Deploy ExternalDNS

In this section you will configure and deploy ExternalDNS using an IAM role to provide it with permissions to manage DNS records on Route 53.

Fast Forward

If you have already deployed ExternalDNS and configured it to manage DNS records for your hosted zone domain for serving, expand this box to fast-forward.

  1. Proceed to the Verify section.

See also

Choose one of the following options to deploy ExternalDNS:

Air Gapped

ExternalDNS will not be able to access Amazon Route 53 because there is no VPC endpoint. You may proceed to the What’s Next section.

Option 1: Deploy ExternalDNS Automatically (preferred)

Deploy ExternalDNS by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from eks-alb-edns
../../../../_images/eks-alb-edns.png

Proceed to the Summary section.

Option 2: Deploy ExternalDNS Manually

If you want to deploy ExternalDNS manually, follow the instructions below.

Note

If you have exposed EKF with ALB, it means you already have an ExternalDNS deployment. In this case, you may have already run part of this procedure. However, run this procedure again, as you need to make extra configurations.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments

  2. Restore the required context from previous sections:

    root@rok-tools:~/ops/deployments# source <(cat deploy/env.{eks-alb-zone,eks-alb-iam-edns,serving-eks-alb-zone})
    root@rok-tools:~/ops/deployments# export EKS_ALB_ZONE_DOMAIN EKS_ALB_IAM_EDNS_ROLE SERVING_EKS_ALB_ZONE_DOMAIN

    Note

    EKS_ALB_ZONE_DOMAIN may be unset if you have not gone through Deploy ExternalDNS already.

  3. Edit rok/external-dns/overlays/deploy/kustomization.yaml and use eks as base:

    bases: - ../eks #- ../gke

  4. Edit rok/external-dns/overlays/deploy/kustomization.yaml and enable only the sa and deploy patches:

    patches: - path: patches/sa.yaml #- path: patches/sa-gcp.yaml - target: kind: Deployment name: external-dns path: patches/deploy.yaml #- target: # kind: Deployment # name: external-dns # path: patches/deploy-gcp.yaml

  5. Render the ExternalDNS deployment patch template with the variables you have specified:

    root@rok-tools:~/ops/deployments# j2 \ > rok/external-dns/overlays/deploy/patches/deploy.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/deploy.yaml

  6. Obtain the ARN of the IAM role for ExternalDNS:

    root@rok-tools:~/ops/deployments# export ROLE_ARN=$(aws iam get-role \ > --role-name ${EKS_ALB_IAM_EDNS_ROLE?} \ > --query Role.Arn \ > --output text)

  7. Render the ExternalDNS service account patch template with the variables you have specified:

    root@rok-tools:~/ops/deployments# j2 rok/external-dns/overlays/deploy/patches/sa.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/sa.yaml

  8. Edit rok/external-dns/overlays/deploy/kustomization.yaml and enable the domain-filter-serving patch:

    patches: ... - target: kind: Deployment name: external-dns path: patches/domain-filter-serving.yaml

  9. Render the domain related patch template with the variables you have specified:

    root@rok-tools:~/ops/deployments# j2 \ > rok/external-dns/overlays/deploy/patches/domain-filter-serving.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/domain-filter-serving.yaml

  10. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Deploy ExternalDNS"

  11. Deploy ExternalDNS:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/external-dns/overlays/deploy

Verify

  1. Verify that the ExternalDNS deployment is up-and-running. Verify field READY is 1/1:

    root@rok-tools:~# kubectl get deploy/external-dns NAME READY UP-TO-DATE AVAILABLE AGE external-dns 1/1 1 1 1m

Summary

You have successfully deployed ExternalDNS and allowed it to access your Amazon Route 53 hosted zone.

What’s Next

The next step is to create an ACM certificate for your domain.