diff --git a/modules/installing-aws-managing-dns-solution.adoc b/modules/installing-aws-managing-dns-solution.adoc new file mode 100644 index 000000000000..cc47042849da --- /dev/null +++ b/modules/installing-aws-managing-dns-solution.adoc @@ -0,0 +1,35 @@ + +:_mod-docs-content-type: PROCEDURE +[id="installation-aws-enabling-user-managed-DNS_{context}"] += Enabling a user-managed DNS + +You can install a cluster with a domain name server (DNS) solution that you manage instead of the default cluster-provisioned DNS solution. As a result, you can manage the API and Ingress DNS records in your own system rather than adding the records to the DNS of the cloud. For example, your organization's security policies might not allow the use of public DNS services such as Google Cloud DNS. In such scenarios, you can use your own DNS service to bypass the public DNS service and manage your own DNS for the IP addresses of the API and Ingress services. + +If you enable user-managed DNS during installation, the installation program provisions DNS records for the API and Ingress services only within the cluster. To ensure access from outside the cluster, you must provision the DNS records in an external DNS service of your choice for the API and Ingress services after installation. + +:FeatureName: User-provisioned DNS +include::snippets/technology-preview.adoc[leveloffset=+1] + +.Prerequisites + +* You installed the `jq` package. + +.Procedure +* Before you deploy your cluster, use a text editor to open the `install-config.yaml` file and add the following stanza: +** To enable user-managed DNS: ++ +[source,yaml] +---- +featureSet: CustomNoUpgrade +featureGates: ["GCPClusterHostedDNS=true"] + +# ... + +platform: + gcp: + userProvisionedDNS: Enabled <1> +---- +<1> Enable DNS management. + + +For information about provisioning your DNS records for the API server and the Ingress services, see "Provisioning your own DNS records". diff --git a/modules/installing-aws-provisioning-dns-records.adoc b/modules/installing-aws-provisioning-dns-records.adoc new file mode 100644 index 000000000000..46467ca9bc3f --- /dev/null +++ b/modules/installing-aws-provisioning-dns-records.adoc @@ -0,0 +1,40 @@ +:_mod-docs-content-type: PROCEDURE +[id="installation-aws-provisioning-own-dns-records_{context}"] += Provisioning your own DNS records + +Before you use this feature, you must add the `userProvisionedDNS` parameter to the `install-config.yaml` file and enable the parameter. For more information, see "Enabling a user-managed DNS". + +Use the IP address of the API server to provision your own DNS record with the `api...` hostname by using your cluster name and base cluster domain. Use the IP address of the Ingress service to provision your own DNS record with the `*.apps...` hostname by using your cluster name and base cluster domain. + + +:FeatureName: User-provisioned DNS +include::snippets/technology-preview.adoc[leveloffset=+1] + +.Prerequisites + +* You installed the `gcloud` CLI tool. + +.Procedure + +. To find the IP address of the API server and then provision the corresponding DNS record, use the `gcloud` CLI to run the following command: ++ +[source,terminal] +---- +$ gcloud compute forwarding-rules describe --global "${infra_id}-apiserver" --format json | jq -r .IPAddress +---- +. Use the IP address to provision your own DNS record with the `api...` hostname by using your cluster name and base cluster domain. + +. Use the `gcloud` CLI to find the IP address of the Ingress service and then provision the corresponding DNS record. +.. To find the forwarding rule for the Ingress service, run the following command: ++ +[source,terminal] +---- +$ ingress_forwarding_rule=$(gcloud compute target-pools list --format=json --filter="instances[]~${infra_id}" | jq -r .[].name) +---- +.. To use the forwarding rule value to find the IP address of the Ingress service, run the following command: ++ +[source,terminal] +---- +$ ingress_ip_address=$(gcloud compute forwarding-rules describe --region "${region}" "${ingress_forwarding_rule}" --format json | jq -r .IPAddress) +---- +. Use the IP address to provision your own DNS record with the `*.apps...` hostname by using your cluster name and base cluster domain.