Category: loadbalancer

External-dns with Kubernetes

External-dns with Kubernetes

One of the thing I’ve done enough at work is to get cname associated with any new web service I am deploying. The process was straight forward:

1. decide a cname
2. open a ticket for team that manages LAB DNS
3. someone from the team checks the ticket and create a new DNS entry

This all looks reasonable until you use external-dns, a Kubernetes incubator project, to start managing your domains. When deploying a load balancer or ingress, just add an annotation and external-dns will go and update your DNS entry automatically. in the DNS of your choice !!

---
apiVersion: v1
kind: Service
metadata:
  name: your-service
  labels:
    app: your-service
  annotations:
    external-dns.alpha.kubernetes.io/hostname: your-service.your-domain.com
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: your-arn-address-for-cert
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
spec:
  type: LoadBalancer
  ports:
    - port: 8443
      targetPort: 8443
      name: https
  selector:
    app: your-service

Observe the annotation external-dns.alpha.kubernetes.io/hostname

To get this functionality, you need to start external-dns pod whose typical deployment looks like below:

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: external-dns
  name: external-dns
spec:
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      containers:
        - name: external-dns
          image: registry.opensource.zalan.do/teapot/external-dns:v0.4.8
          imagePullPolicy: IfNotPresent
          args:
            - --log-level=info
            - --domain-filter=your-domain.com
            - --policy=sync
            - --provider=aws
            - --source=service
            - --source=ingress
            - --registry=txt
            - --txt-owner-id=any-identifier-string
      serviceAccountName: external-dns

–domain-filter specify the parent domain for which subdomains will be managed
–source specify which sources to consider when scraping the annotations
–policy specify which if you want to keep DNS records in sync or just want to add new records
–provider specify which DNS provider to use

–registry=txt and
–txt-owner-id=any-identifier-string if specified, add a TXT record for every record to identify itself as owner of that record

Once you start using it, its addicting. No longer need to remember those ugly load balancer names or IP address. Power to #Kubernetes community.