Use ExternalDNS to expose an application or service on your Kubernetes cluster through a domain name instead of a difficult-to-understand external IP or random host name.
ExternalDNS is an open source project that supports DNS configurations on many DNS providers. The tool is not a DNS server or provider. Instead, ExternalDNS discovers Kubernetes resources through public DNS servers and configures the resources for supported DNS providers.
This guide uses ExternalDNS to configure domain names in an AWS Route 53 provider, which is one of the stable providers supported by ExternalDNS.
Ensure that the following prerequisites are in place:
-
A Kubernetes cluster on AWS
-
A Flex Gateway deployment to an AWS cluster or a registered Flex Gateway instance (gateway)
For gateway registration and deployment processes, see flex-gateway-set-up.adoc or flex-gateway-k8-getting-started.adoc.
-
An AWS Identity and Access Management (IAM) policy that allows ExternalDNS to update Amazon Route 53 Resource Record Sets and Hosted Zones
To use another target or create the IAM Policy with these permissions, see the ExternalDNS documentation.
Add ExternalDNS (external-dns
) to your cluster by creating and deploying a YAML configuration file with the following content to your cluster:
-
Create a YAML file with the following settings.
apiVersion: apps/v1 kind: Deployment metadata: name: external-dns labels: app.kubernetes.io/name: external-dns spec: strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: external-dns template: metadata: labels: app.kubernetes.io/name: external-dns spec: containers: - name: external-dns image: registry.k8s.io/external-dns/external-dns:v0.13.1 args: - --source=service - --source=ingress - --domain-filter=<your-domain> # makes only hosted zones visible - --provider=aws - --policy=upsert-only # prevents record deletion - --aws-zone-type=public # public zones only - --registry=txt - --txt-owner-id=my-hostedzone-identifier env: - name: AWS_DEFAULT_REGION value: <aws-region> # sets the EKS region # # Uncomment the following settings when using static credentials # - name: AWS_SHARED_CREDENTIALS_FILE # value: /.aws/credentials # volumeMounts: # - name: aws-credentials # mountPath: /.aws # readOnly: true # volumes: # - name: aws-credentials # secret: # secretName: external-dns
-
In your new YAML file, set the following options, as needed, for your deployment:
-
args
options:-
- --domain-filter=<your-domain>
: Make hosted zones that match your domain visible to ExternalDNS. Omit this option to process all available hosted zones.The option is critical for making
external-dns
work as intended. -
- --policy=upsert-only
: Prevent ExternalDNS from deleting any records. Omit this option to enable full synchronization. -
- --aws-zone-type=public
: Make only public hosted zones visible. Valid values arepublic
,private
, or no value for both types of zones.
-
-
env
optionvalue: <aws-region>
: Set the region in which your EKS cluster is installed, for example,us-east-1
.
-
-
If you are using static credentials, remove the comments (
#
) from the lines that contain hiddenenv
andvolumes
configurations. -
Apply the configuration to your cluster by using the following command from a terminal window:
kubectl create --filename <external-dns-yaml> --namespace <your-namespace>
Use the extraAnnotations
parameter with helm upgrade
to set the domain names. This parameter is described in the Helm chart for Flex Gateway (flex-gateway).
-
Create a YAML configuration file to specify an ExternalDNS key and a comma-separated set of domain values.
Replace the placeholder values
<domain-0>,…,<domain-N>
with your domains:extraAnnotations: external-dns.alpha.kubernetes.io/hostname: <domain-0>,...,<domain-N>
-
Use the
-f
option to pass your configuration file to thehelm upgrade
command.The command options to use depend on whether your registered gateway is deployed to a cluster:
-
If you are deploying Flex Gateway to the cluster for the first time, run the following command, replacing the placeholder values with the path to your gateway’s registration YAML file (by default,
registration.yaml
) and your domain names:helm -n gateway upgrade \ -i --create-namespace \ --wait ingress flex-gateway/flex-gateway \ --set-file registration.content=<path-to-registration> \ -f <your-YAML-config-file>
-
If you are updating a running gateway with the annotation, run the following command:
helm -n gateway upgrade \ --wait ingress flex-gateway/flex-gateway \ --reuse-values \ -f <your-YAML-config-file>
-