sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/tencentcloud.md (about) 1 # Setting up ExternalDNS for Tencent Cloud 2 3 ## External Dns Version 4 * Make sure to use **>=0.13.1** version of ExternalDNS for this tutorial 5 6 ## Set up PrivateDns or DNSPod 7 8 Tencent Cloud DNSPod Service is the domain name resolution and management service for public access. 9 Tencent Cloud PrivateDNS Service is the domain name resolution and management service for VPC internal access. 10 11 * If you want to use internal dns service in Tencent Cloud. 12 1. Set up the args `--tencent-cloud-zone-type=private` 13 2. Create a DNS domain in PrivateDNS console. DNS domain which will contain the managed DNS records. 14 15 * If you want to use public dns service in Tencent Cloud. 16 1. Set up the args `--tencent-cloud-zone-type=public` 17 2. Create a Domain in DnsPod console. DNS domain which will contain the managed DNS records. 18 19 ## Set up CAM for API Key 20 21 In Tencent CAM Console. you may get the secretId and secretKey pair. make sure the key pair has those Policy. 22 ```json 23 { 24 "version": "2.0", 25 "statement": [ 26 { 27 "effect": "allow", 28 "action": [ 29 "dnspod:ModifyRecord", 30 "dnspod:DeleteRecord", 31 "dnspod:CreateRecord", 32 "dnspod:DescribeRecordList", 33 "dnspod:DescribeDomainList" 34 ], 35 "resource": [ 36 "*" 37 ] 38 }, 39 { 40 "effect": "allow", 41 "action": [ 42 "privatedns:DescribePrivateZoneList", 43 "privatedns:DescribePrivateZoneRecordList", 44 "privatedns:CreatePrivateZoneRecord", 45 "privatedns:DeletePrivateZoneRecord", 46 "privatedns:ModifyPrivateZoneRecord" 47 ], 48 "resource": [ 49 "*" 50 ] 51 } 52 ] 53 } 54 ``` 55 56 # Deploy ExternalDNS 57 58 ## Manifest (for clusters with RBAC enabled) 59 60 ```yaml 61 apiVersion: v1 62 kind: ServiceAccount 63 metadata: 64 name: external-dns 65 --- 66 apiVersion: rbac.authorization.k8s.io/v1 67 kind: ClusterRole 68 metadata: 69 name: external-dns 70 rules: 71 - apiGroups: [""] 72 resources: ["services","endpoints","pods"] 73 verbs: ["get","watch","list"] 74 - apiGroups: ["extensions","networking.k8s.io"] 75 resources: ["ingresses"] 76 verbs: ["get","watch","list"] 77 - apiGroups: [""] 78 resources: ["nodes"] 79 verbs: ["list"] 80 --- 81 apiVersion: rbac.authorization.k8s.io/v1 82 kind: ClusterRoleBinding 83 metadata: 84 name: external-dns-viewer 85 roleRef: 86 apiGroup: rbac.authorization.k8s.io 87 kind: ClusterRole 88 name: external-dns 89 subjects: 90 - kind: ServiceAccount 91 name: external-dns 92 namespace: default 93 --- 94 apiVersion: v1 95 kind: ConfigMap 96 metadata: 97 name: external-dns 98 data: 99 tencent-cloud.json: | 100 { 101 "regionId": "ap-shanghai", 102 "secretId": "******", 103 "secretKey": "******", 104 "vpcId": "vpc-******", 105 "internetEndpoint": false # Default: false. Access the Tencent API through the intranet. If you need to deploy on the public network, you need to change to true 106 } 107 --- 108 apiVersion: apps/v1 109 kind: Deployment 110 metadata: 111 name: external-dns 112 spec: 113 strategy: 114 type: Recreate 115 selector: 116 matchLabels: 117 app: external-dns 118 template: 119 metadata: 120 labels: 121 app: external-dns 122 spec: 123 containers: 124 - args: 125 - --source=service 126 - --source=ingress 127 - --domain-filter=external-dns-test.com # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones 128 - --provider=tencentcloud 129 - --policy=sync # set `upsert-only` would prevent ExternalDNS from deleting any records 130 - --tencent-cloud-zone-type=private # only look at private hosted zones. set `public` to use the public dns service. 131 - --tencent-cloud-config-file=/etc/kubernetes/tencent-cloud.json 132 image: registry.k8s.io/external-dns/external-dns:v0.14.0 133 imagePullPolicy: Always 134 name: external-dns 135 resources: {} 136 terminationMessagePath: /dev/termination-log 137 terminationMessagePolicy: File 138 volumeMounts: 139 - mountPath: /etc/kubernetes 140 name: config-volume 141 readOnly: true 142 dnsPolicy: ClusterFirst 143 hostAliases: 144 - hostnames: 145 - privatedns.internal.tencentcloudapi.com 146 - dnspod.internal.tencentcloudapi.com 147 ip: 169.254.0.95 148 restartPolicy: Always 149 schedulerName: default-scheduler 150 securityContext: {} 151 serviceAccount: external-dns 152 serviceAccountName: external-dns 153 terminationGracePeriodSeconds: 30 154 volumes: 155 - configMap: 156 defaultMode: 420 157 items: 158 - key: tencent-cloud.json 159 path: tencent-cloud.json 160 name: external-dns 161 name: config-volume 162 ``` 163 164 # Example 165 166 ## Service 167 168 ```yaml 169 apiVersion: v1 170 kind: Service 171 metadata: 172 name: nginx 173 annotations: 174 external-dns.alpha.kubernetes.io/hostname: nginx.external-dns-test.com 175 external-dns.alpha.kubernetes.io/internal-hostname: nginx-internal.external-dns-test.com 176 external-dns.alpha.kubernetes.io/ttl: "600" 177 spec: 178 type: LoadBalancer 179 ports: 180 - port: 80 181 name: http 182 targetPort: 80 183 selector: 184 app: nginx 185 --- 186 apiVersion: apps/v1 187 kind: Deployment 188 metadata: 189 name: nginx 190 spec: 191 selector: 192 matchLabels: 193 app: nginx 194 template: 195 metadata: 196 labels: 197 app: nginx 198 spec: 199 containers: 200 - image: nginx 201 name: nginx 202 ports: 203 - containerPort: 80 204 name: http 205 ``` 206 207 `nginx.external-dns-test.com` will record to the Loadbalancer VIP. 208 `nginx-internal.external-dns-test.com` will record to the ClusterIP. 209 all of the DNS Record ttl will be 600. 210 211 # Attention 212 213 This makes ExternalDNS safe for running in environments where there are other records managed via other means. 214