Provider DNS

provider-dns is a Crossplane provider that is built using Upjet code generation tools and exposes XRM-conformant managed resources for the DNS API.

Getting Started

Set Up

First, create a ConfigMap which includes the content of the relevant krb5.conf file. This ConfigMap then needs to be mounted to the provider pod.

$ kubectl create configmap krb5-config --from-file=krb5.conf=/etc/krb5.conf -n crossplane-system

The krb5.conf file should look something like this:

# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/

[logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
    spake_preauth_groups = edwards25519
    default_realm = DANA-DEV.COM
    default_ccache_name = KEYRING:persistent:%{uid}

[realms]
 DANA-DEV.COM = {
     kdc = dana-wdc-1.dana-dev.com
     admin_server = dana-wdc-1.dana-dev.com
     default_domain = dana-dev.com
 }

[domain_realm]
 .dana-dev.com = DANA-DEV.COM
 dana-dev.com = DANA-DEV.COM

Install the provider

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-dns
spec:
  package: ghcr.io/dana-team/provider-dns:<release>
  runtimeConfigRef:
    apiVersion: pkg.crossplane.io/v1beta1
    kind: DeploymentRuntimeConfig
    name: config

apiVersion: pkg.crossplane.io/v1beta1
kind: DeploymentRuntimeConfig
metadata:
  name: config
spec:
  deploymentTemplate:
    spec:
      selector:
        matchLabels:
          pkg.crossplane.io/provider: provider-dns
      template:
        spec:
          containers:
          - args:
            - --debug
            name: package-runtime
            volumeMounts:
            - mountPath: /etc/krb5.conf
              name: krb5-config
              readOnly: true
              subPath: krb5.conf
          volumes:
          - configMap:
              name: krb5-config
            name: krb5-config

Configuration

The provider supports both RFC 2845 and RFC 3645 authentication models, but was only tested with RFC 3645. Each authentication model has different required parameters, refer to the Terraform provider-dns for more details.

To connect to the provider, create the following secret:

apiVersion: v1
kind: Secret
metadata:
  name: example-creds
  namespace: crossplane-system
type: Opaque
stringData:
  credentials: |
    {
      "rfc": "3645",
      "server": "<DNS-SERVER-FQDN>",
      "realm": "<DOMAIN-NAME-IN-CAPS>,
      "username": "<DOMAIN-USER>",
      "password": "<DOMAIN-USER-PASSWORD>"
    }

For example:

apiVersion: v1
kind: Secret
metadata:
  name: example-creds
  namespace: crossplane-system
type: Opaque
stringData:
  credentials: |
    {
      "rfc": "3645",
      "server": "dana-wdc-1.dana-dev.com",
      "realm": "DANA-DEV.COM",
      "username": "dana",
      "password": "KLm&x7Cv%GT@k!"
    }

Then create the ProviderConfig:

apiVersion: dns.dns.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: Secret
    secretRef:
      name: example-creds
      namespace: crossplane-system
      key: credentials

Resources

To Install the CRDs manually, run:

$ make generate
$ kubectl apply -f package/crds

The following table summarizes the available resources:

Name	apiVersion	Namespaced	Kind
ptrs	record.dns.crossplane.io/v1alpha1	false	PTRRecord
cnamerecords	record.dns.crossplane.io/v1alpha1	false	CNAMERecord
aaaarecordsets	recordset.dns.crossplane.io/v1alpha1	false	AAAARecordSet
arecordsets	recordset.dns.crossplane.io/v1alpha1	false	ARecordSet
mxrecordsets	recordset.dns.crossplane.io/v1alpha1	false	MXRecordSet
nsrecordsets	recordset.dns.crossplane.io/v1alpha1	false	NSRecordSet
srvrecordsets	recordset.dns.crossplane.io/v1alpha1	false	SRVRecordSet
txtrecordsets	recordset.dns.crossplane.io/v1alpha1	false	TXTRecordSet

Examples

ARecordSet

apiVersion: recordset.dns.crossplane.io/v1alpha1
kind: ARecordSet
metadata:
  name: crossplane-test
spec:
  forProvider:
    addresses:
      - 10.1.30.1
      - 10.1.30.2
      - 10.1.30.3
    ttl: 3600
    zone: crossplane.dana-dev.com.
    name: testy-test # actual name of the record
  providerConfigRef:
    name: default

In order to create a record in a subdomain, include the subdomain in the name:

apiVersion: recordset.dns.crossplane.io/v1alpha1
kind: ARecordSet
metadata:
  name: crossplane-test-sub
spec:
  forProvider:
    addresses:
      - 10.1.30.1
      - 10.1.30.2
      - 10.1.30.3
    ttl: 3600
    zone: crossplane.dana-dev.com.
    name: testy-test.example-sub # record will be called testy-test in subdomain example-sub
  providerConfigRef:
    name: default

CNAMERecord

apiVersion: record.dns.crossplane.io/v1alpha1
kind: CNAMERecord
metadata:
  name: crossplane-test-caname
spec:
  forProvider:
    cname: testy-test.crossplane.dana-dev.com.
    ttl: 3600
    zone: crossplane.dana-dev.com.
    name: cname-testy-test
  providerConfigRef:
    name: default

For details on how to configure the rest of the resources, use kubectl explain to see the available spec options, and advise with the Terraform provider-dns docs.