hello Openshift](https://github.com/openshift/origin/tree/HEAD/examples/hello-openshift).
   150  
   151  #### Install a sample service and expose it
   152  ```bash
   153  $ oc apply -f - <<EOF
   154  apiVersion: apps/v1
   155  kind: Deployment
   156  metadata:
   157    labels:
   158      app: hello-openshift
   159    name: hello-openshift
   160  spec:
   161    replicas: 1
   162    selector:
   163      matchLabels:
   164        app: hello-openshift
   165    template:
   166      metadata:
   167        labels:
   168          app: hello-openshift
   169      spec:
   170        containers:
   171        - image: openshift/hello-openshift
   172          name: hello-openshift
   173  ---
   174  apiVersion: v1
   175  kind: Service
   176  metadata:
   177    labels:
   178      app: hello-openshift
   179    name: hello-openshift
   180  spec:
   181    ports:
   182    - port: 8080
   183      protocol: TCP
   184      targetPort: 8080
   185    selector:
   186      app: hello-openshift
   187    sessionAffinity: None
   188    type: ClusterIP
   189  ---
   190  apiVersion: route.openshift.io/v1
   191  kind: Route
   192  metadata:
   193    name: hello-openshift
   194  spec:
   195    host: hello-openshift.example.com
   196    to:
   197      kind: Service
   198      name: hello-openshift
   199      weight: 100
   200    wildcardPolicy: None
   201  EOF
   202  ```
   203  
   204  #### Access the sample route using `curl`
   205  ```bash
   206  $ curl -i http://hello-openshift.example.com
   207  HTTP/1.1 200 OK
   208  Date: Fri, 10 Apr 2020 09:36:41 GMT
   209  Content-Length: 17
   210  Content-Type: text/plain; charset=utf-8
   211  
   212  Hello OpenShift!
   213  ```