[WIP] Support for Azure DNS on AKS

[sebader]

Work in progress - just opening for transparency already

This PR adds support for Azure DNS when running on AKS.

For now it only supports using the kubelet identity to authenticate against the Azure DNS zone with external-dns. One could add support for service principals as well, but that requires to store the client secret which I wanted to avoid for now. Once workload identities become available on AKS (successor of pod identity), that should be added, since using kubelet identity means, that all pods running on AKS will have access to that DNS zone. So it is not ideal but it is a first working version.

Working/implemented:

• Helm chart updates to deploy. This mostly is about providing the required properties to external-dns

Missing/WIP

• NS support for Azure DNS in external-dns. I managed this with a custom build of external-dns. Adding NS support for Azure DNS kubernetes-sigs/external-dns#2835
• Documentation and samples
• Requires Count with LoadBalancer IP in Service status #911 to be merged and made available in k8gb

Closes #642

[ytsarev]

@sebader how does it look with this work? Do you need any help? We really want Azure support :)

[sebader]

@sebader Sebastian Bader FTE how does it look with this work? Do you need any help? We really want Azure support :)

I didnt have time in the last few weeks to keep working further on this. However, I do have a working prototype running. Biggest blocker at the moment is my open PR on external-dns which adds NS support for Azure DNS. Any help to get that moving forward is much appreciated.

Apart from that it will be mostly documentation that needs to be written - and possibly end-to-end tests. I don't have any understanding so far how your test suite for k8gb works.

[ytsarev]

@sebader we can temporarily fork external-dns and run the custom build to unblock ( it's not the first time we will do it).

[sebader]

Ok. Let me try to find some time soon to continue here and build out the terraform templates to get the infrastructure set up for Azure.

I'll obviously start with the public load balancing setup. But the original reason why I actually started all this work was to get to an internal global load balancer. I have that setup working, too. So as a later step I'll try to add the required setup for that as well.

[ytsarev]

Both internal and public cases are super interesting, thanks!

[ytsarev]

Hi @sebader, we just switched to our own fork of external-dns here #1134 . The fork incorporates the support of NS record implementation for Azure. Do you want to revive the work on this PR? Please let me know if you need any help. It will be great to finalize your great work here 👍 Thanks a lot!

[sebader]

this is great to hear @ytsarev! I'll see if I can grab some time (and refresh my memory first :D) I would also make the switch to Workload Identity if possible, now that this is (almost) GA on Azure

[netlify]

✅ Deploy Preview for k8gb-preview ready!

Name	Link
🔨 Latest commit	9c2bcfd
🔍 Latest deploy log	https://app.netlify.com/sites/k8gb-preview/deploys/6437b3b86831050008af0e43
😎 Deploy Preview	https://deploy-preview-912--k8gb-preview.netlify.app/
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[ytsarev]

Implemented by #1525 and #1593 . NS record support is implemented in external-dns fork

@sebader thank you so much for the initial implementation! Closing this PR as effectively completed.