-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
921 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,251 @@ | ||
# Setting up ExternalDNS for Services on OVH | ||
|
||
This tutorial describes how to setup ExternalDNS for use within a | ||
Kubernetes cluster using OVH DNS. | ||
|
||
Make sure to use **>=0.6** version of ExternalDNS for this tutorial. | ||
|
||
## Creating a zone with OVH DNS | ||
|
||
If you are new to OVH, we recommend you first read the following | ||
instructions for creating a zone. | ||
|
||
[Creating a zone using the OVH manager](https://docs.ovh.com/gb/en/domains/create_a_dns_zone_for_a_domain_which_is_not_registered_at_ovh/) | ||
|
||
[Creating a zone using the OVH API](https://api.ovh.com/console/) | ||
|
||
## Creating OVH Credentials | ||
|
||
You first need to create an OVH application. | ||
|
||
Using the [OVH documentation](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/#creation-of-your-application-keys) you will have your `Application key` and `Application secret` | ||
|
||
And you will need a `Consumer key`, you can ask `External DNS` to generate that for you, using the `--ovh-generate-consumer` option. | ||
|
||
```yaml | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: external-dns | ||
spec: | ||
strategy: | ||
type: Recreate | ||
selector: | ||
matchLabels: | ||
app: external-dns | ||
template: | ||
metadata: | ||
labels: | ||
app: external-dns | ||
spec: | ||
containers: | ||
- name: external-dns | ||
image: registry.opensource.zalan.do/teapot/external-dns:latest | ||
args: | ||
- --provider=ovh | ||
- --ovh-generate-consumer | ||
env: | ||
- name: OVH_APPLICATION_KEY | ||
value: "YOUR_OVH_APPLICATION_KEY" | ||
- name: OVH_APPLICATION_SECRET | ||
value: "YOUR_OVH_APPLICATION_SECRET" | ||
``` | ||
|
||
In log, you will have two log lines : | ||
``` | ||
INFO[0000] Generated consumer key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | ||
INFO[0000] Please visit https://eu.api.ovh.com/auth/?credentialToken=YYYYYYYYYYYYYY to validate it | ||
``` | ||
|
||
Keep the `Consumer key` and go to the link to allow external dns to manage your OVH Dns zone. | ||
|
||
You can also generate the key manually, here the access needed : | ||
- GET on `/domain/zone` | ||
- GET on `/domain/zone/*/record` | ||
- POST on `/domain/zone/*/record` | ||
- PUT on `/domain/zone/*/record` | ||
- DELETE on `/domain/zone/*/record` | ||
- GET on `/domain/zone/*/record/*` | ||
- POST on `/domain/zone/*/record/*` | ||
- PUT on `/domain/zone/*/record/*` | ||
- DELETE on `/domain/zone/*/record/*` | ||
- POST on `/domain/zone/*/refresh` | ||
|
||
## Deploy ExternalDNS | ||
|
||
Connect your `kubectl` client to the cluster with which you want to test ExternalDNS, and then apply one of the following manifest files for deployment: | ||
|
||
### Manifest (for clusters without RBAC enabled) | ||
|
||
```yaml | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: external-dns | ||
spec: | ||
strategy: | ||
type: Recreate | ||
selector: | ||
matchLabels: | ||
app: external-dns | ||
template: | ||
metadata: | ||
labels: | ||
app: external-dns | ||
spec: | ||
containers: | ||
- name: external-dns | ||
image: registry.opensource.zalan.do/teapot/external-dns:latest | ||
args: | ||
- --source=service # ingress is also possible | ||
- --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above. | ||
- --provider=ovh | ||
env: | ||
- name: OVH_APPLICATION_KEY | ||
value: "YOUR_OVH_APPLICATION_KEY" | ||
- name: OVH_APPLICATION_SECRET | ||
value: "YOUR_OVH_APPLICATION_SECRET" | ||
- name: OVH_CONSUMER_KEY | ||
value: "YOUR_OVH_CONSUMER_KEY_AFTER_VALIDATED_LINK" | ||
``` | ||
|
||
### Manifest (for clusters with RBAC enabled) | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: external-dns | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
kind: ClusterRole | ||
metadata: | ||
name: external-dns | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["services"] | ||
verbs: ["get","watch","list"] | ||
- apiGroups: [""] | ||
resources: ["pods"] | ||
verbs: ["get","watch","list"] | ||
- apiGroups: ["extensions"] | ||
resources: ["ingresses"] | ||
verbs: ["get","watch","list"] | ||
- apiGroups: [""] | ||
resources: ["nodes"] | ||
verbs: ["list"] | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: external-dns-viewer | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: external-dns | ||
subjects: | ||
- kind: ServiceAccount | ||
name: external-dns | ||
namespace: default | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: external-dns | ||
spec: | ||
strategy: | ||
type: Recreate | ||
selector: | ||
matchLabels: | ||
app: external-dns | ||
template: | ||
metadata: | ||
labels: | ||
app: external-dns | ||
spec: | ||
serviceAccountName: external-dns | ||
containers: | ||
- name: external-dns | ||
image: registry.opensource.zalan.do/teapot/external-dns:latest | ||
args: | ||
- --source=service # ingress is also possible | ||
- --domain-filter=example.com # (optional) limit to only example.com domains; change to match the zone created above. | ||
- --provider=ovh | ||
env: | ||
- name: OVH_APPLICATION_KEY | ||
value: "YOUR_OVH_APPLICATION_KEY" | ||
- name: OVH_APPLICATION_SECRET | ||
value: "YOUR_OVH_APPLICATION_SECRET" | ||
- name: OVH_CONSUMER_KEY | ||
value: "YOUR_OVH_CONSUMER_KEY_AFTER_VALIDATED_LINK" | ||
``` | ||
|
||
## Deploying an Nginx Service | ||
|
||
Create a service file called 'nginx.yaml' with the following contents: | ||
|
||
```yaml | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: nginx | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: nginx | ||
template: | ||
metadata: | ||
labels: | ||
app: nginx | ||
spec: | ||
containers: | ||
- image: nginx | ||
name: nginx | ||
ports: | ||
- containerPort: 80 | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: nginx | ||
annotations: | ||
external-dns.alpha.kubernetes.io/hostname: example.com | ||
external-dns.alpha.kubernetes.io/ttl: "120" #optional | ||
spec: | ||
selector: | ||
app: nginx | ||
type: LoadBalancer | ||
ports: | ||
- protocol: TCP | ||
port: 80 | ||
targetPort: 80 | ||
``` | ||
|
||
**A note about annotations** | ||
|
||
Verify that the annotation on the service uses the same hostname as the OVH DNS zone created above. The annotation may also be a subdomain of the DNS zone (e.g. 'www.example.com'). | ||
|
||
The TTL annotation can be used to configure the TTL on DNS records managed by ExternalDNS and is optional. If this annotation is not set, the TTL on records managed by ExternalDNS will default to 10. | ||
|
||
ExternalDNS uses the hostname annotation to determine which services should be registered with DNS. Removing the hostname annotation will cause ExternalDNS to remove the corresponding DNS records. | ||
|
||
### Create the deployment and service | ||
|
||
``` | ||
$ kubectl create -f nginx.yaml | ||
``` | ||
|
||
Depending on where you run your service, it may take some time for your cloud provider to create an external IP for the service. Once an external IP is assigned, ExternalDNS detects the new service IP address and synchronizes the OVH DNS records. | ||
|
||
## Verifying OVH DNS records | ||
|
||
Use the OVH manager or API to verify that the A record for your domain shows the external IP address of the services. | ||
|
||
## Cleanup | ||
|
||
Once you successfully configure and verify record management via ExternalDNS, you can delete the tutorial's example: | ||
|
||
``` | ||
$ kubectl delete -f nginx.yaml | ||
$ kubectl delete -f externaldns.yaml | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.