Deploy ExternalDNS¶
In this section you will configure and deploy ExternalDNS using an IAM role to provide it with permissions to manage DNS records on Route 53.
Fast Forward
If you have already deployed ExternalDNS and configured it to manage DNS records for your hosted zone domain for serving, expand this box to fast-forward.
- Proceed to the Verify section.
See also
Choose one of the following options to deploy ExternalDNS:
Air Gapped
ExternalDNS will not be able to access Amazon Route 53 because there is no VPC endpoint. You may proceed to the What’s Next section.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
- An existing Amazon Route 53 hosted zone.
- An existing IAM role for ExternalDNS.
Option 1: Deploy ExternalDNS Automatically (preferred)¶
Deploy ExternalDNS by following the on-screen instructions on the rok-deploy
user interface.
If rok-deploy
is not already running, start it with:

Proceed to the Summary section.
Option 2: Deploy ExternalDNS Manually¶
If you want to deploy ExternalDNS manually, follow the instructions below.
Note
If you have exposed EKF with ALB, it means you already have an ExternalDNS deployment. In this case, you may have already run part of this procedure. However, run this procedure again, as you need to make extra configurations.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsRestore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.{eks-alb-zone,eks-alb-iam-edns,serving-eks-alb-zone})root@rok-tools:~/ops/deployments# export EKS_ALB_ZONE_DOMAIN EKS_ALB_IAM_EDNS_ROLE SERVING_EKS_ALB_ZONE_DOMAINNote
EKS_ALB_ZONE_DOMAIN
may be unset if you have not gone through Deploy ExternalDNS already.Edit
rok/external-dns/overlays/deploy/kustomization.yaml
and useeks
as base:bases: - ../eks #- ../gkeEdit
rok/external-dns/overlays/deploy/kustomization.yaml
and enable only thesa
anddeploy
patches:patches: - path: patches/sa.yaml #- path: patches/sa-gcp.yaml - target: kind: Deployment name: external-dns path: patches/deploy.yaml #- target: # kind: Deployment # name: external-dns # path: patches/deploy-gcp.yamlRender the ExternalDNS deployment patch template with the variables you have specified:
root@rok-tools:~/ops/deployments# j2 \ > rok/external-dns/overlays/deploy/patches/deploy.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/deploy.yamlObtain the ARN of the IAM role for ExternalDNS:
root@rok-tools:~/ops/deployments# export ROLE_ARN=$(aws iam get-role \ > --role-name ${EKS_ALB_IAM_EDNS_ROLE?} \ > --query Role.Arn \ > --output text)Render the ExternalDNS service account patch template with the variables you have specified:
root@rok-tools:~/ops/deployments# j2 rok/external-dns/overlays/deploy/patches/sa.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/sa.yamlEdit
rok/external-dns/overlays/deploy/kustomization.yaml
and enable thedomain-filter-serving
patch:patches: ... - target: kind: Deployment name: external-dns path: patches/domain-filter-serving.yamlRender the domain related patch template with the variables you have specified:
root@rok-tools:~/ops/deployments# j2 \ > rok/external-dns/overlays/deploy/patches/domain-filter-serving.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/domain-filter-serving.yamlCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Deploy ExternalDNS"Deploy ExternalDNS:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/external-dns/overlays/deploy