sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/ovh.md (about) 1 # Setting up ExternalDNS for Services on OVH 2 3 This tutorial describes how to setup ExternalDNS for use within a 4 Kubernetes cluster using OVH DNS. 5 6 Make sure to use **>=0.6** version of ExternalDNS for this tutorial. 7 8 ## Creating a zone with OVH DNS 9 10 If you are new to OVH, we recommend you first read the following 11 instructions for creating a zone. 12 13 [Creating a zone using the OVH manager](https://docs.ovh.com/gb/en/domains/create_a_dns_zone_for_a_domain_which_is_not_registered_at_ovh/) 14 15 [Creating a zone using the OVH API](https://api.ovh.com/console/) 16 17 ## Creating OVH Credentials 18 19 You first need to create an OVH application. 20 21 Using the [OVH documentation](https://docs.ovh.com/gb/en/api/first-steps-with-ovh-api/#advanced-usage-pair-ovhcloud-apis-with-an-application_2) you will have your `Application key` and `Application secret` 22 23 And you will need to generate your consumer key, here the permissions needed : 24 - GET on `/domain/zone` 25 - GET on `/domain/zone/*/record` 26 - GET on `/domain/zone/*/record/*` 27 - POST on `/domain/zone/*/record` 28 - DELETE on `/domain/zone/*/record/*` 29 - GET on `/domain/zone/*/soa` 30 - POST on `/domain/zone/*/refresh` 31 32 You can use the following `curl` request to generate & validated your `Consumer key` 33 34 ```bash 35 curl -XPOST -H "X-Ovh-Application: <ApplicationKey>" -H "Content-type: application/json" https://eu.api.ovh.com/1.0/auth/credential -d '{ 36 "accessRules": [ 37 { 38 "method": "GET", 39 "path": "/domain/zone" 40 }, 41 { 42 "method": "GET", 43 "path": "/domain/zone/*/soa" 44 }, 45 { 46 "method": "GET", 47 "path": "/domain/zone/*/record" 48 }, 49 { 50 "method": "GET", 51 "path": "/domain/zone/*/record/*" 52 }, 53 { 54 "method": "POST", 55 "path": "/domain/zone/*/record" 56 }, 57 { 58 "method": "DELETE", 59 "path": "/domain/zone/*/record/*" 60 }, 61 { 62 "method": "POST", 63 "path": "/domain/zone/*/refresh" 64 } 65 ], 66 "redirection":"https://github.com/kubernetes-sigs/external-dns/blob/HEAD/docs/tutorials/ovh.md#creating-ovh-credentials" 67 }' 68 ``` 69 70 ## Deploy ExternalDNS 71 72 Connect your `kubectl` client to the cluster with which you want to test ExternalDNS, and then apply one of the following manifest files for deployment: 73 74 ### Manifest (for clusters without RBAC enabled) 75 76 ```yaml 77 apiVersion: apps/v1 78 kind: Deployment 79 metadata: 80 name: external-dns 81 spec: 82 strategy: 83 type: Recreate 84 selector: 85 matchLabels: 86 app: external-dns 87 template: 88 metadata: 89 labels: 90 app: external-dns 91 spec: 92 containers: 93 - name: external-dns 94 image: registry.k8s.io/external-dns/external-dns:v0.14.0 95 args: 96 - --source=service # ingress is also possible 97 - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above. 98 - --provider=ovh 99 env: 100 - name: OVH_APPLICATION_KEY 101 value: "YOUR_OVH_APPLICATION_KEY" 102 - name: OVH_APPLICATION_SECRET 103 value: "YOUR_OVH_APPLICATION_SECRET" 104 - name: OVH_CONSUMER_KEY 105 value: "YOUR_OVH_CONSUMER_KEY_AFTER_VALIDATED_LINK" 106 ``` 107 108 ### Manifest (for clusters with RBAC enabled) 109 110 ```yaml 111 apiVersion: v1 112 kind: ServiceAccount 113 metadata: 114 name: external-dns 115 --- 116 apiVersion: rbac.authorization.k8s.io/v1 117 kind: ClusterRole 118 metadata: 119 name: external-dns 120 rules: 121 - apiGroups: [""] 122 resources: ["services"] 123 verbs: ["get","watch","list"] 124 - apiGroups: [""] 125 resources: ["pods"] 126 verbs: ["get","watch","list"] 127 - apiGroups: ["extensions","networking.k8s.io"] 128 resources: ["ingresses"] 129 verbs: ["get","watch","list"] 130 - apiGroups: [""] 131 resources: ["nodes"] 132 verbs: ["list"] 133 - apiGroups: [""] 134 resources: ["endpoints"] 135 verbs: ["get","watch","list"] 136 --- 137 apiVersion: rbac.authorization.k8s.io/v1 138 kind: ClusterRoleBinding 139 metadata: 140 name: external-dns-viewer 141 roleRef: 142 apiGroup: rbac.authorization.k8s.io 143 kind: ClusterRole 144 name: external-dns 145 subjects: 146 - kind: ServiceAccount 147 name: external-dns 148 namespace: default 149 --- 150 apiVersion: apps/v1 151 kind: Deployment 152 metadata: 153 name: external-dns 154 spec: 155 strategy: 156 type: Recreate 157 selector: 158 matchLabels: 159 app: external-dns 160 template: 161 metadata: 162 labels: 163 app: external-dns 164 spec: 165 serviceAccountName: external-dns 166 containers: 167 - name: external-dns 168 image: registry.k8s.io/external-dns/external-dns:v0.14.0 169 args: 170 - --source=service # ingress is also possible 171 - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above. 172 - --provider=ovh 173 env: 174 - name: OVH_APPLICATION_KEY 175 value: "YOUR_OVH_APPLICATION_KEY" 176 - name: OVH_APPLICATION_SECRET 177 value: "YOUR_OVH_APPLICATION_SECRET" 178 - name: OVH_CONSUMER_KEY 179 value: "YOUR_OVH_CONSUMER_KEY_AFTER_VALIDATED_LINK" 180 ``` 181 182 ## Deploying an Nginx Service 183 184 Create a service file called 'nginx.yaml' with the following contents: 185 186 ```yaml 187 apiVersion: apps/v1 188 kind: Deployment 189 metadata: 190 name: nginx 191 spec: 192 selector: 193 matchLabels: 194 app: nginx 195 template: 196 metadata: 197 labels: 198 app: nginx 199 spec: 200 containers: 201 - image: nginx 202 name: nginx 203 ports: 204 - containerPort: 80 205 --- 206 apiVersion: v1 207 kind: Service 208 metadata: 209 name: nginx 210 annotations: 211 external-dns.alpha.kubernetes.io/hostname: example.com 212 external-dns.alpha.kubernetes.io/ttl: "120" #optional 213 spec: 214 selector: 215 app: nginx 216 type: LoadBalancer 217 ports: 218 - protocol: TCP 219 port: 80 220 targetPort: 80 221 ``` 222 223 **A note about annotations** 224 225 Verify that the annotation on the service uses the same hostname as the OVH DNS zone created above. The annotation may also be a subdomain of the DNS zone (e.g. 'www.example.com'). 226 227 The TTL annotation can be used to configure the TTL on DNS records managed by ExternalDNS and is optional. If this annotation is not set, the TTL on records managed by ExternalDNS will default to 10. 228 229 ExternalDNS uses the hostname annotation to determine which services should be registered with DNS. Removing the hostname annotation will cause ExternalDNS to remove the corresponding DNS records. 230 231 ### Create the deployment and service 232 233 ``` 234 $ kubectl create -f nginx.yaml 235 ``` 236 237 Depending on where you run your service, it may take some time for your cloud provider to create an external IP for the service. Once an external IP is assigned, ExternalDNS detects the new service IP address and synchronizes the OVH DNS records. 238 239 ## Verifying OVH DNS records 240 241 Use the OVH manager or API to verify that the A record for your domain shows the external IP address of the services. 242 243 ## Cleanup 244 245 Once you successfully configure and verify record management via ExternalDNS, you can delete the tutorial's example: 246 247 ``` 248 $ kubectl delete -f nginx.yaml 249 $ kubectl delete -f externaldns.yaml 250 ```