Upgrade ExternalDNS¶
This guide will walk you through upgrading ExternalDNS.
Fast Forward
If you have not deployed ExternalDNS in your cluster, proceed to the What’s Next section.
Fast Forward
If you have already upgraded ExternalDNS, meaning you are upgrading from EKF 1.5-rc1 or later, proceed to the Verify section.
What You’ll Need¶
- An upgraded management environment.
- An existing Kubernetes cluster.
- An existing Rok deployment.
- Your local clone of the Arrikto GitOps repository.
- Arrikto manifests for EKF version 1.5.3.
Check Your Environment¶
Verify that you have deployed the ExternalDNS deployment in your cluster. Ensure that field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl get deploy external-dns NAME READY UP-TO-DATE AVAILABLE AGE external-dns 1/1 1 1 1m
Procedure¶
Warning
The following steps involve deleting and re-creating the DNS records for your EKF services. This means that end-users might face temporary connectivity issues while you are upgrading ExternalDNS. Moreover, due to negative caching, the subdomain (FQDN) of the Load Balancer might not be reachable for up to 30 minutes after the upgrade, depending on the SOA record of the DNS zone. Therefore, we recommend that you upgrade ExternalDNS in a period of inactivity.
Go to your GitOps repository, inside your
rok-toolsmanagement environment:root@rok-tools:~# cd ~/ops/deploymentsSpecify the selected DNS name suffix (domain) for your DNS zone:
root@rok-tools:~/ops/deployments# source deploy/env.eks-alb-zoneroot@rok-tools:~/ops/deployments# export EKS_ALB_ZONE_DOMAINWe do not support deploying ExternalDNS on Azure.
root@rok-tools:~/ops/deployments# export DOMAIN=<DOMAIN>Replace
<DOMAIN>with your selected domain. For example:root@rok-tools:~/ops/deployments# export DOMAIN=apps.example.comSee also
See the Expose EKF guide for more info about your selected domain and subdomain.
Specify the selected subdomain (FQDN) of your Load Balancer:
root@rok-tools:~/ops/deployments# source deploy/env.eks-alb-acmroot@rok-tools:~/ops/deployments# export EKS_ALB_ACM_SUBDOMAINWe do not support deploying ExternalDNS on Azure.
root@rok-tools:~/ops/deployments# export FQDN=<FQDN>Replace
<FQDN>with your selected subdomain. For example:root@rok-tools:~/ops/deployments# export FQDN=arrikto-cluster.apps.example.comObtain the ID of your DNS zone:
root@rok-tools:~/ops/deployments# source deploy/env.eks-alb-zoneroot@rok-tools:~/ops/deployments# export EKS_ALB_ZONE_IDWe do not support deploying ExternalDNS on Azure.
root@rok-tools:~# export ZONE_NAME=$(gcloud dns managed-zones list \ > --filter dnsName=${DOMAIN?}. \ > | awk 'NR > 1 {print $1}')Scale down ExternalDNS:
root@rok-tools:~/ops/deployments# kubectl scale deploy external-dns --replicas=0 deployment.apps/external-dns scaledEnsure ExternalDNS scaled down to zero. Verify that field READY is 0/0:
root@rok-tools:~/ops/deployments# kubectl get deploy external-dns NAME READY UP-TO-DATE AVAILABLE AGE external-dns 0/0 0 0 1mRetrieve the DNS records that ExternalDNS has created and ensure that there are only two records for your subdomain: one A record and one TXT record:
root@rok-tools:~/ops/deployments# aws route53 list-resource-record-sets \ > --hosted-zone-id ${EKS_ALB_ZONE_ID?} \ > --query "ResourceRecordSets[?Name =='${EKS_ALB_ACM_SUBDOMAIN?}.']" \ > --output text arrikto-cluster.apps.example.com. A ALIASTARGET k8s-ingressn-ingressn-63143d1fd5-1897405364.eu-central-1.elb.amazonaws.com. True Z215JYRZR1TBD5 arrikto-cluster.apps.example.com. 300 TXT RESOURCERECORDS "heritage=external-dns,external-dns/owner=my-hostedzone-identifier,external-dns/resource=ingress/istio-system/istio-ingress"We do not support deploying ExternalDNS on Azure.
root@rok-tools:~/ops/deployments# gcloud dns record-sets list \ > --zone=${ZONE_NAME?} \ > --name=${FQDN?}. NAME TYPE TTL DATA arrikto-cluster.apps.arrikto.com. A 300 35.205.198.62 arrikto-cluster.apps.arrikto.com. TXT 300 "heritage=external-dns,external-dns/owner=my-hostedzone-identifier,external-dns/resource=ingress/istio-system/istio-ingress"Delete the DNS records that ExternalDNS has created:
Store the record sets to environment variables:
root@rok-tools:~/ops/deployments# export ALIAS_RESOURCE_RECORD_SET=\ > $(aws route53 list-resource-record-sets \ > --hosted-zone-id ${EKS_ALB_ZONE_ID?} \ > --query "ResourceRecordSets[?Name =='${EKS_ALB_ACM_SUBDOMAIN?}.' && Type == 'A'] \ > | [0]")root@rok-tools:~/ops/deployments# export TXT_RESOURCE_RECORD_SET=\ > $(aws route53 list-resource-record-sets \ > --hosted-zone-id ${EKS_ALB_ZONE_ID?} \ > --query "ResourceRecordSets[?Name =='${EKS_ALB_ACM_SUBDOMAIN?}.' && Type == 'TXT'] \ > | [0]")Create the configuration file for deleting the DNS records:
root@rok-tools:~/ops/deployments# j2 rok/eks/edns-delete-records.json.j2 \ > -o /tmp/edns-delete-records.jsonDelete the DNS records:
root@rok-tools:~/ops/deployments# aws route53 change-resource-record-sets \ > --hosted-zone-id ${EKS_ALB_ZONE_ID?} \ > --change-batch file:///tmp/edns-delete-records.json { "ChangeInfo": { "Id": "/change/C0551258C0ZEY43C3WI6", "Status": "PENDING", "SubmittedAt": "2021-07-08T08:06:02.070000+00:00" } }Delete the DNS temporary configuration file:
root@rok-tools:~/ops/deployments# rm /tmp/edns-delete-records.json
We do not support deploying ExternalDNS on Azure.
Delete the A DNS record:
root@rok-tools:~/ops/deployments# gcloud dns record-sets delete ${FQDN?}. \ > --zone=${ZONE_NAME?} \ > --type=A Deleted [https://dns.googleapis.com/dns/v1/projects/arrikto-playground/managedZones/arrikto-apps/rrsets/arrikto-cluster.apps.arrikto.com./A].Delete the TXT DNS record:
root@rok-tools:~/ops/deployments# gcloud dns record-sets delete ${FQDN?}. \ > --zone=${ZONE_NAME?} \ > --type=TXT Deleted [https://dns.googleapis.com/dns/v1/projects/arrikto-playground/managedZones/arrikto-apps/rrsets/arrikto-cluster.apps.arrikto.com./TXT].
Wait until the DNS records get deleted:
root@rok-tools:~/ops/deployments# watch "aws route53 list-resource-record-sets \ > --hosted-zone-id ${EKS_ALB_ZONE_ID?} \ > --query \"ResourceRecordSets[?Name =='${EKS_ALB_ACM_SUBDOMAIN?}.']\" \ > --output text" arrikto-cluster.apps.example.com. A ALIASTARGET k8s-ingressn-ingressn-63143d1fd5-1897405364.eu-central-1.elb.amazonaws.com. True Z215JYRZR1TBD5 arrikto-cluster.apps.example.com. 300 TXT RESOURCERECORDS "heritage=external-dns,external-dns/owner=my-hostedzone-identifier,external-dns/resource=ingress/istio-system/istio-ingress"Note
The output of this command will change until all records are deleted. Press
Ctrl+Cto exit when the output is empty.We do not support deploying ExternalDNS on Azure.
root@rok-tools:~/ops/deployments# watch gcloud dns record-sets list \ > --zone=${ZONE_NAME?} \ > --name=${FQDN?}. NAME TYPE TTL DATA arrikto-cluster.apps.arrikto.com. A 300 35.205.198.62 arrikto-cluster.apps.arrikto.com. TXT 300 "heritage=external-dns,external-dns/owner=my-hostedzone-identifier,external-dns/resource=ingress/istio-system/istio-ingress"Note
The output of this command will change until all records are deleted. Press
Ctrl+Cto exit when you see the Listed 0 items message.Edit the manifests to specify your cluster name as the owner identifier for the managed DNS records:
Retrieve your cluster name:
root@rok-tools:~/ops/deployments# source <(cat deploy/{env.envvars-aws,\ > env.eks-cluster})root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION EKS_CLUSTERDefine the owner ID for ExternalDNS:
root@rok-tools:~/ops/deployments# export EKS_ALB_EDNS_OWNER=rok-\ > ${AWS_DEFAULT_REGION?}-${EKS_CLUSTER?}Render the ExternalDNS deployment patch template to set
--txt-owner-idto the owner ID:root@rok-tools:~/ops/deployments# j2 \ > rok/external-dns/overlays/deploy/patches/deploy.yaml.j2 \ > -o rok/external-dns/overlays/deploy/patches/deploy.yaml
We do not support deploying ExternalDNS on Azure.
Specify your zone:
root@rok-tools:~/ops/deployments# export ZONE=<MY_ZONE>Replace
<MY_ZONE>with your selected zone. For example:root@rok-tools:~/ops/deployments# export ZONE=us-east1-bSpecify your cluster name:
root@rok-tools:~/ops/deployments# export GKE_CLUSTER=<MY_CLUSTER>Replace
<MY_CLUSTER>with your selected cluster name. For example:root@rok-tools:~/ops/deployments# export GKE_CLUSTER=arrikto-clusterDefine the owner ID for ExternalDNS:
root@rok-tools:~/ops/deployments# export EDNS_OWNER=rok-${ZONE?}-${GKE_CLUSTER?}Retrieve the owner ID for ExternalDNS you defined in the previous step. Copy the output to your clipboard, as you are going to use this value in the next step:
root@rok-tools:~/ops/deployments# echo ${EDNS_OWNER?} rok-us-east1-b-arrikto-clusterEdit the
rok/external-dns/overlays/deploy/patches/deploy-gcp.yamland set--txt-owner-idto the owner ID.... - --txt-owner-id=rok-us-east1-b-arrikto-cluster # <-- Update this line with your EDNS_OWNER
Edit the manifests to enable full synchronization for the DNS records:
Skip to the next step.
We do not support deploying ExternalDNS on Azure.
Edit the
rok/external-dns/overlays/deploy/patches/deploy-gcp.yamland set--policytosync.... - --policy=sync # <-- Set this option to syncCommit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Configure owner ID in ExternalDNS"Apply the new manifests for ExternalDNS:
root@rok-tools:~/ops/deployments# rok-deploy --apply \ > rok/external-dns/overlays/deployScale ExternalDNS back up:
root@rok-tools:~/ops/deployments# kubectl scale deploy external-dns --replicas=1 deployment.apps/external-dns scaled
Verify¶
Go to your GitOps repository, inside your
rok-toolsmanagement environment:root@rok-tools:~# cd ~/ops/deploymentsVerify that the ExternalDNS is up-and-running. Check that field READY is 1/1 for the corresponding resources:
root@rok-tools:~/ops/deployments# kubectl get deploy external-dns NAME READY UP-TO-DATE AVAILABLE AGE external-dns 1/1 1 1 1mSpecify the selected DNS name suffix (domain) for your DNS zone:
root@rok-tools:~/ops/deployments# source deploy/env.eks-alb-zoneroot@rok-tools:~/ops/deployments# export EKS_ALB_ZONE_DOMAINWe do not support deploying ExternalDNS on Azure.
root@rok-tools:~/ops/deployments# export DOMAIN=<DOMAIN>Replace
<DOMAIN>with your selected domain. For example:root@rok-tools:~/ops/deployments# export DOMAIN=apps.example.comSee also
See the Expose EKF guide for more info about your selected domain and subdomain.
Specify the selected subdomain (FQDN) of your Load Balancer:
root@rok-tools:~/ops/deployments# source deploy/env.eks-alb-acmroot@rok-tools:~/ops/deployments# export EKS_ALB_ACM_SUBDOMAINWe do not support deploying ExternalDNS on Azure.
root@rok-tools:~/ops/deployments# export FQDN=<FQDN>Replace
<FQDN>with your selected subdomain. For example:root@rok-tools:~/ops/deployments# export FQDN=arrikto-cluster.apps.example.comObtain the ID of your DNS zone:
root@rok-tools:~/ops/deployments# source deploy/env.eks-alb-zoneroot@rok-tools:~/ops/deployments# export EKS_ALB_ZONE_IDWe do not support deploying ExternalDNS on Azure.
root@rok-tools:~# export ZONE_NAME=$(gcloud dns managed-zones list \ > --filter dnsName=${DOMAIN?}. \ > | awk 'NR > 1 {print $1}')Verify that ExternalDNS created 2 new DNS records for your subdomain. Verify that the TXT record contains your cluster name in the
ownerfield:root@rok-tools:~/ops/deployments# aws route53 list-resource-record-sets \ > --hosted-zone-id ${EKS_ALB_ZONE_ID?} \ > --query "ResourceRecordSets[?Name =='${EKS_ALB_ACM_SUBDOMAIN?}.']" \ > --output text arrikto-cluster.apps.example.com. A ALIASTARGET k8s-ingressn-ingressn-63143d1fd5-1897405364.eu-central-1.elb.amazonaws.com. True Z215JYRZR1TBD5 arrikto-cluster.apps.example.com. 300 TXT RESOURCERECORDS "heritage=external-dns,external-dns/owner=rok-us-west-2-arrikto-cluster,external-dns/resource=ingress/istio-system/istio-ingress"We do not support deploying ExternalDNS on Azure.
root@rok-tools:~/ops/deployments# gcloud dns record-sets list \ > --zone=${ZONE_NAME?} \ > --name=${FQDN?}. NAME TYPE TTL DATA arrikto-cluster.apps.arrikto.com. A 300 35.205.198.62 arrikto-cluster.apps.arrikto.com. TXT 300 "heritage=external-dns,external-dns/owner=rok-us-east1-b-arrikto-cluster,external-dns/resource=ingress/istio-system/istio-ingress"
Summary¶
You have successfully upgraded ExternalDNS.