Deploy ExternalDNS¶
In this section you will configure and deploy ExternalDNS using an IAM role to provide it with permissions to manage DNS records on Route 53.
Fast Forward
If you have already deployed ExternalDNS, expand this box to fast-forward.
- Proceed to the Verify section.
See also
Choose one of the following options to deploy ExternalDNS:
Air Gapped
ExternalDNS will not be able to access Amazon Route 53 because there is no VPC endpoint. You may proceed to the What’s Next section.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
- An existing Amazon Route 53 hosted zone.
- An existing IAM role for ExternalDNS.
Option 1: Deploy ExternalDNS Automatically (preferred)¶
Deploy ExternalDNS by following the on-screen instructions on the rok-deploy
user interface.
If rok-deploy
is not already running, start it with:
Proceed to the Summary section.
Option 2: Deploy ExternalDNS Manually¶
If you want to deploy ExternalDns manually, follow the instructions below.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsRestore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.{envvars-aws,eks-cluster,\ > eks-alb-zone,eks-alb-iam-edns})root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION EKS_CLUSTER \ > EKS_ALB_ZONE_DOMAIN EKS_ALB_IAM_EDNS_ROLEDefine the owner ID for ExternalDNS:
root@rok-tools:~/ops/deployments# export EKS_ALB_EDNS_OWNER=rok-\ > ${AWS_DEFAULT_REGION?}-${EKS_CLUSTER?}Edit
rok/external-dns/overlays/deploy/kustomization.yaml
and useeks
as base:bases: - ../eks #- ../gkeEdit
rok/external-dns/overlays/deploy/kustomization.yaml
and enable only thesa
anddeploy
patches:patches: - path: patches/sa.yaml #- path: patches/sa-gcp.yaml - target: kind: Deployment name: external-dns path: patches/deploy.yaml #- target: # kind: Deployment # name: external-dns # path: patches/deploy-gcp.yaml # - target: # kind: Deployment # name: external-dns # path: patches/domain-filter-serving.yamlRender the ExternalDNS deployment patch template with the variables you have specified:
root@rok-tools:~/ops/deployments# j2 \ > rok/external-dns/overlays/deploy/patches/deploy.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/deploy.yamlObtain the ARN of the IAM role for ExternalDNS:
root@rok-tools:~/ops/deployments# export ROLE_ARN=$(aws iam get-role \ > --role-name ${EKS_ALB_IAM_EDNS_ROLE?} \ > --query Role.Arn \ > --output text)Render the ExternalDNS service account patch template with the variables you have specified:
root@rok-tools:~/ops/deployments# j2 rok/external-dns/overlays/deploy/patches/sa.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/sa.yamlCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Deploy ExternalDNS"Deploy ExternalDNS:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/external-dns/overlays/deploy