ExternalDNS for Managed Kubernetes
ExternalDNS Overview
ExternalDNS is a Kubernetes add-on that automates the management of public DNS records for Kubernetes resources, such as services and ingresses exposed outside the cluster. Unlike Kubernetes' internal DNS management, which is limited to internal cluster communication, ExternalDNS extends this functionality by delegating DNS record management to external DNS providers, such as IONOS Cloud DNS.
The ExternalDNS solution offers the following capabilities:
Empowers developers to manage DNS resources traditionally, which are handled manually by infrastructure teams.
Ensures that DNS records are synchronized with the current state of the Kubernetes cluster.
Automates the management of many DNS records, reducing manual effort.
Simplifies DNS management while improving security.
By integrating ExternalDNS with the IONOS webhook, you can manage your IONOS domains directly within your Kubernetes cluster. This integration requires an IONOS API key or token from the account managing your domains. The following tutorial provides detailed technical instructions for deploying ExternalDNS with the IONOS webhook using the Helm chart.
Deploy ExternalDNS on Managed Kubernetes
Follow these steps to set up ExternalDNS for your Managed Kubernetes with IONOS DNS Provider Cloud DNS:
Prepare domain name: You must first Create a Primary Zone for your domain name with Cloud DNS and then Connect Domain Name to Cloud DNS.
Add Helm chart: Add the external-dns Helm repository, which contains the official
external-dns
Helm chart.
helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
Create a secret with: Create a Kubernetes secret to store your IONOS Cloud API token using the following command:
kubectl create secret generic ionos-credentials --from-literal=api-key='<IONOS Cloud Token>'
Create configuration: Create a Helm values file for the ExternalDNS Helm chart that includes the webhook configuration. In this example, the values file is called
external-dns-ionos-values.yaml
.
---
# -- ExternalDNS Log level.
logLevel: debug # reduce in production
# -- if true, ExternalDNS will run in a namespaced scope (Role and Rolebinding will be namespaced too).
namespaced: false
triggerLoopOnEvent: true # if true, ExternalDNS will trigger a loop on every event (create/update/delete) on the resources it watches.
# -- Kubernetes resources to monitor for DNS entries.
sources:
- ingress
- service
provider:
name: webhook
webhook:
image:
repository: ghcr.io/ionos-cloud/external-dns-ionos-webhook
tag: latest
pullPolicy: IfNotPresent
env:
- name: LOG_LEVEL
value: debug
- name: IONOS_API_KEY
valueFrom:
secretKeyRef:
name: ionos-credentials
key: api-key
# The webhook server listens on localhost by default. Otherwise, you can set SERVER_HOST.
- name: SERVER_PORT
value: "8888" # default and recommended port for exposing webhook provider EPs
# The exposed server listens on all interfaces (0.0.0.0) by default. Otherwise, you can set METRICS_HOST.
- name: METRICS_PORT
value: "8080" # default and recommended port for exposing metrics and health EPs
- name: IONOS_DEBUG
value: "false" # change to "true" if you want see details of the http requests
- name: DRY_RUN
value: "false" # set to "false" when you want to allow making changes to your DNS resources
Install ExternalDNS: To install ExternalDNS with the helm chart, use the following commad:
helm upgrade external-dns-ionos external-dns/external-dns -f external-dns-ionos-values.yaml --install
Create application manifest: Execute the following command to create an echo server application manifest in the
echoserver_app.yaml
file.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: echoserver
namespace: echoserver
spec:
replicas: 1
selector:
matchLabels:
app: echoserver
template:
metadata:
labels:
app: echoserver
spec:
containers:
- image: ealen/echo-server:latest
imagePullPolicy: IfNotPresent
name: echoserver
ports:
- containerPort: 80
env:
- name: PORT
value: "80"
Create echoserver namespace: Issue the following command to create a
echoserver
namespace:
kubectl create namespace echoserver
Apply echo server application manifest: Execute the following command to apply the
Deployment
resource to your Kubernetes cluster:
kubectl apply -f echoserver_app.yaml
You can check the pods of echoserver
deployment by running the following command:
kubectl get pods -n echoserver -l app=echoserver
Create service for echo server application: Use the following content to create a
Service
manifest in theechoserver-svc.yaml
file:
---
apiVersion: v1
kind: Service
metadata:
name: echoserver
namespace: echoserver
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: ClusterIP
selector:
app: echoserver
Apply service resource: Apply the
Service
resource to your Kubernetes cluster by running the following command:
kubectl apply -f echoserver-svc.yaml
Install NGINX Ingress Controller: Execute the following commands to install the NGINX ingress controller in your cluster:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace
Create Ingress resource: Using the following content, create a
Ingress
manifest in theechoserver-ingress.yaml
file:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: echoserver
namespace: echoserver
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: app.example1.com #This is your subdomain / record name
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: echoserver
port:
number: 80
Apply Ingress resource: Apply the
Ingress
resource to your Kubernetes cluster by running the following command:
kubectl apply -f echoserver-ingress.yaml
Result: The deployment of ExternalDNS on Managed Kubernetes is complete.
Verify Deployment
You can verify that the application deployed is functioning as expected using one of the following options:
Access Application
Check that the echo server app runs on the subdomain you have specified by using the following command:
curl -I app.example1.com/?echo_code=404-300
Result:
HTTP/1.1 404 Not Found
HTTP/1.1 300 Multiple Choices
Check DNS Records
Check that the new A and TXT records are created by using the following command:
curl --location --request GET 'https://dns.de-fra.ionos.com/records?filter.name=app' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiI4MmE5' \
--data ''
Last updated
Was this helpful?