-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #457 from jvassev/dyn-provider
Add Dyn Provider
- Loading branch information
Showing
34 changed files
with
3,769 additions
and
5 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
# Setting up ExternalDNS for Dyn | ||
|
||
## Creating a Dyn Configuration Secret | ||
|
||
For ExternalDNS to access the Dyn API, create a Kubernetes secret. | ||
|
||
To create the secret: | ||
|
||
``` | ||
$ kubectl create secret generic external-dns \ | ||
--from-literal=EXTERNAL_DNS_DYN_CUSTOMER_NAME=${DYN_CUSTOMER_NAME} \ | ||
--from-literal=EXTERNAL_DNS_DYN_USERNAME=${DYN_USERNAME} \ | ||
--from-literal=EXTERNAL_DNS_DYN_PASSWORD=${DYN_PASSWORD} | ||
``` | ||
|
||
The credentials are the same ones created during account registration. As best practise, you are advised to | ||
create an API-only user that is entitled to only the zones intended to be changed by ExternalDNS | ||
|
||
## Deploy ExternalDNS | ||
The rest of this tutorial assumes you own `example.com` domain and your DNS provider is Dyn. Change `example.com` | ||
with a domain/zone that you really own. | ||
|
||
In case of the dyn provider, the flag `--zone-id-filter` is mandatory as it specifies which zones to scan for records. Without it | ||
|
||
|
||
Create a deployment file called `externaldns.yaml` with the following contents: | ||
|
||
``` | ||
$ cat > externaldns.yaml <<EOF | ||
apiVersion: extensions/v1beta1 | ||
kind: Deployment | ||
metadata: | ||
name: external-dns | ||
spec: | ||
strategy: | ||
type: Recreate | ||
template: | ||
metadata: | ||
labels: | ||
app: external-dns | ||
spec: | ||
containers: | ||
- name: external-dns | ||
image: registry.opensource.zalan.do/teapot/external-dns:v0.4.8 | ||
args: | ||
- --source=ingress | ||
- --txt-prefix=_d | ||
- --namespace=example | ||
- --zone-id-filter=example.com | ||
- --domain-filter=example.com | ||
- --provider=dyn | ||
env: | ||
- name: EXTERNAL_DNS_DYN_CUSTOMER_NAME | ||
valueFrom: | ||
secretKeyRef: | ||
name: external-dns | ||
key: EXTERNAL_DNS_DYN_CUSTOMER_NAME | ||
- name: EXTERNAL_DNS_DYN_USERNAME | ||
valueFrom: | ||
secretKeyRef: | ||
name: external-dns | ||
key: EXTERNAL_DNS_DYN_USERNAME | ||
- name: EXTERNAL_DNS_DYN_PASSWORD | ||
valueFrom: | ||
secretKeyRef: | ||
name: external-dns | ||
key: EXTERNAL_DNS_DYN_PASSWORD | ||
EOF | ||
``` | ||
|
||
As we'll be creating an Ingress resource, you need `--txt-prefix=_d` as a CNAME cannot coexist with a TXT record. You can change the prefix to | ||
any valid start of a FQDN. | ||
|
||
Create the deployment for ExternalDNS: | ||
|
||
``` | ||
$ kubectl create -f externaldns.yaml | ||
``` | ||
|
||
## Running a locally build version | ||
If you just want to test ExternalDNS in dry-run mode locally without doing the above deployment you can also do it. | ||
Make sure your kubectl is configured correctly . Assuming you have the sources, build and run it like so: | ||
|
||
```bash | ||
make | ||
# output skipped | ||
|
||
./build/external-dns \ | ||
--provider=dyn \ | ||
--dyn-customer-name=${DYN_CUSTOMER_NAME} \ | ||
--dyn-username=${DYN_USERNAME} \ | ||
--dyn-password=${DYN_PASSWORD} \ | ||
--domain-filter=example.com \ | ||
--zone-id-filter=example.com \ | ||
--namespace=example \ | ||
--log-level=debug \ | ||
--txt-prefix=_ \ | ||
--dry-run=true | ||
INFO[0000] running in dry-run mode. No changes to DNS records will be made. | ||
INFO[0000] Connected to cluster at https://some-k8s-cluster.example.com | ||
INFO[0001] Zones: [example.com] | ||
# output skipped | ||
``` | ||
|
||
Having `--dry-run=true` and `--log-level=debug` is a great way to see _exactly_ what DynamicDNS is doing or is about to do. | ||
|
||
## Deploying an Ingress Resource | ||
|
||
Create a file called 'test-ingress.yaml' with the following contents: | ||
|
||
```yaml | ||
apiVersion: extensions/v1beta1 | ||
kind: Ingress | ||
metadata: | ||
name: test-ingress | ||
namespace: example | ||
spec: | ||
rules: | ||
- host: test-ingress.example.com | ||
http: | ||
paths: | ||
- backend: | ||
serviceName: my-awesome-service | ||
servicePort: 8080 | ||
|
||
``` | ||
|
||
As the DNS name `test-ingress.example.com` matches the filter, external-dns will create two records: | ||
a CNAME for test-ingress.example.com and TXT for _dtest-ingress.example.com. | ||
|
||
Create the Igress: | ||
|
||
``` | ||
$ kubectl create -f test-ingress.yaml | ||
``` | ||
|
||
By default external-dns scans for changes every minute so give it some time to catch up with the | ||
## Verifying Dyn DNS records | ||
|
||
Login to the console at https://portal.dynect.net/login/ and verify records are created | ||
|
||
## Clean up | ||
|
||
Login to the console at https://portal.dynect.net/login/ and delete the records created. Alternatively, just delete the sample | ||
Ingress resources and external-dns will delete the records. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.