sigs.k8s.io/external-dns@v0.14.1/docs/tutorials/vinyldns.md (about) 1 # Setting up ExternalDNS for VinylDNS 2 3 This tutorial describes how to setup ExternalDNS for usage within a Kubernetes cluster using VinylDNS. 4 5 The environment vars `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, and `VINYLDNS_HOST` will be needed to run ExternalDNS with VinylDNS. 6 7 ## Create a sample deployment and service for external-dns to use 8 9 Run an application and expose it via a Kubernetes Service: 10 11 ```console 12 $ kubectl run nginx --image=nginx --replicas=1 --port=80 13 $ kubectl expose deployment nginx --port=80 --target-port=80 --type=LoadBalancer 14 ``` 15 16 Annotate the Service with your desired external DNS name. Make sure to change `example.org` to your domain. 17 18 ```console 19 $ kubectl annotate service nginx "external-dns.alpha.kubernetes.io/hostname=nginx.example.org." 20 ``` 21 22 After the service is up and running, it should get an EXTERNAL-IP. At first this may showing as `<pending>` 23 24 ```console 25 $ kubectl get svc 26 NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE 27 kubernetes 10.0.0.1 <none> 443/TCP 1h 28 nginx 10.0.0.115 <pending> 80:30543/TCP 10s 29 ``` 30 31 Once it's available 32 33 ```console 34 % kubectl get svc 35 NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE 36 kubernetes 10.0.0.1 <none> 443/TCP 1h 37 nginx 10.0.0.115 34.x.x.x 80:30543/TCP 2m 38 ``` 39 40 ## Deploy ExternalDNS to Kubernetes 41 42 Connect your `kubectl` client to the cluster you want to test ExternalDNS with. 43 Then apply one of the following manifests file to deploy ExternalDNS. 44 45 **Note for examples below** 46 47 When using `registry=txt` option, make sure to also use the `txt-prefix` and `txt-owner-id` options as well. If you try to create a `TXT` record in VinylDNS without a prefix, it will try to create a `TXT` record with the same name as your actual DNS record and fail (creating a stranded record `external-dns` cannot manage). 48 49 ### Manifest (for clusters without RBAC enabled) 50 51 ```yaml 52 apiVersion: apps/v1 53 kind: Deployment 54 metadata: 55 name: external-dns 56 spec: 57 strategy: 58 type: Recreate 59 selector: 60 matchLabels: 61 app: external-dns 62 template: 63 metadata: 64 labels: 65 app: external-dns 66 spec: 67 containers: 68 - name: external-dns 69 image: registry.k8s.io/external-dns/external-dns:v0.14.0 70 args: 71 - --provider=vinyldns 72 - --source=service 73 - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above. 74 - --registry=txt 75 - --txt-owner-id=grizz 76 - --txt-prefix=txt- 77 env: 78 - name: VINYLDNS_HOST 79 value: "YOUR_VINYLDNS_HOST" 80 - name: VINYLDNS_ACCESS_KEY 81 value: "YOUR_VINYLDNS_ACCESS_KEY" 82 - name: VINYLDNS_SECRET_KEY 83 value: "YOUR_VINYLDNS_SECRET_KEY" 84 ``` 85 86 ### Manifest (for clusters with RBAC enabled) 87 88 ```yaml 89 apiVersion: v1 90 kind: ServiceAccount 91 metadata: 92 name: external-dns 93 --- 94 apiVersion: rbac.authorization.k8s.io/v1 95 kind: ClusterRole 96 metadata: 97 name: external-dns 98 rules: 99 - apiGroups: [""] 100 resources: ["services","endpoints","pods"] 101 verbs: ["get","watch","list"] 102 - apiGroups: ["extensions","networking.k8s.io"] 103 resources: ["ingresses"] 104 verbs: ["get","watch","list"] 105 - apiGroups: [""] 106 resources: ["nodes"] 107 verbs: ["list"] 108 --- 109 apiVersion: rbac.authorization.k8s.io/v1 110 kind: ClusterRoleBinding 111 metadata: 112 name: external-dns-viewer 113 roleRef: 114 apiGroup: rbac.authorization.k8s.io 115 kind: ClusterRole 116 name: external-dns 117 subjects: 118 - kind: ServiceAccount 119 name: external-dns 120 namespace: default 121 --- 122 apiVersion: apps/v1 123 kind: Deployment 124 metadata: 125 name: external-dns 126 spec: 127 strategy: 128 type: Recreate 129 selector: 130 matchLabels: 131 app: external-dns 132 template: 133 metadata: 134 labels: 135 app: external-dns 136 spec: 137 serviceAccountName: external-dns 138 containers: 139 - name: external-dns 140 image: registry.k8s.io/external-dns/external-dns:v0.14.0 141 args: 142 - --provider=vinyldns 143 - --source=service 144 - --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above. 145 - --registry=txt 146 - --txt-owner-id=grizz 147 - --txt-prefix=txt- 148 env: 149 env: 150 - name: VINYLDNS_HOST 151 value: "YOUR_VINYLDNS_HOST" 152 - name: VINYLDNS_ACCESS_KEY 153 value: "YOUR_VINYLDNS_ACCESS_KEY" 154 - name: VINYLDNS_SECRET_KEY 155 value: "YOUR_VINYLDNS_SECRET_KEYY 156 ``` 157 158 ## Running a locally built version pointed to the above nginx service 159 Make sure your kubectl is configured correctly. Assuming you have the sources, build and run it like below. 160 161 The vinyl access details needs to exported to the environment before running. 162 163 ```bash 164 make 165 # output skipped 166 167 export VINYLDNS_HOST=<fqdn of vinyl dns api> 168 export VINYLDNS_ACCESS_KEY=<access key> 169 export VINYLDNS_SECRET_KEY=<secret key> 170 171 ./build/external-dns \ 172 --provider=vinyldns \ 173 --source=service \ 174 --domain-filter=elements.capsps.comcast.net. \ 175 --zone-id-filter=20e8bfd2-3a70-4e1b-8e11-c9c1948528d3 \ 176 --registry=txt \ 177 --txt-owner-id=grizz \ 178 --txt-prefix=txt- \ 179 --namespace=default \ 180 --once \ 181 --dry-run \ 182 --log-level debug 183 184 INFO[0000] running in dry-run mode. No changes to DNS records will be made. 185 INFO[0000] Created Kubernetes client https://some-k8s-cluster.example.com 186 INFO[0001] Zone: [nginx.example.org.] 187 # output skipped 188 ``` 189 190 Having `--dry-run=true` and `--log-level=debug` is a great way to see _exactly_ what VinylDNS is doing or is about to do.