Deploy ExternalDNS

In this section you will configure and deploy ExternalDNS using an IAM role to provide it with permissions to manage DNS records on Route 53.

Choose one of the following options to deploy ExternalDNS:

Option 1: Deploy ExternalDNS Automatically (preferred)

Deploy ExternalDNS by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from eks-alb-edns
../../../../_images/eks-alb-edns.png

Proceed to the Summary section.

Option 2: Deploy ExternalDNS Manually

If you want to deploy ExternalDns manually, follow the instructions below.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Restore the required context from previous sections:

    root@rok-tools:~/ops/deployments# source <(cat deploy/env.{envvars-aws,eks-cluster,\ > eks-alb-zone,eks-alb-iam-edns})
    root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION EKS_CLUSTER \ > EKS_ALB_ZONE_DOMAIN EKS_ALB_IAM_EDNS_ROLE
  3. Define the owner ID for ExternalDNS:

    root@rok-tools:~/ops/deployments# export EKS_ALB_EDNS_OWNER=rok-\ > ${AWS_DEFAULT_REGION?}-${EKS_CLUSTER?}
  4. Edit rok/external-dns/overlays/deploy/kustomization.yaml and enable only the sa and deploy patches:

    patches: - path: patches/sa.yaml #- path: patches/sa-gcp.yaml - target: kind: Deployment name: external-dns path: patches/deploy.yaml #- target: # kind: Deployment # name: external-dns # path: patches/deploy-gcp.yaml # - target: # kind: Deployment # name: external-dns # path: patches/domain-filter-serving.yaml
  5. Render the ExternalDNS deployment patch template with the variables you have specified:

    root@rok-tools:~/ops/deployments# j2 \ > rok/external-dns/overlays/deploy/patches/deploy.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/deploy.yaml
  6. Obtain the ARN of the IAM role for ExternalDNS:

    root@rok-tools:~/ops/deployments# export ROLE_ARN=$(aws iam get-role \ > --role-name ${EKS_ALB_IAM_EDNS_ROLE?} \ > --query Role.Arn \ > --output text)
  7. Render the ExternalDNS service account patch template with the variables you have specified:

    root@rok-tools:~/ops/deployments# j2 rok/external-dns/overlays/deploy/patches/sa.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/sa.yaml
  8. Save your state:

    root@rok-tools:~/ops/deployments# rok-j2 deploy/env.eks-alb-edns.j2 \ > -o deploy/env.eks-alb-edns
  9. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Deploy ExternalDNS"
  10. Deploy ExternalDNS:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/external-dns/overlays/deploy
  11. Mark your progress:

    root@rok-tools:~/ops/deployments# export DATE=$(date -u "+%Y-%m-%dT%H.%M.%SZ")
    root@rok-tools:~/ops/deployments# git tag \ > -a deploy/${DATE?}/release-2.0/eks-alb-edns \ > -m "Deploy ExternalDNS"

Verify

  1. Verify that the ExternalDNS deployment is up-and-running. Verify field READY is 1/1:

    root@rok-tools:~# kubectl get deploy/external-dns NAME READY UP-TO-DATE AVAILABLE AGE external-dns 1/1 1 1 1m

Summary

You have successfully deployed ExternalDNS and allowed it to access your Amazon Route 53 hosted zone.

What’s Next

The next step is to create an ACM certificate for your domain.