Versions Compared

Old Version 13

changes.mady.by.user Kam Heng Choy

Saved on

compared with

New Version 14

changes.mady.by.user Kam Heng Choy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To install ExternalDNS, follow these steps:

  1. Add the bitnami helm repositoryCreate a Kubernetes secret containing the Oracle Cloud Infrastructure user authentication details for ExternalDNS to use when connecting to the Oracle Cloud Infrastructure API to insert and update DNS records in the DNS zone. Create a credentials file named oci.yaml and populate with the following content:

    Code Block
    languagebash
    helmauth:
repo add bitnami https://charts.bitnami.com/bitnami

  2. Update the helm repository to get the latest software:

    Code Block
    languagebash
    helm repo update

  3. Create a file called external-dns-values.yaml and populate it with the following helm values:

    Code Block
    languageyaml
    aws:
  zoneType: public
domainFilters:
  - <eks_domain_zone_name from terraform output>
policy: sync
provider: aws
txtOwnerId: <eks_domain_zone_id from terraform output>
serviceAccount:
  create: false
  name: external-dns region: <region-identifier>
  tenancy: <tenancy-ocid>
  user: <user-ocid>
  key: |
    -----BEGIN RSA PRIVATE KEY-----
   <private-key>
    -----END RSA PRIVATE KEY-----
  fingerprint: <fingerprint>
  # Omit if there is not a password for the key
  passphrase: <passphrase>
compartment: <compartment-ocid>

  4. Create a Kubernetes secret named external-dns-config from the credentials file you just created.

Code Block
kubectl create secret generic external-dns-config --from-file=oci.yaml

  1. Create a configuration file (for example, called external-dns-deployment.yaml) to create the ExternalDNS deployment, and specify the name of the Kubernetes secret you just created.

    Code Block
    languageyaml
    apiVersion: v1
kind: ServiceAccount
metadata:
  name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: external-dns
rules:
- apiGroups: [""]
  resources: ["services","endpoints","pods"]
  verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["get","watch","list"]
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: external-dns-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: external-dns
subjects:
- kind: ServiceAccount
  name: external-dns
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: external-dns
spec:
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: external-dns
  template:
    metadata:
      labels:
        app: external-dns
    spec:
      serviceAccountName: external-dns
      containers:
      - name: external-dns
        image: k8s.gcr.io/external-dns/external-dns:v0.7.3
        args:
        - --source=service
        - --source=ingress
        - --provider=oci
        - --txt-owner-id=<ocid of the DNS zone>
        volumeMounts:
          - name: config
            mountPath: /etc/kubernetes/
      volumes:
      - name: config
        secret:
          secretName: external-dns-config
Info

Helm install command assumes service account for ExternalDNS already exists.

Service Account name set to metadata.name under iam.serviceAccounts portion in the uepe-eks.yaml file in Set Up Kubernetes Cluster - AWS section

...