ExternalDNS for Managed Kubernetes

ExternalDNS Overview

ExternalDNS is an open-source tool that automates the management of public DNS records for Kubernetes resources such as services and ingresses, that are publicly exposed outside the cluster.

The ExternalDNS solution offers the following capabilities:

Control to developers to manage DNS resources that are usually managed manually by third teams. Example: Infrastructure team.
Ensures that the DNS records are always up-to-date with the current state of the Kubernetes cluster.
Manages a large number of records automatedly.
Simplifies the management of DNS records with improved security.

Deployment of ExternalDNS on Managed Kubernetes

Prerequisites: Ensure that you have the following before you begin:

A domain name that is registered with your domain provider aka Registrar or a subdomain under your control.
A token from a user with privileges to manage zones and records with Cloud DNS.
An IONOS Managed Kubernetes cluster.
The kubectl installed on your local machine.
The Helm tool for installing a Helm chart.

Follow these steps to set up ExternalDNS for your Managed Kubernetes with IONOS DNS Provider Cloud DNS:

Prepare domain name: You need to first Create a DNS Zone for your domain name with Cloud DNS and then Connect Domain Name to Cloud DNS.
Add Helm chart: Add the Bitnami Helm repository, which contains the official external-dns Helm chart.

helm repo add bitnami https://charts.bitnami.com/bitnami

Create configuration: Create values file for ExternalDNS Helm chart that includes the plugin configuration. In this example, the values file is called external-dns-ionos-values.yaml.

# OCI image of ExternalDNS that contains the plugin provider feature
image:
  registry: ghcr.io
  repository: ionos-cloud/external-dns-plugin-provider
  tag: latest

# Modify how DNS records are synchronised between sources and providers (default: sync, options: sync, upsert-only, create-only)
policy: sync

# provider needs to be set to plugin
provider: plugin

# url of the provider which the external-dns will target
extraArgs:
  plugin-provider-url: http://localhost:8888

# plugin is deployed as sidecar
sidecars:
  - name: ionos-plugin
    image: ghcr.io/ionos-cloud/external-dns-ionos-plugin:latest
    ports:
      - containerPort: 8888
        name: http
    livenessProbe:
      httpGet:
        path: /health
        port: http
      initialDelaySeconds: 10
      timeoutSeconds: 5
    readinessProbe:
      httpGet:
        path: /health
        port: http
      initialDelaySeconds: 10
      timeoutSeconds: 5
    env:
      # Set port of plugin (value needs to match the container port and plugin provider url port, default value: 8888)
      - name: SERVER_PORT
        value: "8888"
      # Listen on all interfaces for kubernetes probes
      - name: SERVER_HOST
        value: ""
      # Limit possible target zones by a domain suffix (optional)
      - name: DOMAIN_FILTER
        value: "example1.com,example2.com"
      # Exclude subdomains (optional)
      - name: EXCLUDE_DOMAIN_FILTER
        value: "example3.com"
      # Limit possible domains and target zones by a Regex filter. Overrides domain-filter (optional)
      - name: REGEXP_DOMAIN_FILTER
        value: ".*.example4.com"
      # Regex filter that excludes domains and target zones matched by regex-domain-filter (optional)
      - name: REGEXP_DOMAIN_FILTER_EXCLUSION
        value: ".*.example5.com"
      # When enabled, prints DNS record changes rather than actually performing them (default: false)
      - name: DRY_RUN
        value: "true"         
      # Token for DNSaaS rest API authentication (mandatory)  
      - name: IONOS_API_KEY
        value: "21215454"
      - name: LOG_LEVEL
        value: debug
      # When enabled debug logs for the DNSaaS rest API are enabled (default: false)  
      - name: IONOS_DEBUG
        value: "true"

Install ExternalDNS: To install ExternalDNS with Bitnami Helm chart, use the following commad:

helm install external-dns-ionos bitnami/external-dns -f external-dns-ionos-values.yaml

Deploy application: Follow this step to deploy an application:

Deploy an echo server application by using the file echoserver_app.yaml.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver
  namespace: echoserver
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echoserver
  template:
    metadata:
      labels:
        app: echoserver
    spec:
      containers:
      - image: ealen/echo-server:latest
        imagePullPolicy: IfNotPresent
        name: echoserver
        ports:
        - containerPort: 80
        env:
        - name: PORT
          value: "80"
---
apiVersion: v1
kind: Service
metadata:
  name: echoserver
  namespace: echoserver
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
  selector:
    app: echoserver
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echoserver
  namespace: echoserver
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: app.example1.com #This is your subdomain / record name
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: echoserver
            port:
              number: 80

If you want to use a service, you do not need to install an ingress controller. You can install an ingress controller in the cluster and deploy the application with kubectl by using the following command:

kubectl apply -f echoserver_app.yaml

Result: The deployment of ExternalDNS on Managed Kubernetes is complete.

Verify deployment

You can verify that the application deployed is functioning as expected by using one of the following options.

Access application

Check that the echo server app runs on the subdomain you have specified by using the following command:

curl -I app.example1.com/?echo_code=404-300

Expected result:

HTTP/1.1 404 Not Found 
HTTP/1.1 300 Multiple Choices

Check DNS records

Check that the new A and TXT records are created by using the following command:

curl --location --request GET 'https://dns.de-fra.ionos.com/records?filter.name=app' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiI4MmE5' \
--data ''

PreviousTutorials NextSet Up a Secondary Zone

Last updated 1 year ago