ExternalDNS for Managed Kubernetes

ExternalDNS Overview

ExternalDNS is a Kubernetes add-on that automates the management of public DNS records for Kubernetes resources, such as services and ingresses exposed outside the cluster. Unlike Kubernetes' internal DNS management, which is limited to internal cluster communication, ExternalDNS extends this functionality by delegating DNS record management to external DNS providers, such as IONOS Cloud DNS.

The ExternalDNS solution offers the following capabilities:

  • Empowers developers to manage DNS resources traditionally, which are handled manually by infrastructure teams.

  • Ensures that DNS records are synchronized with the current state of the Kubernetes cluster.

  • Automates the management of many DNS records, reducing manual effort.

  • Simplifies DNS management while improving security.

By integrating ExternalDNS with the IONOS webhook, you can manage your IONOS domains directly within your Kubernetes cluster. This integration requires an IONOS API key or token from the account managing your domains. The following tutorial provides detailed technical instructions for deploying ExternalDNS with the IONOS webhook using the Helm chart.

Deploy ExternalDNS on Managed Kubernetes

Prerequisites: Ensure that you have the following before you begin:

  • A domain name registered with your domain provider, domain registrar, or a subdomain under your control.

  • A token from a user with privileges to manage zones and records with Cloud DNS.

  • An IONOS Managed Kubernetes cluster.

  • The kubectl installed on your local machine.

  • The Helm tool for installing a Helm chart.

Follow these steps to set up ExternalDNS for your Managed Kubernetes with IONOS DNS Provider Cloud DNS:

  1. Prepare domain name: You must first Create a DNS Zone for your domain name with Cloud DNS and then Connect Domain Name to Cloud DNS.

  2. Add Helm chart: Add the external-dns Helm repository, which contains the official external-dns Helm chart.

helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
  1. Create a secret with: Create a Kubernetes secret to store your IONOS Cloud API token using the following command:

kubectl create secret generic ionos-credentials --from-literal=api-key='<IONOS Cloud Token>'

Note: Replace the IONOS Cloud Token with your actual IONOS Cloud token. For more information on managing authentication tokens, see Token Manager. Remember to refresh the token for automatic certificate renewal.

  1. Create configuration: Create a Helm values file for the ExternalDNS Helm chart that includes the webhook configuration. In this example, the values file is called external-dns-ionos-values.yaml.

---
# -- ExternalDNS Log level.
logLevel: debug # reduce in production

# -- if true, ExternalDNS will run in a namespaced scope (Role and Rolebinding will be namespaced too).
namespaced: false
triggerLoopOnEvent: true # if true, ExternalDNS will trigger a loop on every event (create/update/delete) on the resources it watches.
# -- Kubernetes resources to monitor for DNS entries.
sources:
  - ingress
  - service

provider:
  name: webhook
  webhook:
    image:
      repository: ghcr.io/ionos-cloud/external-dns-ionos-webhook
      tag: latest
      pullPolicy: IfNotPresent
    env:
    - name: LOG_LEVEL
      value: debug
    - name: IONOS_API_KEY
      valueFrom:
        secretKeyRef:
          name: ionos-credentials
          key: api-key
    # The webhook server listens on localhost by default. Otherwise, you can set SERVER_HOST.
    - name: SERVER_PORT
      value: "8888" # default and recommended port for exposing webhook provider EPs
    # The exposed server listens on all interfaces (0.0.0.0) by default. Otherwise, you can set METRICS_HOST.
    - name: METRICS_PORT
      value: "8080" # default and recommended port for exposing metrics and health EPs
    - name: IONOS_DEBUG
      value: "false" # change to "true" if you want see details of the http requests
    - name: DRY_RUN
      value: "false" # set to "false" when you want to allow making changes to your DNS resources
  1. Install ExternalDNS: To install ExternalDNS with the helm chart, use the following commad:

helm upgrade external-dns-ionos external-dns/external-dns -f external-dns-ionos-values.yaml --install
  1. Create application manifest: Execute the following command to create an echo server application manifest in the echoserver_app.yaml file.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver
  namespace: echoserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echoserver
  template:
    metadata:
      labels:
        app: echoserver
    spec:
      containers:
      - image: ealen/echo-server:latest
        imagePullPolicy: IfNotPresent
        name: echoserver
        ports:
        - containerPort: 80
        env:
        - name: PORT
          value: "80"
  1. Create echoserver namespace: Issue the following command to create a echoserver namespace:

kubectl create namespace echoserver
  1. Apply echo server application manifest: Execute the following command to apply the Deployment resource to your Kubernetes cluster:

kubectl apply -f echoserver_app.yaml

You can check the pods of echoserver deployment by running the following command:

kubectl get pods -n echoserver -l app=echoserver
  1. Create service for echo server application: Use the following content to create a Service manifest in the echoserver-svc.yaml file:

---
apiVersion: v1
kind: Service
metadata:
  name: echoserver
  namespace: echoserver
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
  selector:
    app: echoserver
  1. Apply service resource: Apply the Service resource to your Kubernetes cluster by running the following command:

kubectl apply -f echoserver-svc.yaml
  1. Install NGINX Ingress Controller: Execute the following commands to install the NGINX ingress controller in your cluster:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace
  1. Create Ingress resource: Using the following content, create a Ingress manifest in the echoserver-ingress.yaml file:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echoserver
  namespace: echoserver
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: app.example1.com #This is your subdomain / record name
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: echoserver
            port:
              number: 80

Note: The host field in the ingress resource must be defined according to the DNS zone you have configured in IONOS Cloud DNS. For example, if your DNS zone is example1.com, you can use a subdomain like app.example1.com.

  1. Apply Ingress resource: Apply the Ingress resource to your Kubernetes cluster by running the following command:

kubectl apply -f echoserver-ingress.yaml

Verify Deployment

You can verify that the application deployed is functioning as expected using one of the following options:

Access Application

Check that the echo server app runs on the subdomain you have specified by using the following command:

curl -I app.example1.com/?echo_code=404-300

Check DNS Records

Check that the new A and TXT records are created by using the following command:

curl --location --request GET 'https://dns.de-fra.ionos.com/records?filter.name=app' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiI4MmE5' \
--data ''

Last updated

Was this helpful?