sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/traefik-proxy.md

sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/traefik-proxy.md (about)

     1  # Configuring ExternalDNS to use the Traefik Proxy Source
     2  
     3  This tutorial describes how to configure ExternalDNS to use the Traefik Proxy source.
     4  It is meant to supplement the other provider-specific setup tutorials.
     5  
     6  ## Manifest (for clusters without RBAC enabled)
     7  
     8  ```yaml
     9  apiVersion: apps/v1
    10  kind: Deployment
    11  metadata:
    12    name: external-dns
    13  spec:
    14    strategy:
    15      type: Recreate
    16    selector:
    17      matchLabels:
    18        app: external-dns
    19    template:
    20      metadata:
    21        labels:
    22          app: external-dns
    23      spec:
    24        containers:
    25        - name: external-dns
    26          # update this to the desired external-dns version
    27          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    28          args:
    29          - --source=traefik-proxy
    30          - --provider=aws
    31          - --registry=txt
    32          - --txt-owner-id=my-identifier
    33  ```
    34  
    35  ## Manifest (for clusters with RBAC enabled)
    36  
    37  ```yaml
    38  apiVersion: v1
    39  kind: ServiceAccount
    40  metadata:
    41    name: external-dns
    42  ---
    43  apiVersion: rbac.authorization.k8s.io/v1
    44  kind: ClusterRole
    45  metadata:
    46    name: external-dns
    47  rules:
    48  - apiGroups: [""]
    49    resources: ["services","endpoints","pods"]
    50    verbs: ["get","watch","list"]
    51  - apiGroups: [""]
    52    resources: ["nodes"]
    53    verbs: ["list","watch"]
    54  - apiGroups: ["traefik.containo.us","traefik.io"]
    55    resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"]
    56    verbs: ["get","watch","list"]
    57  ---
    58  apiVersion: rbac.authorization.k8s.io/v1
    59  kind: ClusterRoleBinding
    60  metadata:
    61    name: external-dns-viewer
    62  roleRef:
    63    apiGroup: rbac.authorization.k8s.io
    64    kind: ClusterRole
    65    name: external-dns
    66  subjects:
    67  - kind: ServiceAccount
    68    name: external-dns
    69    namespace: default
    70  ---
    71  apiVersion: apps/v1
    72  kind: Deployment
    73  metadata:
    74    name: external-dns
    75  spec:
    76    strategy:
    77      type: Recreate
    78    selector:
    79      matchLabels:
    80        app: external-dns
    81    template:
    82      metadata:
    83        labels:
    84          app: external-dns
    85      spec:
    86        serviceAccountName: external-dns
    87        containers:
    88        - name: external-dns
    89          # update this to the desired external-dns version
    90          image: registry.k8s.io/external-dns/external-dns:v0.14.0
    91          args:
    92          - --source=traefik-proxy
    93          - --provider=aws
    94          - --registry=txt
    95          - --txt-owner-id=my-identifier
    96  ```
    97  
    98  ## Deploying a Traefik IngressRoute
    99  Create a IngressRoute file called 'traefik-ingress.yaml' with the following contents:
   100  ```yaml
   101  apiVersion: traefik.io/v1alpha1
   102  kind: IngressRoute
   103  metadata:
   104    name: traefik-ingress
   105    annotations:
   106      external-dns.alpha.kubernetes.io/target: traefik.example.com
   107      kubernetes.io/ingress.class: traefik
   108  spec:
   109    entryPoints:
   110      - web
   111      - websecure
   112    routes:
   113      - match: Host(`application.example.com`)
   114        kind: Rule
   115        services:
   116          - name: service
   117            namespace: namespace
   118            port: port
   119  ```
   120  
   121  Note the annotation on the IngressRoute (`external-dns.alpha.kubernetes.io/target`); use the same hostname as the traefik DNS.
   122  
   123  ExternalDNS uses this annotation to determine what services should be registered with DNS.
   124  
   125  Create the IngressRoute:
   126  
   127  ```
   128  $ kubectl create -f traefik-ingress.yaml
   129  ```
   130  
   131  Depending where you run your IngressRoute it can take a little while for ExternalDNS synchronize the DNS record.
   132  
   133  ## Cleanup
   134  
   135  Now that we have verified that ExternalDNS will automatically manage Traefik DNS records, we can delete the tutorial's example:
   136  
   137  ```
   138  $ kubectl delete -f traefik-ingress.yaml
   139  $ kubectl delete -f externaldns.yaml
   140  ```
   141  
   142  ## Additional Flags
   143  
   144  | Flag | Description |
   145  | --- | --- |
   146  | --traefik-disable-legacy | Disable listeners on Resources under traefik.containo.us |
   147  | --traefik-disable-new | Disable listeners on Resources under traefik.io |
   148  
   149  ### Disabling Resource Listeners
   150  
   151  Traefik has deprecated the legacy API group, traefik.containo.us, in favor of traefik.io. By default the traefik-proxy source will listen for resources under both API groups; however, this may cause timeouts with the following message
   152  
   153  ```
   154  FATA[0060] failed to sync traefik.io/v1alpha1, Resource=ingressroutes: context deadline exceeded
   155  ```
   156  
   157  In this case you can disable one or the other API groups with `--traefik-disable-new` or `--traefik-disable-legacy`
   158