The ExternalDNS
Operator allows you to deploy and manage ExternalDNS, a cluster-internal component which makes Kubernetes resources discoverable through public DNS servers.
Note: This Operator is in the early stages of implementation. For more information, see
ExternalDNS Operator OpenShift Enhancement Proposal.
The following procedure describes how to deploy the ExternalDNS
Operator for AWS.
- Build and push the Operator image to a registry:
$ export IMG=<registry>/<username>/external-dns-operator:latest $ make image-build $ make image-push
- Run the following command to deploy the
ExternalDNS
Operator:$ make deploy
- The previous step deploys the validation webhook, which requires TLS authentication for the webhook server. The
manifests deployed through the
make deploy
command do not contain a valid certificate and key. You must provision a valid certificate and key through other tools. You can use a convenience script,hack/generate-certs.sh
to generate the certificate bundle and patch the validation webhook config.
Important: Do not use the hack/generate-certs.sh script in a production environment.
Run thehack/generate-certs.sh
script with the following inputs:$ hack/generate-certs.sh --service webhook-service --webhook validating-webhook-configuration \ --secret webhook-server-cert --namespace external-dns-operator
- Now you can deploy an instance of ExternalDNS:
-
Run the following command to create the credentials secret for AWS:
$ kubectl -n external-dns-operator create secret generic aws-access-key \ --from-literal=aws_access_key_id=${ACCESS_KEY_ID} \ --from-literal=aws_secret_access_key=${ACCESS_SECRET_KEY}
Note: See this guide for instructions specific to other providers.
-
Run the following command:
# for AWS $ kubectl apply -k config/samples/aws`
Note: For other providers, see
config/samples/
.
-
-
Build and push the bundle image to a registry:
$ export BUNDLE_IMG=<registry>/<username>/external-dns-operator-bundle:latest $ make bundle-image-build $ make bundle-image-push
-
Build and push the image index for
operator-registry
:$ export INDEX_IMG=<registry>/<username>/external-dns-operator-bundle-index:1.0.0 $ make index-image-build $ make index-image-push
-
Create the
Catalogsource
object (you may need to link the registry secret to the pod ofexternal-dns-operator
created in theopenshift-marketplace
namespace):
Note the secret to the pod ofexternal-dns-operator
is part of the bundle created in step 1.$ cat <<EOF | oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: external-dns-operator namespace: openshift-marketplace spec: sourceType: grpc image: <registry>/<username>/external-dns-operator-bundle-index:1.0.0 EOF
-
Create the
external-dns-operator
namespace:$ oc create ns external-dns-operator
-
Create a subscription object to install the Operator:
cat <<EOF | oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: external-dns-operator namespace: external-dns-operator spec: channel: alpha name: external-dns-operator source: external-dns-operator sourceNamespace: openshift-marketplace EOF
Note: You can install the
ExternalDNS
Operator through the web console: Navigate toOperators
->OperatorHub
, search for theExternalDNS operator
, and install the operator.