Deploy ExternalDNS

In this section you will configure and deploy ExternalDNS using an IAM role to provide it with permissions to manage DNS records on Route 53.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
    
  2. Specify the IAM role name for ExternalDNS:

    root@rok-tools:~/ops/deployments# export IAM_ROLE_NAME=eks-external-dns-${CLUSTERNAME?}
    
  3. Verify that the IAM role exists, obtain its ARN and copy it to your clipboard, as you are going to use this value in later steps:

    root@rok-tools:~/ops/deployments# aws iam get-role \
    >     --role-name ${IAM_ROLE_NAME?} \
    >     --query Role.Arn \
    >     --output text
    arn:aws:iam::123456789012:role/eks-external-dns-arrikto-cluster
    
  4. Edit rok/external-dns/overlays/deploy/kustomization.yaml and use eks as base:

    bases:
    - ../eks
    #- ../gke
    
  5. Edit rok/external-dns/overlays/deploy/kustomization.yaml and enable only the sa and deploy patches:

    patches:
    - path: patches/sa.yaml
    #- path: patches/sa-gcp.yaml
    - target:
        kind: Deployment
        name: external-dns
      path: patches/deploy.yaml
    #- target:
    #    kind: Deployment
    #    name: external-dns
    #  path: patches/deploy-gcp.yaml
    
  6. Edit rok/external-dns/overlays/deploy/patches/deploy.yaml and set --domain-filter to your domain:

    - --domain-filter=apps.example.com  # <-- Update this line with your DOMAIN
    
  7. Edit rok/external-dns/overlays/deploy/patches/sa.yaml and set the IAM role related annotation to the ARN of your IAM role for ExternalDNS:

    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/eks-external-dns # <-- Update this line with your IAM role
    
  8. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Deploy ExternalDNS on EKS"
    
  9. Deploy ExternalDNS:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/external-dns/overlays/deploy
    

Verify

  1. Verify that the ExternalDNS deployment is up-and-running. Verify field READY is 1/1:

    root@rok-tools:~/ops/deployments# kubectl get deploy/external-dns
    NAME           READY   UP-TO-DATE   AVAILABLE   AGE
    external-dns   1/1     1            1           1m
    

Summary

You have successfully deployed ExternalDNS and allowed it to access your Amazon Route 53 hosted zone.

What’s Next

The next step is to create an ACM certificate for your domain.